Sign-up

ID

VAR-201908-2053


TITLE

Siemens SIMATIC S7-300 PLC Permission Permission Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-27622

DESCRIPTION

The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The Siemens SIMATIC S7-300 PLC module is not authorized to bypass the execution of CPU attack vulnerabilities. The attacker can construct a special application layer data message, which causes arbitrary start and stop control of the PLC

Trust: 0.72

sources: CNVD: CNVD-2019-27622 // IVD: d5083dda-bc66-45d3-acc2-f198599f2f2e

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: d5083dda-bc66-45d3-acc2-f198599f2f2e // CNVD: CNVD-2019-27622

AFFECTED PRODUCTS

vendor:schneidermodel:siemens simatic s7-300scope:eqversion:v3.3.11

Trust: 0.8

sources: IVD: d5083dda-bc66-45d3-acc2-f198599f2f2e // CNVD: CNVD-2019-27622

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2019-27622
value: MEDIUM

Trust: 0.6

IVD: d5083dda-bc66-45d3-acc2-f198599f2f2e
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2019-27622
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: d5083dda-bc66-45d3-acc2-f198599f2f2e
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: d5083dda-bc66-45d3-acc2-f198599f2f2e // CNVD: CNVD-2019-27622

TYPE

Access verification error

Trust: 0.2

sources: IVD: d5083dda-bc66-45d3-acc2-f198599f2f2e

PATCH

title:Siemens SIMATIC S7-300 PLC Permission Permission Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/172181

Trust: 0.6

sources: CNVD: CNVD-2019-27622

EXTERNAL IDS

db:CNVDid:CNVD-2019-27622

Trust: 0.8

db:IVDid:D5083DDA-BC66-45D3-ACC2-F198599F2F2E

Trust: 0.2

sources: IVD: d5083dda-bc66-45d3-acc2-f198599f2f2e // CNVD: CNVD-2019-27622

SOURCES

db:IVDid:d5083dda-bc66-45d3-acc2-f198599f2f2e
db:CNVDid:CNVD-2019-27622

LAST UPDATE DATE

2022-05-17T02:05:47.900000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-27622date:2019-09-11T00:00:00

SOURCES RELEASE DATE

db:IVDid:d5083dda-bc66-45d3-acc2-f198599f2f2edate:2019-08-15T00:00:00
db:CNVDid:CNVD-2019-27622date:2019-09-09T00:00:00