Sign-up

ID

VAR-201403-0317


CVE

CVE-2014-2256


TITLE

Siemens SIMATIC S7-1200 CPU PLC Service disruption on devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001770

DESCRIPTION

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257. The SIMATIC S7-1200 is a programmable controller for simple but highly precise automation tasks. Siemens SIMATIC S7-1200 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1200 4.0 are vulnerable. Siemens SIMATIC S7-1200 CPU PLC is a programmable logic controller (PLC) used in small and medium-sized automation systems developed by Siemens in Germany

Trust: 2.88

sources: NVD: CVE-2014-2256 // JVNDB: JVNDB-2014-001770 // CNVD: CNVD-2014-01913 // BID: 66353 // IVD: 21454268-2352-11e6-abef-000c29c66e3d // IVD: c0948924-1ee2-11e6-abef-000c29c66e3d // VULHUB: VHN-70195

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 21454268-2352-11e6-abef-000c29c66e3d // IVD: c0948924-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01913

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7 cpu 1200scope:eqversion:3.0

Trust: 1.6

vendor:siemensmodel:simatic s7-1200scope:eqversion:3.x

Trust: 1.0

vendor:siemensmodel:simatic s7 cpu 1200scope:lteversion:3.0.2

Trust: 1.0

vendor:siemensmodel:simatic s7 cpu 1215cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7 cpu 1217cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7 cpu 1212cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7 cpu-1211cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7 cpu 1214cscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1215cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu 1217cscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpuscope:ltversion:4.0

Trust: 0.8

vendor:siemensmodel:simatic s7 cpu 1200scope:eqversion:3.0.2

Trust: 0.6

sources: IVD: 21454268-2352-11e6-abef-000c29c66e3d // IVD: c0948924-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01913 // JVNDB: JVNDB-2014-001770 // CNNVD: CNNVD-201403-416 // NVD: CVE-2014-2256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2256
value: HIGH

Trust: 1.0

NVD: CVE-2014-2256
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01913
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201403-416
value: HIGH

Trust: 0.6

IVD: 21454268-2352-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: c0948924-1ee2-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-70195
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2256
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01913
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 21454268-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: c0948924-1ee2-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-70195
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 21454268-2352-11e6-abef-000c29c66e3d // IVD: c0948924-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01913 // VULHUB: VHN-70195 // JVNDB: JVNDB-2014-001770 // CNNVD: CNNVD-201403-416 // NVD: CVE-2014-2256

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-70195 // JVNDB: JVNDB-2014-001770 // NVD: CVE-2014-2256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-416

TYPE

Resource management error

Trust: 1.0

sources: IVD: 21454268-2352-11e6-abef-000c29c66e3d // IVD: c0948924-1ee2-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201403-416

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001770

PATCH
title:SSA-654382url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf
Trust: 0.8
title:Patch for Siemens SIMATIC S7-1200 Denial of Service Vulnerability (CNVD-2014-01913)url:https://www.cnvd.org.cn/patchInfo/show/72677
Trust: 0.6
title:Siemens SIMATIC S7-1200 CPU PLC Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109075
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01913 // 
            
            
            
            JVNDB: JVNDB-2014-001770 // 
            
            
            
            CNNVD: CNNVD-201403-416

EXTERNAL IDS
db:NVDid:CVE-2014-2256
Trust: 3.8
db:ICS CERTid:ICSA-14-079-02
Trust: 2.5
db:SIEMENSid:SSA-654382
Trust: 1.7
db:CNNVDid:CNNVD-201403-416
Trust: 1.1
db:CNVDid:CNVD-2014-01913
Trust: 1.0
db:JVNDBid:JVNDB-2014-001770
Trust: 0.8
db:SECUNIAid:57441
Trust: 0.6
db:BIDid:66353
Trust: 0.4
db:IVDid:21454268-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:C0948924-1EE2-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-70195
Trust: 0.1
sources:
            
            
            IVD: 21454268-2352-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: c0948924-1ee2-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-01913 // 
            
            
            
            VULHUB: VHN-70195 // 
            
            
            
            BID: 66353 // 
            
            
            
            JVNDB: JVNDB-2014-001770 // 
            
            
            
            CNNVD: CNNVD-201403-416 // 
            
            
            
            NVD: CVE-2014-2256

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-079-02
Trust: 2.5
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2256
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2256
Trust: 0.8
url:http://secunia.com/advisories/57441/
Trust: 0.6
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-01913 // 
            
            
            
            VULHUB: VHN-70195 // 
            
            
            
            BID: 66353 // 
            
            
            
            JVNDB: JVNDB-2014-001770 // 
            
            
            
            CNNVD: CNNVD-201403-416 // 
            
            
            
            NVD: CVE-2014-2256

CREDITS
Sascha Zinke from the FU Berlin??s work team SCADACS
Trust: 0.3
sources:
            
            
            BID: 66353

SOURCES
db:IVDid:21454268-2352-11e6-abef-000c29c66e3d
db:IVDid:c0948924-1ee2-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-01913
db:VULHUBid:VHN-70195
db:BIDid:66353
db:JVNDBid:JVNDB-2014-001770
db:CNNVDid:CNNVD-201403-416
db:NVDid:CVE-2014-2256

LAST UPDATE DATE
2025-04-13T23:14:53.025000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-01913date:2016-03-15T00:00:00
db:VULHUBid:VHN-70195date:2020-02-10T00:00:00
db:BIDid:66353date:2014-04-02T01:06:00
db:JVNDBid:JVNDB-2014-001770date:2014-03-25T00:00:00
db:CNNVDid:CNNVD-201403-416date:2020-02-11T00:00:00
db:NVDid:CVE-2014-2256date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:21454268-2352-11e6-abef-000c29c66e3ddate:2014-03-24T00:00:00
db:IVDid:c0948924-1ee2-11e6-abef-000c29c66e3ddate:2014-03-24T00:00:00
db:CNVDid:CNVD-2014-01913date:2014-03-24T00:00:00
db:VULHUBid:VHN-70195date:2014-03-24T00:00:00
db:BIDid:66353date:2014-03-20T00:00:00
db:JVNDBid:JVNDB-2014-001770date:2014-03-25T00:00:00
db:CNNVDid:CNNVD-201403-416date:2014-03-25T00:00:00
db:NVDid:CVE-2014-2256date:2014-03-24T14:20:39.590