Sign-up

ID

VAR-201108-0300


TITLE

Siemens S7-300 Hardcoded Credential Vulnerability

Trust: 0.2

sources: IVD: 9f42379c-8897-11e7-a432-000c2975a0fc

DESCRIPTION

Siemens SIMATIC S7 series PLC Used in various industrial fields, including energy, water conservancy, oil, natural gas, chemical, building automation, and manufacturing. Attackers can use PLC Credentials to implement a command shell, the shell in some older versions of firmware S7-300 PLC Ability to access internal diagnostic functions. These ones PLC Including following integration 2009 year 10 Months ago Profinet Interface S7-300 PLC with IM15x Profinet PLC .

Trust: 0.2

sources: IVD: 9f42379c-8897-11e7-a432-000c2975a0fc

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 9f42379c-8897-11e7-a432-000c2975a0fc

AFFECTED PRODUCTS

vendor:siemensmodel: - scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 im151-8 pn/dp cpu;scope:eqversion:*

Trust: 0.2

vendor:siemensmodel:simatic s7-300 m154-8 pn/dp cpu;scope:eqversion:*

Trust: 0.2

vendor:siemensmodel:simatic s7-300 cpu317 -2pn/dp;scope:eqversion:*

Trust: 0.2

vendor:siemensmodel:simatic s7-300 cpu315 -2pn/dp;scope:eqversion:*

Trust: 0.2

vendor:siemensmodel:simatic s7-300 cpu319 -3pn/dp;scope:eqversion:*

Trust: 0.2

sources: IVD: 9f42379c-8897-11e7-a432-000c2975a0fc

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 9f42379c-8897-11e7-a432-000c2975a0fc
value: CRITICAL

Trust: 0.2

IVD: 9f42379c-8897-11e7-a432-000c2975a0fc
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.3 [IVD]

Trust: 0.2

sources: IVD: 9f42379c-8897-11e7-a432-000c2975a0fc

TYPE

Permission permission and access control

Trust: 0.2

sources: IVD: 9f42379c-8897-11e7-a432-000c2975a0fc

EXTERNAL IDS

db:IVDid:9F42379C-8897-11E7-A432-000C2975A0FC

Trust: 0.2

sources: IVD: 9f42379c-8897-11e7-a432-000c2975a0fc

SOURCES

db:IVDid:9f42379c-8897-11e7-a432-000c2975a0fc

LAST UPDATE DATE

2022-05-04T10:20:09.062000+00:00


SOURCES UPDATE DATE


SOURCES RELEASE DATE

db:IVDid:9f42379c-8897-11e7-a432-000c2975a0fcdate:2011-08-03T00:00:00