CVE-2018-13815
13.12.2018, 16:29
A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.Enginsight
| Vendor | Product | Version |
|---|---|---|
| siemens | simatic_s7-1200_firmware | - |
| siemens | simatic_s7-1500_firmware | 𝑥 < 2.6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-410 - Insufficient Resource PoolThe software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.