Vulnerability Description
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic S7-1500 Cpu Firmware | 1.8.2 |
| Siemens | Simatic S7-1511-1 Pn Cpu | - |
| Siemens | Simatic S7-1511C-1 Pn Cpu | - |
| Siemens | Simatic S7-1511F-1 Pn Cpu | - |
| Siemens | Simatic S7-1512C-1 Pn Cpu | - |
| Siemens | Simatic S7-1513-1 Pn Cpu | - |
| Siemens | Simatic S7-1513F-1 Pn Cpu | - |
| Siemens | Simatic S7-1515-2 Pn Cpu | - |
| Siemens | Simatic S7-1515F-2 Pn Cpu | - |
| Siemens | Simatic S7-1516-3 Pn\/Dp Cpu | - |
| Siemens | Simatic S7-1516F-3 Pn\/Dp Cpu | - |
| Siemens | Simatic S7-1517-3 Pn\/Dp Cpu | - |
| Siemens | Simatic S7-1517F-3 Pn\/Dp Cpu | - |
| Siemens | Simatic S7-1518-4 Pn\/Dp Cpu | - |
| Siemens | Simatic S7-1518F-4 Pn\/Dp Cpu | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/83110Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1034954Third Party AdvisoryVDB Entry
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/83110Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1034954Third Party AdvisoryVDB Entry
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-253230.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-16-040-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-2201?
CVE-2016-2201 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
How severe is CVE-2016-2201?
CVE-2016-2201 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2201?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic S7-1500 Cpu Firmware, Siemens Simatic S7-1511-1 Pn Cpu, Siemens Simatic S7-1511C-1 Pn Cpu, Siemens Simatic S7-1511F-1 Pn Cpu, Siemens Simatic S7-1512C-1 Pn Cpu.