Vulnerability Description
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic S7 300 Cpu Firmware | - |
| Siemens | Simatic S7 300 Cpu | - |
| Siemens | Simatic Cp 443-1 Firmware | - |
| Siemens | Simatic Cp 443-1 | - |
| Siemens | Simatic Cp 343-1 Firmware | - |
| Siemens | Simatic Cp 343-1 | - |
| Siemens | Simatic S7 400 Cpu Firmware | - |
| Siemens | Simatic S7 400 Cpu | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf
FAQ
What is CVE-2016-8673?
CVE-2016-8673 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIM...
How severe is CVE-2016-8673?
CVE-2016-8673 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8673?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic S7 300 Cpu Firmware, Siemens Simatic S7 300 Cpu, Siemens Simatic Cp 443-1 Firmware, Siemens Simatic Cp 443-1, Siemens Simatic Cp 343-1 Firmware.