18 May 2018
DoS vulnerability in SIMATIC S7-400 controllers
A denial-of-service vulnerability has been identified in Siemens SIMATIC S7-400 programmable logic controllers.
The problem is caused by the CVE-2018-4850 vulnerability identified in SIMATIC S7-400 and SIMATIC S7-400H CPU hardware, including the following versions:
- S7-400 versions up to 4.0 (inclusive) and 5.0 to 5.2;
- S7-400H versions 4.5 and earlier.
Successful exploitation of the vulnerability requires an attacker to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system.
A CVSS v.3 base score of 7.5 has been calculated for the vulnerability. To resolve the issue, Siemens recommends upgrading to new hardware versions.