Products

Solutions

Company

Book A Live Demo

CVE-2018-16563 : Security Advisory and Response

Discover the impact of CVE-2018-16563, a denial-of-service vulnerability in Siemens firmware variants. Learn about affected systems, exploitation risks, and mitigation steps.

A security flaw has been discovered in various firmware variants affecting Siemens products, leading to a denial-of-service vulnerability.

Understanding CVE-2018-16563

What is CVE-2018-16563?

CVE-2018-16563 is a vulnerability found in multiple firmware variants used in Siemens products, allowing for a denial-of-service attack when specific packets are sent to the affected devices.

The Impact of CVE-2018-16563

The vulnerability could result in a network functionality outage, compromising the availability of the system. No known public exploits have been reported as of the advisory publication date.

Technical Details of CVE-2018-16563

Vulnerability Description

The vulnerability affects various firmware variants including IEC 61850, MODBUS TCP, DNP3 TCP, IEC104, Profinet IO for EN100 Ethernet module, and SIPROTEC 5 relays with specific CPU variants.

Attackers can trigger a denial-of-service condition by sending crafted packets to port 102/tcp.

Affected Systems and Versions

Firmware variant IEC 61850 for EN100 Ethernet module: All versions < V4.35

Firmware variant MODBUS TCP for EN100 Ethernet module: All versions

Firmware variant DNP3 TCP for EN100 Ethernet module: All versions

Firmware variant IEC104 for EN100 Ethernet module: All versions

Firmware variant Profinet IO for EN100 Ethernet module: All versions

SIPROTEC 5 relays with CPU variants CP300 and CP100: All versions < V7.82

SIPROTEC 5 relays with CPU variants CP200: All versions < V7.58

Exploitation Mechanism

Requires an attacker with network access to send multiple packets to the affected products or modules.

The IEC 61850-MMS communication must be activated on the affected devices for the vulnerability to be triggered.

No user interaction or specific privileges are needed for exploitation.

Mitigation and Prevention

Immediate Steps to Take

Manually restart the EN100 module to restore functionality.

Long-Term Security Practices

Regularly update firmware to patched versions.

Patching and Updates

Ensure firmware versions are updated to V4.35, V7.82, and V7.58 or higher to mitigate the vulnerability.

CVE-2018-16563 : Security Advisory and Response

Understanding CVE-2018-16563

What is CVE-2018-16563?

The Impact of CVE-2018-16563

Technical Details of CVE-2018-16563

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2018-16563 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2018-16563

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2018-16563?

The Impact of CVE-2018-16563

Technical Details of CVE-2018-16563

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2018-16563

What is CVE-2018-16563?

Is your System Free of Underlying Vulnerabilities?
Find Out Now