QID 591406
Date Published: 2023-04-03
QID 591406: Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
AFFECTED PRODUCTS
SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant): firmware version V3.0
SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant): firmware version V2.9.4
SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant): firmware version V2.9.3
QID Detection Logic:
This QID checks for the Vulnerable version of Siemens Siemens SIMATIC S7-1500 CPU using passive scanning.
Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.
CVSS V3 rated as Critical - 10 severity.CVSS V2 rated as Critical - 10 severity.
Solution
Customers are advised to refer to CERT MITIGATIONS section icsa-22-104-13 for affected packages and patching details.
CVEs related to QID 591406
Software Advisories
| Advisory ID |
Software |
Component |
Link |
Array
(
[0] => Array
(
[qid_json] => {"qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU\/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)","severity":"5","description":"AFFECTED PRODUCTS
\nSIMATIC S7-1500 CPU 1518(F)-4 PN\/DP MFP (incl. SIPLUS variant): firmware version V3.0
\nSIMATIC S7-1500 CPU 1518(F)-4 PN\/DP MFP (incl. SIPLUS variant): firmware version V2.9.4
\nSIMATIC S7-1500 CPU 1518(F)-4 PN\/DP MFP (incl. SIPLUS variant): firmware version V2.9.3
\n
QID Detection Logic:
This QID checks for the Vulnerable version of Siemens Siemens SIMATIC S7-1500 CPU using passive scanning.","solution":"
Customers are advised to refer to CERT MITIGATIONS section icsa-22-104-13<\/A> for affected packages and patching details.","consequence":"Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.","published":"Yes","date_insert":"2023-02-28","date_published":"2023-04-03","cve":["CVE-2013-0340","CVE-2013-4235","CVE-2014-7209","CVE-2015-5895","CVE-2016-10228","CVE-2016-3709","CVE-2016-4658","CVE-2016-5131","CVE-2016-9318","CVE-2017-0663","CVE-2017-16931","CVE-2017-16932","CVE-2017-17512","CVE-2017-18258","CVE-2017-7375","CVE-2017-7376","CVE-2017-9047","CVE-2017-9048","CVE-2017-9049","CVE-2017-9050","CVE-2018-0495","CVE-2018-12886","CVE-2018-14404","CVE-2018-14567","CVE-2018-18928","CVE-2018-19591","CVE-2018-20482","CVE-2018-20843","CVE-2018-25032","CVE-2019-1010022","CVE-2019-1010023","CVE-2019-1010024","CVE-2019-1010025","CVE-2019-1010180","CVE-2019-11360","CVE-2019-12290","CVE-2019-12904","CVE-2019-13057","CVE-2019-13565","CVE-2019-13627","CVE-2019-13627","CVE-2019-15601","CVE-2019-15847","CVE-2019-15903","CVE-2019-16168","CVE-2019-16905","CVE-2019-17498","CVE-2019-17543","CVE-2019-17594","CVE-2019-17595","CVE-2019-18224","CVE-2019-18276","CVE-2019-19126","CVE-2019-19242","CVE-2019-19244","CVE-2019-19317","CVE-2019-19603","CVE-2019-19645","CVE-2019-19646","CVE-2019-19880","CVE-2019-19906","CVE-2019-19923","CVE-2019-19924","CVE-2019-19925","CVE-2019-19926","CVE-2019-19956","CVE-2019-19959","CVE-2019-20218","CVE-2019-20367","CVE-2019-20388","CVE-2019-20795","CVE-2019-25013","CVE-2019-3855","CVE-2019-3856","CVE-2019-3857","CVE-2019-3858","CVE-2019-3859","CVE-2019-3860","CVE-2019-3861","CVE-2019-3862","CVE-2019-3863","CVE-2019-5018","CVE-2019-5094","CVE-2019-5188","CVE-2019-5435","CVE-2019-5436","CVE-2019-5443","CVE-2019-5481","CVE-2019-5482","CVE-2019-6109","CVE-2019-6110","CVE-2019-6111","CVE-2019-6488","CVE-2019-8457","CVE-2019-9169","CVE-2019-9923","CVE-2019-9936","CVE-2019-9937","CVE-2020-10029","CVE-2020-10531","CVE-2020-10543","CVE-2020-10878","CVE-2020-11501","CVE-2020-11655","CVE-2020-11656","CVE-2020-12062","CVE-2020-12243","CVE-2020-12723","CVE-2020-12762","CVE-2020-13434","CVE-2020-13435","CVE-2020-13529","CVE-2020-13630","CVE-2020-13631","CVE-2020-13632","CVE-2020-13776","CVE-2020-13777","CVE-2020-13871","CVE-2020-14145","CVE-2020-14871","CVE-2020-15358","CVE-2020-15778","CVE-2020-1712","CVE-2020-1752","CVE-2020-21913","CVE-2020-24659","CVE-2020-24977","CVE-2020-25692","CVE-2020-25709","CVE-2020-25710","CVE-2020-27618","CVE-2020-28196","CVE-2020-29361","CVE-2020-29362","CVE-2020-29363","CVE-2020-29562","CVE-2020-29573","CVE-2020-35525","CVE-2020-35527","CVE-2020-35536","CVE-2020-35537","CVE-2020-36221","CVE-2020-36222","CVE-2020-36223","CVE-2020-36224","CVE-2020-36225","CVE-2020-36226","CVE-2020-36227","CVE-2020-36228","CVE-2020-36229","CVE-2020-36230","CVE-2020-7595","CVE-2020-8169","CVE-2020-8177","CVE-2020-8231","CVE-2020-8284","CVE-2020-8285","CVE-2020-8286","CVE-2020-9327","CVE-2021-20193","CVE-2021-20223","CVE-2021-20227","CVE-2021-20231","CVE-2021-20232","CVE-2021-20305","CVE-2021-20305","CVE-2021-22876","CVE-2021-22890","CVE-2021-22897","CVE-2021-22898","CVE-2021-22901","CVE-2021-22922","CVE-2021-22923","CVE-2021-22924","CVE-2021-22925","CVE-2021-22926","CVE-2021-22945","CVE-2021-22946","CVE-2021-22947","CVE-2021-27212","CVE-2021-27645","CVE-2021-28041","CVE-2021-3326","CVE-2021-33560","CVE-2021-33574","CVE-2021-33910","CVE-2021-3516","CVE-2021-3517","CVE-2021-3518","CVE-2021-3520","CVE-2021-3537","CVE-2021-3541","CVE-2021-3580","CVE-2021-35942","CVE-2021-36084","CVE-2021-36085","CVE-2021-36086","CVE-2021-36087","CVE-2021-36222","CVE-2021-36690","CVE-2021-37600","CVE-2021-37750","CVE-2021-3826","CVE-2021-38604","CVE-2021-3997","CVE-2021-3998","CVE-2021-3999","CVE-2021-4122","CVE-2021-41617","CVE-2021-4209","CVE-2021-43396","CVE-2021-43618","CVE-2021-45960","CVE-2021-46143","CVE-2021-46828","CVE-2021-46848","CVE-2022-0563","CVE-2022-1271","CVE-2022-1292","CVE-2022-1304","CVE-2022-1343","CVE-2022-1434","CVE-2022-1473","CVE-2022-20421","CVE-2022-2068","CVE-2022-2097","CVE-2022-22576","CVE-2022-2274","CVE-2022-22822","CVE-2022-22822","CVE-2022-22823","CVE-2022-22823","CVE-2022-22824","CVE-2022-22824","CVE-2022-22825","CVE-2022-22825","CVE-2022-22826","CVE-2022-22826","CVE-2022-22827","CVE-2022-22827","CVE-2022-23218","CVE-2022-23219","CVE-2022-23308","CVE-2022-23852","CVE-2022-23990","CVE-2022-24407","CVE-2022-2509","CVE-2022-25235","CVE-2022-25236","CVE-2022-25313","CVE-2022-25314","CVE-2022-25315","CVE-2022-2663","CVE-2022-27774","CVE-2022-27775","CVE-2022-27776","CVE-2022-27778","CVE-2022-27779","CVE-2022-27780","CVE-2022-27781","CVE-2022-27782","CVE-2022-27943","CVE-2022-28321","CVE-2022-29155","CVE-2022-29824","CVE-2022-30115","CVE-2022-3028","CVE-2022-32205","CVE-2022-32206","CVE-2022-32207","CVE-2022-32208"],"vendor_refs":[{"vendor_ref":"icsa-22-104-13","vendor_ref_url":"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-22-104-13"}],"cvss_v2":{"basescore":"10","temporalscore":"9.5"},"cvss_v3":{"basescore":"10","temporalscore":"9.7"},"patches":[]}
)
)
Array
(
[qid] => 591406
[title] => Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
[severity] => 5
[description] => AFFECTED PRODUCTS
SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant): firmware version V3.0
SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant): firmware version V2.9.4
SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant): firmware version V2.9.3
QID Detection Logic:
This QID checks for the Vulnerable version of Siemens Siemens SIMATIC S7-1500 CPU using passive scanning.
[solution] =>
Customers are advised to refer to CERT MITIGATIONS section icsa-22-104-13 for affected packages and patching details.
[consequence] => Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.
[published] => Yes
[date_insert] => 2023-02-28
[date_published] => 2023-04-03
[cve] => Array
(
[0] => CVE-2013-0340
[1] => CVE-2013-4235
[2] => CVE-2014-7209
[3] => CVE-2015-5895
[4] => CVE-2016-10228
[5] => CVE-2016-3709
[6] => CVE-2016-4658
[7] => CVE-2016-5131
[8] => CVE-2016-9318
[9] => CVE-2017-0663
[10] => CVE-2017-16931
[11] => CVE-2017-16932
[12] => CVE-2017-17512
[13] => CVE-2017-18258
[14] => CVE-2017-7375
[15] => CVE-2017-7376
[16] => CVE-2017-9047
[17] => CVE-2017-9048
[18] => CVE-2017-9049
[19] => CVE-2017-9050
[20] => CVE-2018-0495
[21] => CVE-2018-12886
[22] => CVE-2018-14404
[23] => CVE-2018-14567
[24] => CVE-2018-18928
[25] => CVE-2018-19591
[26] => CVE-2018-20482
[27] => CVE-2018-20843
[28] => CVE-2018-25032
[29] => CVE-2019-1010022
[30] => CVE-2019-1010023
[31] => CVE-2019-1010024
[32] => CVE-2019-1010025
[33] => CVE-2019-1010180
[34] => CVE-2019-11360
[35] => CVE-2019-12290
[36] => CVE-2019-12904
[37] => CVE-2019-13057
[38] => CVE-2019-13565
[39] => CVE-2019-13627
[40] => CVE-2019-13627
[41] => CVE-2019-15601
[42] => CVE-2019-15847
[43] => CVE-2019-15903
[44] => CVE-2019-16168
[45] => CVE-2019-16905
[46] => CVE-2019-17498
[47] => CVE-2019-17543
[48] => CVE-2019-17594
[49] => CVE-2019-17595
[50] => CVE-2019-18224
[51] => CVE-2019-18276
[52] => CVE-2019-19126
[53] => CVE-2019-19242
[54] => CVE-2019-19244
[55] => CVE-2019-19317
[56] => CVE-2019-19603
[57] => CVE-2019-19645
[58] => CVE-2019-19646
[59] => CVE-2019-19880
[60] => CVE-2019-19906
[61] => CVE-2019-19923
[62] => CVE-2019-19924
[63] => CVE-2019-19925
[64] => CVE-2019-19926
[65] => CVE-2019-19956
[66] => CVE-2019-19959
[67] => CVE-2019-20218
[68] => CVE-2019-20367
[69] => CVE-2019-20388
[70] => CVE-2019-20795
[71] => CVE-2019-25013
[72] => CVE-2019-3855
[73] => CVE-2019-3856
[74] => CVE-2019-3857
[75] => CVE-2019-3858
[76] => CVE-2019-3859
[77] => CVE-2019-3860
[78] => CVE-2019-3861
[79] => CVE-2019-3862
[80] => CVE-2019-3863
[81] => CVE-2019-5018
[82] => CVE-2019-5094
[83] => CVE-2019-5188
[84] => CVE-2019-5435
[85] => CVE-2019-5436
[86] => CVE-2019-5443
[87] => CVE-2019-5481
[88] => CVE-2019-5482
[89] => CVE-2019-6109
[90] => CVE-2019-6110
[91] => CVE-2019-6111
[92] => CVE-2019-6488
[93] => CVE-2019-8457
[94] => CVE-2019-9169
[95] => CVE-2019-9923
[96] => CVE-2019-9936
[97] => CVE-2019-9937
[98] => CVE-2020-10029
[99] => CVE-2020-10531
[100] => CVE-2020-10543
[101] => CVE-2020-10878
[102] => CVE-2020-11501
[103] => CVE-2020-11655
[104] => CVE-2020-11656
[105] => CVE-2020-12062
[106] => CVE-2020-12243
[107] => CVE-2020-12723
[108] => CVE-2020-12762
[109] => CVE-2020-13434
[110] => CVE-2020-13435
[111] => CVE-2020-13529
[112] => CVE-2020-13630
[113] => CVE-2020-13631
[114] => CVE-2020-13632
[115] => CVE-2020-13776
[116] => CVE-2020-13777
[117] => CVE-2020-13871
[118] => CVE-2020-14145
[119] => CVE-2020-14871
[120] => CVE-2020-15358
[121] => CVE-2020-15778
[122] => CVE-2020-1712
[123] => CVE-2020-1752
[124] => CVE-2020-21913
[125] => CVE-2020-24659
[126] => CVE-2020-24977
[127] => CVE-2020-25692
[128] => CVE-2020-25709
[129] => CVE-2020-25710
[130] => CVE-2020-27618
[131] => CVE-2020-28196
[132] => CVE-2020-29361
[133] => CVE-2020-29362
[134] => CVE-2020-29363
[135] => CVE-2020-29562
[136] => CVE-2020-29573
[137] => CVE-2020-35525
[138] => CVE-2020-35527
[139] => CVE-2020-35536
[140] => CVE-2020-35537
[141] => CVE-2020-36221
[142] => CVE-2020-36222
[143] => CVE-2020-36223
[144] => CVE-2020-36224
[145] => CVE-2020-36225
[146] => CVE-2020-36226
[147] => CVE-2020-36227
[148] => CVE-2020-36228
[149] => CVE-2020-36229
[150] => CVE-2020-36230
[151] => CVE-2020-7595
[152] => CVE-2020-8169
[153] => CVE-2020-8177
[154] => CVE-2020-8231
[155] => CVE-2020-8284
[156] => CVE-2020-8285
[157] => CVE-2020-8286
[158] => CVE-2020-9327
[159] => CVE-2021-20193
[160] => CVE-2021-20223
[161] => CVE-2021-20227
[162] => CVE-2021-20231
[163] => CVE-2021-20232
[164] => CVE-2021-20305
[165] => CVE-2021-20305
[166] => CVE-2021-22876
[167] => CVE-2021-22890
[168] => CVE-2021-22897
[169] => CVE-2021-22898
[170] => CVE-2021-22901
[171] => CVE-2021-22922
[172] => CVE-2021-22923
[173] => CVE-2021-22924
[174] => CVE-2021-22925
[175] => CVE-2021-22926
[176] => CVE-2021-22945
[177] => CVE-2021-22946
[178] => CVE-2021-22947
[179] => CVE-2021-27212
[180] => CVE-2021-27645
[181] => CVE-2021-28041
[182] => CVE-2021-3326
[183] => CVE-2021-33560
[184] => CVE-2021-33574
[185] => CVE-2021-33910
[186] => CVE-2021-3516
[187] => CVE-2021-3517
[188] => CVE-2021-3518
[189] => CVE-2021-3520
[190] => CVE-2021-3537
[191] => CVE-2021-3541
[192] => CVE-2021-3580
[193] => CVE-2021-35942
[194] => CVE-2021-36084
[195] => CVE-2021-36085
[196] => CVE-2021-36086
[197] => CVE-2021-36087
[198] => CVE-2021-36222
[199] => CVE-2021-36690
[200] => CVE-2021-37600
[201] => CVE-2021-37750
[202] => CVE-2021-3826
[203] => CVE-2021-38604
[204] => CVE-2021-3997
[205] => CVE-2021-3998
[206] => CVE-2021-3999
[207] => CVE-2021-4122
[208] => CVE-2021-41617
[209] => CVE-2021-4209
[210] => CVE-2021-43396
[211] => CVE-2021-43618
[212] => CVE-2021-45960
[213] => CVE-2021-46143
[214] => CVE-2021-46828
[215] => CVE-2021-46848
[216] => CVE-2022-0563
[217] => CVE-2022-1271
[218] => CVE-2022-1292
[219] => CVE-2022-1304
[220] => CVE-2022-1343
[221] => CVE-2022-1434
[222] => CVE-2022-1473
[223] => CVE-2022-20421
[224] => CVE-2022-2068
[225] => CVE-2022-2097
[226] => CVE-2022-22576
[227] => CVE-2022-2274
[228] => CVE-2022-22822
[229] => CVE-2022-22822
[230] => CVE-2022-22823
[231] => CVE-2022-22823
[232] => CVE-2022-22824
[233] => CVE-2022-22824
[234] => CVE-2022-22825
[235] => CVE-2022-22825
[236] => CVE-2022-22826
[237] => CVE-2022-22826
[238] => CVE-2022-22827
[239] => CVE-2022-22827
[240] => CVE-2022-23218
[241] => CVE-2022-23219
[242] => CVE-2022-23308
[243] => CVE-2022-23852
[244] => CVE-2022-23990
[245] => CVE-2022-24407
[246] => CVE-2022-2509
[247] => CVE-2022-25235
[248] => CVE-2022-25236
[249] => CVE-2022-25313
[250] => CVE-2022-25314
[251] => CVE-2022-25315
[252] => CVE-2022-2663
[253] => CVE-2022-27774
[254] => CVE-2022-27775
[255] => CVE-2022-27776
[256] => CVE-2022-27778
[257] => CVE-2022-27779
[258] => CVE-2022-27780
[259] => CVE-2022-27781
[260] => CVE-2022-27782
[261] => CVE-2022-27943
[262] => CVE-2022-28321
[263] => CVE-2022-29155
[264] => CVE-2022-29824
[265] => CVE-2022-30115
[266] => CVE-2022-3028
[267] => CVE-2022-32205
[268] => CVE-2022-32206
[269] => CVE-2022-32207
[270] => CVE-2022-32208
)
[vendor_refs] => Array
(
[0] => Array
(
[vendor_ref] => icsa-22-104-13
[vendor_ref_url] => https://www.cisa.gov/news-events/ics-advisories/icsa-22-104-13
)
)
[cvss_v2] => Array
(
[basescore] => 10
[temporalscore] => 9.5
)
[cvss_v3] => Array
(
[basescore] => 10
[temporalscore] => 9.7
)
[patches] => Array
(
)
)
www.cisa.gov/news-events/ics-advisories/icsa-22-104-13