CVE-2016-8562

{"id": "CVE-2016-8562", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2016-11-18T21:59:02.033", "references": [{"url": "http://www.securityfocus.com/bid/94436", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (Todas las versiones &lt; V2.0.28), SIPLUS NET CP 1543-1 (Todas las versiones &lt; V2.0.28). En condiciones especiales era posible escribir variables SNMP en el puerto 161/udp que deber\u00edan ser de s\u00f3lo lectura y s\u00f3lo deber\u00edan configurarse con TIA-Portal. Una escritura en estas variables podr\u00eda reducir la disponibilidad o causar una denegaci\u00f3n de servicio"}], "lastModified": "2024-07-24T14:26:41.253", "cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8CCE837-13AF-47FB-B4C8-7720F0876229", "versionEndExcluding": "2.0.28"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDDA7068-0640-4E8C-A917-DB41F6A9D66A", "versionEndExcluding": "2.0.28"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability"}