Detections
Analytics
Siemens SIPROTEC DoS (SCADA)
high Nessus Network Monitor Plugin ID 700132
Synopsis
A Denial of Service (DoS) attack targeting Siemens SIPROTEC has been detected.Description
Siemens SIPROTEC contains a flaw in the EN100 module that is triggered when handling data sent to a service listening on port 50000/UDP. With a specially crafted request, a remote attacker can cause the service to stop responding, requiring a reboot in order to restore functionality.Solution
Confirm that the installed version is SIPROTEC 4.5 or later. If that version cannot be obtained, ensure that this hardware is running in compliance with corporate standards and security guidelines.See Also
https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01
https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
Plugin Details
Severity: High
ID: 700132
Family: SCADA
Published: 6/13/2017
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/h:siemens:siprotec
Patch Publication Date: 7/17/2015
Vulnerability Publication Date: 7/17/2015
Reference Information
CVE: CVE-2015-5374
BID: 75948