high
7.8
CWE
20
Advisory Published
Updated

CVE-2018-16558: Input Validation

First published: Wed Apr 17 2019(Updated: )

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens Simatic S7-1500 Firmware<=1.8.5
Siemens Simatic S7-1500 Firmware>=2.0<2.5
Siemens Simatic S7-1500

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2018-16558?

    CVE-2018-16558 is a vulnerability in SIMATIC S7-1500 CPU that allows an unauthenticated remote attacker to cause a Denial-of-Service condition.

  • How does CVE-2018-16558 affect SIMATIC S7-1500 CPU?

    CVE-2018-16558 affects SIMATIC S7-1500 CPU versions greater than or equal to V2.0 and less than V2.5, as well as versions less than or equal to V1.8.5.

  • What can an unauthenticated remote attacker do with CVE-2018-16558?

    An unauthenticated remote attacker can exploit CVE-2018-16558 to cause a Denial-of-Service condition on the affected SIMATIC S7-1500 CPU.

  • Is there a fix for CVE-2018-16558?

    At the time of this writing, Siemens has not released a fix for CVE-2018-16558. It is recommended to follow the recommendations provided by Siemens in their security advisory.

  • Where can I find more information about CVE-2018-16558?

    More information about CVE-2018-16558 can be found in the Siemens security advisory available at the following link: [https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203