ID
TITLE
Siemens 300/400 series PLC Remote control vulnerability
sources:
IVD: d736e467-e11a-43b6-ac1d-b6dd8ee7c78d //
IVD: e2e48a0f-39ab-11e9-b679-000c29342cb1 //
CNVD: CNVD-2017-26804
DESCRIPTION
The programmable controller (PLC) is developed on the basis of relay control and computer control, and gradually developed into a new microprocessor-based, integrated computer technology, automatic control technology and communication technology. Industrial automatic control device. Medium-sized PLC S7-300 and large-scale PLC The S7-400 is a Siemens product that can be used to form MPI, PROFIBUS and Industrial Ethernet. There is a remote control vulnerability in the Siemens 300/400 series PLC. The attacker can use the Siemens PLC to perform TCP communication through port 102. This script can remotely control the start and stop of the PLC by sending a specific message to port 102 of the PLC. The SiemensS7300/400PLC is a modular universal controller for the manufacturing industry from Siemens. The SiemensS7300/400PLC has permission to bypass the shutdown vulnerability. If the recovery requires manual restart of the PLC, no permission problems are encountered during the process
sources:
CNVD: CNVD-2017-26804 //
CNVD: CNVD-2016-05901 //
IVD: d736e467-e11a-43b6-ac1d-b6dd8ee7c78d //
IVD: e2e48a0f-39ab-11e9-b679-000c29342cb1 //
IVD: d7364d14-b977-40e3-a6b0-e5fc7a82ebbf
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | |
| category: | ['ICS', 'Network device'] | sub_category: | - | |
sources:
IVD: d736e467-e11a-43b6-ac1d-b6dd8ee7c78d //
IVD: e2e48a0f-39ab-11e9-b679-000c29342cb1 //
IVD: d7364d14-b977-40e3-a6b0-e5fc7a82ebbf //
CNVD: CNVD-2017-26804 //
CNVD: CNVD-2016-05901
AFFECTED PRODUCTS
| vendor: | siemens | model: | s7-300/400 plc | scope: | - | version: | - | |
| vendor: | siemens | model: | s7-300/400 plc | scope: | eq | version: | * | |
sources:
IVD: d736e467-e11a-43b6-ac1d-b6dd8ee7c78d //
IVD: e2e48a0f-39ab-11e9-b679-000c29342cb1 //
IVD: d7364d14-b977-40e3-a6b0-e5fc7a82ebbf //
CNVD: CNVD-2017-26804 //
CNVD: CNVD-2016-05901
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| CNVD: | CNVD-2017-26804 | |
|
| value: | HIGH | | | CNVD: | CNVD-2016-05901 | |
|
| value: | HIGH | | | IVD: | d736e467-e11a-43b6-ac1d-b6dd8ee7c78d | |
|
| value: | HIGH | | | IVD: | e2e48a0f-39ab-11e9-b679-000c29342cb1 | |
|
| value: | HIGH | | | IVD: | d7364d14-b977-40e3-a6b0-e5fc7a82ebbf | |
|
| value: | HIGH | |
| | CNVD: | CNVD-2017-26804 | |
|
| severity: | HIGH | | baseScore: | 7.5 | | vectorString: | AV:N/AC:L/AU:N/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 10.0 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | CNVD: | CNVD-2016-05901 | |
|
| severity: | HIGH | | baseScore: | 7.8 | | vectorString: | AV:N/AC:L/AU:N/C:N/I:N/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | 10.0 | | impactScore: | 6.9 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | IVD: | d736e467-e11a-43b6-ac1d-b6dd8ee7c78d | |
|
| severity: | HIGH | | baseScore: | 7.5 | | vectorString: | AV:N/AC:L/AU:N/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 10.0 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.9 [IVD] | | | IVD: | e2e48a0f-39ab-11e9-b679-000c29342cb1 | |
|
| severity: | HIGH | | baseScore: | 7.5 | | vectorString: | AV:N/AC:L/AU:N/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 10.0 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.9 [IVD] | | | IVD: | d7364d14-b977-40e3-a6b0-e5fc7a82ebbf | |
|
| severity: | HIGH | | baseScore: | 7.8 | | vectorString: | AV:N/AC:L/AU:N/C:N/I:N/A:C | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | NONE | | integrityImpact: | NONE | | availabilityImpact: | COMPLETE | | exploitabilityScore: | 10.0 | | impactScore: | 6.9 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.9 [IVD] | |
| |
sources:
IVD: d736e467-e11a-43b6-ac1d-b6dd8ee7c78d //
IVD: e2e48a0f-39ab-11e9-b679-000c29342cb1 //
IVD: d7364d14-b977-40e3-a6b0-e5fc7a82ebbf //
CNVD: CNVD-2017-26804 //
CNVD: CNVD-2016-05901
TYPE
sources:
IVD: d736e467-e11a-43b6-ac1d-b6dd8ee7c78d //
IVD: e2e48a0f-39ab-11e9-b679-000c29342cb1
PATCH
| title: | Remote Control Vulnerability in Siemens 300/400 Series PLC | url: | https://www.cnvd.org.cn/patchinfo/show/116371 | |
sources:
CNVD: CNVD-2017-26804
EXTERNAL IDS
| db: | ICS CERT ALERT | id: | ICS-ALERT-11-186-01 | |
| db: | CNVD | id: | CNVD-2017-26804 | |
| db: | CNVD | id: | CNVD-2016-05901 | |
| db: | IVD | id: | D736E467-E11A-43B6-AC1D-B6DD8EE7C78D | |
| db: | IVD | id: | E2E48A0F-39AB-11E9-B679-000C29342CB1 | |
| db: | IVD | id: | D7364D14-B977-40E3-A6B0-E5FC7A82EBBF | |
sources:
IVD: d736e467-e11a-43b6-ac1d-b6dd8ee7c78d //
IVD: e2e48a0f-39ab-11e9-b679-000c29342cb1 //
IVD: d7364d14-b977-40e3-a6b0-e5fc7a82ebbf //
CNVD: CNVD-2017-26804 //
CNVD: CNVD-2016-05901
REFERENCES
| url: | https://ics-cert.us-cert.gov/alerts/ics-alert-11-186-01 | |
| url: | https://support.industry.siemens.com/cs/document/51401544/potential-password-security-weakness-in-simatic-controllers?dti=0&lc=en-ww | |
sources:
CNVD: CNVD-2017-26804 //
CNVD: CNVD-2016-05901
SOURCES
| db: | IVD | id: | d736e467-e11a-43b6-ac1d-b6dd8ee7c78d |
| db: | IVD | id: | e2e48a0f-39ab-11e9-b679-000c29342cb1 |
| db: | IVD | id: | d7364d14-b977-40e3-a6b0-e5fc7a82ebbf |
| db: | CNVD | id: | CNVD-2017-26804 |
| db: | CNVD | id: | CNVD-2016-05901 |
LAST UPDATE DATE
2022-05-17T02:10:35.273000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-26804 | date: | 2018-03-07T00:00:00 |
| db: | CNVD | id: | CNVD-2016-05901 | date: | 2016-08-26T00:00:00 |
SOURCES RELEASE DATE
| db: | IVD | id: | d736e467-e11a-43b6-ac1d-b6dd8ee7c78d | date: | 2017-09-15T00:00:00 |
| db: | IVD | id: | e2e48a0f-39ab-11e9-b679-000c29342cb1 | date: | 2017-09-15T00:00:00 |
| db: | IVD | id: | d7364d14-b977-40e3-a6b0-e5fc7a82ebbf | date: | 2016-08-03T00:00:00 |
| db: | CNVD | id: | CNVD-2017-26804 | date: | 2018-03-08T00:00:00 |
| db: | CNVD | id: | CNVD-2016-05901 | date: | 2016-06-13T00:00:00 |
