Denial of Service Vulnerability in Siemens OpenPCS and SIMATIC Products
CVE-2018-4832

7.5HIGH

Key Information:

Vendor

Siemens
Status
Openpcs 7 V7.1 And Earlier
Openpcs 7 V8.0
Openpcs 7 V8.1
Openpcs 7 V8.2
Vendor
CVE Published:
24 April 2018

What is CVE-2018-4832?

A vulnerability in Siemens OpenPCS and SIMATIC products allows specially crafted messages sent to the RPC service to trigger a Denial-of-Service condition. This can impair remote and local communication functionalities, necessitating a system reboot to restore operation. Exploitation requires network access to the Application Server. As of the advisory release, no public incidents of exploitation were known.

Affected Version(s)

OpenPCS 7 V7.1 and earlier All versions

OpenPCS 7 V8.0 All versions

OpenPCS 7 V8.1 All versions < V8.1 Upd5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-45144...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-34862...
x_refsource_MISC
http://packetstormsecurity.com/files/155665/Siemens-Secur...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.