Vulnerabilities > CVE-2016-8562 - Unspecified vulnerability in Siemens products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 | |
| Hardware | 2 |
References
- http://www.securityfocus.com/bid/94436
- http://www.securityfocus.com/bid/94436
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01
- https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01