Siemens S7-1500 CPU Multiple Denial of Service Vulnerabilities

Bugtraq ID:	106788
Class:	Design Error
CVE:	CVE-2018-16558 CVE-2018-16559
Remote:	Yes
Local:	No
Published:	Jan 08 2019 12:00AM
Updated:	Feb 06 2019 07:00AM
Credit:	Georgy Zaytsev, Dmitry Sklyarov, Druzhinin Evgeny, Ilya Karpov, and Maxim Goryachy from Positive Technologies
Vulnerable:	Siemens SIMATIC S7-1500 1.8.5 Siemens SIMATIC S7-1500 1.8.3 Siemens SIMATIC S7-1500 1.7 Siemens SIMATIC S7-1500 2.0 Siemens SIMATIC S7-1500 1.6 Siemens SIMATIC S7-1500 1.5.0
Not Vulnerable:	Siemens SIMATIC S7-1500 2.5

Siemens S7-1500 CPU Multiple Denial of Service Vulnerabilities

Siemens S7-1500 CPU is prone to multiple denial-of-service vulnerabilities.

Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users.

SIMATIC S7-1500 CPU versions prior to 2.5 are vulnerable.

Siemens S7-1500 CPU Multiple Denial of Service Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Siemens S7-1500 CPU Multiple Denial of Service Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Siemens S7-1500 CPU Multiple Denial of Service Vulnerabilities

References:

• Siemens Homepage (Siemens)
  
• SSA-180635: Denial-of-Service Vulnerabilities in S7-1500 CPU (CERT)