CVE-2016-2201

Published Feb 8, 2016

Last updated 5 years ago

CVSS medium 5.3

Overview

Description: Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_s7-1500_cpu_firmware:1.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AE7D26A-B1CA-4059-820C-E2C13662AAEB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1511-1_pn_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "668B8FDF-4D50-4E54-88CE-D9A2C483D460"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1511c-1_pn_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "223C911C-B69D-41B9-A461-C6153A255324"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1511f-1_pn_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43828956-FDB0-4DB2-ACAA-6D94F314C070"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1512c-1_pn_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7966ED38-7F26-44BF-93FF-5D999C510D19"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1513-1_pn_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F18327E-6C57-42F0-983C-F88F70C9FB6C"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1513f-1_pn_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7E943853-055C-45E3-9BD0-E8DE2D9C339B"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1515-2_pn_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A074A6C0-6D87-40C3-9031-E8582797A299"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1515f-2_pn_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D13388C5-D329-46E2-8FE6-E45DB604C112"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1516-3_pn\\/dp_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E3C8B2D4-9BC2-424E-ABE3-2095CE414255"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1516f-3_pn\\/dp_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "84C4C6FB-5D77-4A8B-9ABA-321353F6D1E2"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1517-3_pn\\/dp_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6DA5627-663C-48F9-B76D-BD53D43ACDFA"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1517f-3_pn\\/dp_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "55AE4959-EE30-4FE1-8FCC-3F7710C80C3F"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1518-4_pn\\/dp_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "59EFE215-70A4-4A85-AA84-360FED0B6D89"
          },
          {
            "criteria": "cpe:2.3:h:siemens:simatic_s7-1518f-4_pn\\/dp_cpu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9BE49E75-DC54-4AD5-923C-12F6603B9793"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References