18 May 2018

DoS vulnerability in SIMATIC S7-400 controllers

A denial-of-service vulnerability has been identified in Siemens SIMATIC S7-400 programmable logic controllers.

The problem is caused by the CVE-2018-4850 vulnerability identified in SIMATIC S7-400 and SIMATIC S7-400H CPU hardware, including the following versions:

  • S7-400 versions up to 4.0 (inclusive) and 5.0 to 5.2;
  • S7-400H versions 4.5 and earlier.

Successful exploitation of the vulnerability requires an attacker to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system.

A CVSS v.3 base score of 7.5 has been calculated for the vulnerability. To resolve the issue, Siemens recommends upgrading to new hardware versions.

Source: Siemens