AND
     OR
          *cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.28
     OR
          cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*

AND
     OR
          *cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0.28
     OR
          cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*

NIST AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

NIST NVD-CWE-noinfo

NIST CWE-20

http://www.securityfocus.com/bid/94436 Third Party Advisory, VDB Entry

http://www.securityfocus.com/bid/94436 Broken Link, Third Party Advisory, VDB Entry

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf Patch, Vendor Advisory

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf Broken Link, Patch, Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf No Types Assigned

https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 No Types Assigned

https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 Third Party Advisory, US Government Resource

MITRE CWE-20

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which
should be read-only and should only be configured with TIA-Portal. A write to these
variables could reduce the availability or cause a denial-of-service.

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.

MITRE CWE-20

Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables.

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which
should be read-only and should only be configured with TIA-Portal. A write to these
variables could reduce the availability or cause a denial-of-service.

https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf [No Types Assigned]

https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01 [No Types Assigned]

http://www.securityfocus.com/bid/94436 No Types Assigned

http://www.securityfocus.com/bid/94436 Third Party Advisory, VDB Entry

http://www.securityfocus.com/bid/94436 [No Types Assigned]

Configuration 1
     AND
          OR
               *cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:-:*:*:*:*:*:*:*
          OR
               cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*

(AV:N/AC:M/Au:S/C:N/I:N/A:P)

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf No Types Assigned

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf Vendor Advisory, Patch