Remote Code Execution Vulnerability in Siemens SIMATIC S7-1200 CPU Devices
CVE-2016-2846

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic S7 Cpu 1200 Firmware
Vendor: CVE Published:; 16 March 2016

🔔 Create Siemens Vulnerability Alert

What is CVE-2016-2846?

The vulnerability allows remote attackers to exploit Siemens SIMATIC S7-1200 CPU devices prior to version 4.0 by bypassing the user program block protection mechanism. This can enable unauthorized access to device functionalities, potentially leading to manipulation of system processes and disruption of critical operations.

References

http://www.siemens.com/cert/pool/cert/siemens_security_ad...

x_refsource_CONFIRM

https://ics-cert.us-cert.gov/advisories/ICSA-16-075-01

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-83304...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2016
Vulnerability Reserved
Mar 6, 2016

.

CVE-2016-2846 : Remote Code Execution Vulnerability in Siemens SIMATIC S7-1200 CPU Devices