Vulnerability Description
A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic S7-400 Firmware | <= 4.0 |
| Siemens | Simatic S7-400 | - |
| Siemens | Simatic S7-400H Firmware | <= 4.5 |
| Siemens | Simatic S7-400H | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104217Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdfVendor Advisory
- https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPubliVendor Advisory
- http://www.securityfocus.com/bid/104217Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdfVendor Advisory
- https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPubliVendor Advisory
FAQ
What is CVE-2018-4850?
CVE-2018-4850 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIM...
How severe is CVE-2018-4850?
CVE-2018-4850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-4850?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic S7-400 Firmware, Siemens Simatic S7-400, Siemens Simatic S7-400H Firmware, Siemens Simatic S7-400H.