CVE-2018-4832

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
siemensCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
siemensopenpcs_7
𝑥
≤ 7.1
siemensopenpcs_7
8.0
siemensopenpcs_7
8.1
siemensopenpcs_7
8.1:upd_1
siemensopenpcs_7
8.1:upd_2
siemensopenpcs_7
8.1:upd_3
siemensopenpcs_7
8.1:upd_4
siemensopenpcs_7
8.2
siemensopenpcs_7
9.0
siemenssimatic_batch
7.1
siemenssimatic_batch
8.0
siemenssimatic_batch
8.0:sp1_upd20
siemenssimatic_batch
8.1
siemenssimatic_batch
8.1:sp1_upd14
siemenssimatic_batch
8.1:sp1_upd15
siemenssimatic_batch
8.2
siemenssimatic_batch
8.2:upd_9
siemenssimatic_batch
9.0
siemenssimatic_net_pc
𝑥
< 15
siemenssimatic_pcs_7
𝑥
≤ 7.1
siemenssimatic_pcs_7
8.0
siemenssimatic_pcs_7
8.1
siemenssimatic_pcs_7
8.2
siemenssimatic_pcs_7
9.0
siemenssimatic_route_control
𝑥
≤ 7.1
siemenssimatic_route_control
8.0
siemenssimatic_route_control
8.1
siemenssimatic_route_control
9.0
siemenssimatic_wincc_runtime_professional
𝑥
< 13
siemenssimatic_wincc
𝑥
< 7.2
siemenssimatic_wincc
7.2
siemenssimatic_wincc
7.2:upd_14
siemenssimatic_wincc
7.3
siemenssimatic_wincc
7.3:upd_15
siemenssimatic_wincc
7.4
siemenssimatic_wincc
7.4:sp1
siemenssimatic_wincc
7.4:sp1_upd_3
siemenssppa-t3000_application_server
𝑥
< r8.2
siemenssppa-t3000_application_server
r8.2
siemenssppa-t3000_application_server
r8.2:sp1
siemenssimatic_net_pc
𝑥
< 15
siemenssimatic_net_pc_software
𝑥
< 14.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf