CVE-2018-13815

2018-12-1316:00:00

CWE-410

siemens

www.cve.org

EPSS

0.001

Percentile

40.3%

JSON

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.

CNA Affected

[
  {
    "product": "SIMATIC S7-1200, SIMATIC S7-1500",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "SIMATIC S7-1200 : All versions"
      },
      {
        "status": "affected",
        "version": "SIMATIC S7-1500 : All Versions < V2.6"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105928

cert-portal.siemens.com/productcert/pdf/ssa-584286.pdf

EPSS

0.001

Percentile

40.3%

JSON

Related for CVELIST:CVE-2018-13815