CVE-2018-13815
Summary
| CVE | CVE-2018-13815 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-12-13 16:29:00 UTC |
|---|
| Updated | 2019-10-09 23:34:00 UTC |
|---|
| Description | A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Siemens SIMATIC S7 CVE-2018-13815 Denial of Service Vulnerability |
BID |
www.securityfocus.com |
Third Party Advisory, VDB Entry |
| cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf |
CONFIRM |
cert-portal.siemens.com |
Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591243 Siemens SIMATIC S7-1200/1500 CPU family Resource Exhaustion Vulnerability (ICSA-18-317-05, SSA-584286)
