Vulnerabilities > CVE-2016-3949 - Resource Management Errors vulnerability in Siemens products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

siemens

CWE-399

NVD

Published: 2016-06-27

Updated: 2020-02-10

Summary

Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Simatic S7 300 With Profitnet Support Firmware 3.2.11 Siemens Simatic S7 300 Without Profitnet Support Firmware 3.3.11	2
Hardware	Siemens Siemens Simatic S7 300 With Profitnet Support * Siemens Simatic S7 300 Without Profitnet Support *	2

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References