| Title | 複数の Siemens 製品における入力確認に関する脆弱性 |
|---|---|
| Summary | 複数の Siemens 製品には、入力確認に関する脆弱性が存在します。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | March 20, 2018, midnight |
| Registration Date | May 24, 2018, 3:50 p.m. |
| Last Update | July 4, 2018, 3:03 p.m. |
| CVSS3.0 : 警告 | |
| Score | 6.5 |
|---|---|
| Vector | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS2.0 : 警告 | |
| Score | 6.1 |
|---|---|
| Vector | AV:A/AC:L/Au:N/C:N/I:N/A:C |
| シーメンス |
| SIMATIC CP 343-1 ファームウェア |
| SIMATIC CP 443-1 ファームウェア |
| SIMATIC S7-1500 ファームウェア |
| SIMATIC S7-300 ファームウェア |
| SIMATIC S7-400 PN/DP V6 ファームウェア |
| SIMATIC S7-400 PN/DP V7 ファームウェア |
| SIMATIC S7-400H V6 ファームウェア |
| SIMATIC S7-410 ファームウェア |
| SIMATIC WinAC RTX 2010 ファームウェア |
| SINUMERIK 828D ファームウェア |
| Softnet PROFINET IO for PC-based Windows systems ファームウェア |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年05月24日] 掲載 | May 24, 2018, 3:11 p.m. |
| 2 | [2018年07月04日] 参考情報:ICS-CERT ADVISORY (ICSA-18-079-02) を追加 |
July 4, 2018, 3:01 p.m. |
| Summary | A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system. |
|---|---|
| Publication Date | March 20, 2018, 11:29 p.m. |
| Registration Date | March 1, 2021, 7:28 p.m. |
| Last Update | Nov. 21, 2024, 1:07 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_cp_343-1_firmware:-:*:*:*:advanced:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:advanced:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_cp_343-1_firmware:-:*:*:*:standard:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:standard:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_cp_443-1_firmware:-:*:*:*:advanced:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:advanced:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_cp_443-1_firmware:-:*:*:*:standard:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:standard:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:* | 1.7.0 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_s7-300_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_s7-400_h_v6_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_s7-400_h_v6:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_v6_firmware:*:*:*:*:*:*:*:* | 6.0.7 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_s7-400_pn\/dp_v6:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_v7_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_s7-400_pn\/dp_v7:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_s7-410_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_s7-410:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:simatic_winac_rtx_2010_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:simatic_winac_rtx_2010:-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:sinumerik_828d_firmware:-:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:softnet_pn-io_linux_firmware:-:*:*:*:*:windows:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:softnet_pn-io_linux:-:*:*:*:*:*:*:* | ||||