Vulnerability Change Records for CVE-2016-9158

Change History

CVE Modified by MITRE 10/09/2019 7:20:20 PM

Action Type Old Value New Value
Added CWE

								
							
							
						
Siemens AG CWE-20

Initial Analysis 12/22/2016 11:43:42 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_s7-300_cpu_312:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\/dp:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\/dp:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-300_cpu_317-_2_dp:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\/dp:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*
     OR
          cpe:2.3:h:siemens:simatic_s7-400_cpu_412-1:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_414-2:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\/dp:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_416-2:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\/dp:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-2:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_416f-3_pn\/dp:-:*:*:*:*:*:*:*
          cpe:2.3:h:siemens:simatic_s7-400_cpu_417-4:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE

								
							
							
						
CWE-20

CVE Modified by MITRE 12/29/2017 9:29:00 PM

Action Type Old Value New Value
Changed Description
A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before V3.X.14 and SIMATIC S7-400 PN CPUs (V6 and V7) could allow a remote attacker to cause a Denial of Service condition by sending specially crafted packets to port 80/TCP.
A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before V3.X.14 and SIMATIC S7-400 PN CPUs (V6 before V6.0.6, and V7) could allow a remote attacker to cause a Denial of Service condition by sending specially crafted packets to port 80/TCP.

CVE Modified by MITRE 7/26/2017 9:29:06 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1037434 [No Types Assigned]

CVE Modified by MITRE 1/24/2018 9:29:00 PM

Action Type Old Value New Value
Changed Description
A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before V3.X.14 and SIMATIC S7-400 PN CPUs (V6 before V6.0.6, and V7) could allow a remote attacker to cause a Denial of Service condition by sending specially crafted packets to port 80/TCP.
A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system. This vulnerability affects all SIMATIC S7-300 PN CPUs, and all SIMATIC S7-400 PN V6 and V7 CPUs.
Added Reference

								
							
							
						
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf [No Types Assigned]
Removed Reference
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf [No Types Assigned]

								
						

CVE Modified by MITRE 5/08/2017 9:29:01 PM

Action Type Old Value New Value
Changed Description
A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs (all versions including V3.2.12) and SIMATIC S7-400 PN CPUs (V6 and V7) could allow a remote attacker to cause a Denial of Service condition by sending specially crafted packets to port 80/TCP.
A vulnerability in SIEMENS SIMATIC S7-300 PN CPUs before V3.X.14 and SIMATIC S7-400 PN CPUs (V6 and V7) could allow a remote attacker to cause a Denial of Service condition by sending specially crafted packets to port 80/TCP.

CVE Modified by MITRE 12/21/2016 10:0:26 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05 [No Types Assigned]

CVE Modified by MITRE 12/19/2016 9:59:21 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/94820 [No Types Assigned]