Sign-up

ID

VAR-201702-0073


CVE

CVE-2016-8364


TITLE

IBHsoftec S7-SoftPLC CPX43 Heap Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17 // CNVD: CNVD-2016-10616

DESCRIPTION

An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBHsoftec SoftPLC. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of packets by the service listening on TCP port 502. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator. IBHsoftec S7-SoftPLC is a software program for the replacement of hardware PLCs by IBHsoftec, Germany. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 3.33

sources: NVD: CVE-2016-8364 // JVNDB: JVNDB-2016-007776 // ZDI: ZDI-16-604 // CNVD: CNVD-2016-10616 // BID: 94054 // IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17 // VULMON: CVE-2016-8364

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17 // CNVD: CNVD-2016-10616

AFFECTED PRODUCTS

vendor:ibhsoftecmodel:s7-softplcscope:lteversion:4.12

Trust: 1.0

vendor:ibhsoftecmodel:s7-softplcscope:ltversion:4.12b

Trust: 0.8

vendor:ibhsoftecmodel:s7-softplcscope: - version: -

Trust: 0.7

vendor:ibhsoftecmodel:s7-softplc <4.12bscope: - version: -

Trust: 0.6

vendor:ibhsoftecmodel:s7-softplcscope:eqversion:4.12

Trust: 0.6

vendor:ibhsoftecmodel:s7-softplcscope:eqversion:0

Trust: 0.3

vendor:ibhsoftecmodel:s7-softplc 4.12bscope:neversion: -

Trust: 0.3

vendor:s7 softplcmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17 // ZDI: ZDI-16-604 // CNVD: CNVD-2016-10616 // BID: 94054 // JVNDB: JVNDB-2016-007776 // CNNVD: CNNVD-201610-903 // NVD: CVE-2016-8364

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8364
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-8364
value: CRITICAL

Trust: 0.8

ZDI: CVE-2016-8364
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-10616
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201610-903
value: CRITICAL

Trust: 0.6

IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17
value: CRITICAL

Trust: 0.2

VULMON: CVE-2016-8364
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8364
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2016-8364
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2016-10616
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2016-8364
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17 // ZDI: ZDI-16-604 // CNVD: CNVD-2016-10616 // VULMON: CVE-2016-8364 // JVNDB: JVNDB-2016-007776 // CNNVD: CNNVD-201610-903 // NVD: CVE-2016-8364

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2016-007776 // NVD: CVE-2016-8364

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-903

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17 // CNNVD: CNNVD-201610-903

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007776

PATCH
title:Top Pageurl:https://www.ibhsoftec.com/
Trust: 0.8
title:IBHsoftec has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-306-02
Trust: 0.7
title:IBHsoftec S7-SoftPLC CPX43 heap buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/83535
Trust: 0.6
title:IBHsoftec S7-SoftPLC CPX43 Fixes for heap-based buffer overflow vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65222
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-604 // 
            
            
            
            CNVD: CNVD-2016-10616 // 
            
            
            
            JVNDB: JVNDB-2016-007776 // 
            
            
            
            CNNVD: CNNVD-201610-903

EXTERNAL IDS
db:NVDid:CVE-2016-8364
Trust: 4.3
db:ICS CERTid:ICSA-16-306-02
Trust: 3.4
db:BIDid:94054
Trust: 2.0
db:CNVDid:CNVD-2016-10616
Trust: 0.8
db:CNNVDid:CNNVD-201610-903
Trust: 0.8
db:JVNDBid:JVNDB-2016-007776
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3832
Trust: 0.7
db:ZDIid:ZDI-16-604
Trust: 0.7
db:IVDid:6FF3299D-1FD7-4CD2-8254-80ED685ECC17
Trust: 0.2
db:VULMONid:CVE-2016-8364
Trust: 0.1
sources:
            
            
            IVD: 6ff3299d-1fd7-4cd2-8254-80ed685ecc17 // 
            
            
            
            ZDI: ZDI-16-604 // 
            
            
            
            CNVD: CNVD-2016-10616 // 
            
            
            
            VULMON: CVE-2016-8364 // 
            
            
            
            BID: 94054 // 
            
            
            
            JVNDB: JVNDB-2016-007776 // 
            
            
            
            CNNVD: CNNVD-201610-903 // 
            
            
            
            NVD: CVE-2016-8364

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-306-02
Trust: 4.2
url:http://www.securityfocus.com/bid/94054
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8364
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8364
Trust: 0.8
url:https://www.ibhsoftec.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=49557
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-604 // 
            
            
            
            CNVD: CNVD-2016-10616 // 
            
            
            
            VULMON: CVE-2016-8364 // 
            
            
            
            BID: 94054 // 
            
            
            
            JVNDB: JVNDB-2016-007776 // 
            
            
            
            CNNVD: CNNVD-201610-903 // 
            
            
            
            NVD: CVE-2016-8364

CREDITS
Ariele Caltabiano (kimiya)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-604

SOURCES
db:IVDid:6ff3299d-1fd7-4cd2-8254-80ed685ecc17
db:ZDIid:ZDI-16-604
db:CNVDid:CNVD-2016-10616
db:VULMONid:CVE-2016-8364
db:BIDid:94054
db:JVNDBid:JVNDB-2016-007776
db:CNNVDid:CNNVD-201610-903
db:NVDid:CVE-2016-8364

LAST UPDATE DATE
2025-04-20T23:29:45.904000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-604date:2016-11-08T00:00:00
db:CNVDid:CNVD-2016-10616date:2016-11-04T00:00:00
db:VULMONid:CVE-2016-8364date:2017-02-28T00:00:00
db:BIDid:94054date:2016-11-24T01:07:00
db:JVNDBid:JVNDB-2016-007776date:2017-03-16T00:00:00
db:CNNVDid:CNNVD-201610-903date:2016-11-02T00:00:00
db:NVDid:CVE-2016-8364date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:6ff3299d-1fd7-4cd2-8254-80ed685ecc17date:2016-11-04T00:00:00
db:ZDIid:ZDI-16-604date:2016-11-08T00:00:00
db:CNVDid:CNVD-2016-10616date:2016-11-04T00:00:00
db:VULMONid:CVE-2016-8364date:2017-02-13T00:00:00
db:BIDid:94054date:2016-11-01T00:00:00
db:JVNDBid:JVNDB-2016-007776date:2017-03-16T00:00:00
db:CNNVDid:CNNVD-201610-903date:2016-11-02T00:00:00
db:NVDid:CVE-2016-8364date:2017-02-13T21:59:01.110