CVE-2018-13815

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/105928	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-12-13 16:29

Updated : 2019-10-09 23:34

NVD link : CVE-2018-13815

Mitre link : CVE-2018-13815

CVE.ORG link : CVE-2018-13815

JSON object : View

Products Affected

siemens

simatic_s7-1500
simatic_s7-1200_firmware
simatic_s7-1200
simatic_s7-1500_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-410

Insufficient Resource Pool

{"id": "CVE-2018-13815", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-12-13T16:29:00.383", "references": [{"url": "http://www.securityfocus.com/bid/105928", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-410"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC S7-1200 (todas las versiones) y SIMATIC S7-1500 (todas las versiones anteriores a la V2.6). Un atacante podr\u00eda agotar el grupo de conexiones disponibles de un dispositivo afectado abriendo un n\u00famero suficiente de conexiones al dispositivo. Su explotaci\u00f3n con \u00e9xito requiere que un atacante sea capaz de enviar paquetes al puerto 102/tcp del dispositivo afectado. No se requiere interacci\u00f3n o privilegios del usuario para explotar esta vulnerabilidad. Si se explota esta vulnerabilidad, se podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) que impacta sobre la disponibilidad del sistema. En el momento de la publicaci\u00f3n del aviso, no se conoce ninguna explotaci\u00f3n p\u00fablica de la vulnerabilidad."}], "lastModified": "2019-10-09T23:34:34.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-1200_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5187EF42-3E86-4C73-A435-E5D5710B6999"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC545350-FD53-4B2E-886F-E20F12260C9B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F81F41D-480F-4443-927E-00607DD40BF5", "versionEndExcluding": "2.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30DDEA9B-E1BF-4572-8E12-D13C54603E77"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2018-13815

7.5^/10

5.0^/10

Attach tags to `CVE-2018-13815`