Sign-up

ID

VAR-201904-1575


TITLE

Denial of Service Vulnerability in S7 300 Communication Card CP343-1

Trust: 0.6

sources: CNVD: CNVD-2019-10443

DESCRIPTION

Siemens PLC CP 343-1 model 6GK7 343-1EX30-0XE0 firmware is the communication processor. Siemens PLC CP 343-1 model 6GK7 343-1EX30-0XE0 firmware version V2.6.0 has a denial of service vulnerability. The attacker can cause the PLC to refuse to respond to the client's new COTP request, which causes the PLC and the client to fail to communicate properly. The PLC needs to be manually restarted to recover

Trust: 0.72

sources: CNVD: CNVD-2019-10443 // IVD: d74070f5-b367-4000-ac50-0b5082487b05

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: d74070f5-b367-4000-ac50-0b5082487b05 // CNVD: CNVD-2019-10443

AFFECTED PRODUCTS

vendor:siemensmodel:cp343-1 6gk7 343-1ex30-0xe0scope:eqversion:v2.6.0

Trust: 0.8

sources: IVD: d74070f5-b367-4000-ac50-0b5082487b05 // CNVD: CNVD-2019-10443

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-10443
value: MEDIUM

Trust: 0.6

IVD: d74070f5-b367-4000-ac50-0b5082487b05
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2019-10443
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: d74070f5-b367-4000-ac50-0b5082487b05
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: d74070f5-b367-4000-ac50-0b5082487b05 // CNVD: CNVD-2019-10443

TYPE

Denial of service

Trust: 0.2

sources: IVD: d74070f5-b367-4000-ac50-0b5082487b05

PATCH

title:Denial of Service Vulnerability in S7 300 Communication Card CP343-1url:https://www.cnvd.org.cn/patchinfo/show/156957

Trust: 0.6

sources: CNVD: CNVD-2019-10443

EXTERNAL IDS

db:CNVDid:CNVD-2019-10443

Trust: 0.8

db:IVDid:D74070F5-B367-4000-AC50-0B5082487B05

Trust: 0.2

sources: IVD: d74070f5-b367-4000-ac50-0b5082487b05 // CNVD: CNVD-2019-10443

SOURCES

db:IVDid:d74070f5-b367-4000-ac50-0b5082487b05
db:CNVDid:CNVD-2019-10443

LAST UPDATE DATE

2022-05-17T01:50:53.979000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-10443date:2019-05-07T00:00:00

SOURCES RELEASE DATE

db:IVDid:d74070f5-b367-4000-ac50-0b5082487b05date:2019-04-18T00:00:00
db:CNVDid:CNVD-2019-10443date:2019-05-07T00:00:00