CVE-2018-16561
Summary
| CVE | CVE-2018-16561 |
|---|---|
| State | PUBLISHED |
| Assigner | siemens |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-17 14:29:03 UTC |
| Updated | 2026-06-02 20:16:22 UTC |
| Description | A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.003670000 probability, percentile 0.589120000 (date 2026-06-02)
Problem Types: NVD-CWE-noinfo | CWE-20 | Improper Input Validation | CWE-20 CWE-20 Improper Input Validation
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.0 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 2.0 | [email protected] | Primary | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
CompleteAV:N/AC:L/Au:N/C:N/I:N/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Siemens | Simatic S7-300 | - | All | All | All |
| Hardware | Siemens | Simatic S7-300f | - | All | All | All |
| Hardware | Siemens | Simatic S7-300fs | - | All | All | All |
| Operating System | Siemens | Simatic S7-300fs Firmware | - | All | All | All |
| Operating System | Siemens | Simatic S7-300f Firmware | - | All | All | All |
| Hardware | Siemens | Simatic S7-300t | - | All | All | All |
| Operating System | Siemens | Simatic S7-300t Firmware | - | All | All | All |
| Operating System | Siemens | Simatic S7-300 Firmware | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Siemens | SIMATIC S7-300 CPUs | affected All versions < V3.X.16 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591196 Siemens SIMATIC S7-300 CPU Vulnerability (ICSA-19-043-04, SSA-306710)