Publication Date: |
2021-06-08 |
Last Update: |
2022-02-08 |
Current Version: |
V1.1 |
CVSS v3.1 Base Score: |
9.8 |
Affected Product and Versions |
Remediation |
SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0):
All versions
|
Currently no remediation is planned
See recommendations from section Workarounds and Mitigations
|
- Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default
- Configure an additional firewall to prevent communication to port udp/123 of an affected device
CVSS v3.1 Base Score |
9.8 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
CWE: |
CWE-20: Improper Input Validation |
CVSS v3.1 Base Score |
9.8 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE: |
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) |
CVSS v3.1 Base Score |
5.3 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
CWE: |
CWE-20: Improper Input Validation |
CVSS v3.1 Base Score |
5.3 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C |
CWE: |
CWE-20: Improper Input Validation |
CVSS v3.1 Base Score |
7.2 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C |
CWE: |
CWE-19: Data Processing Errors |
CVSS v3.1 Base Score |
5.3 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
CWE: |
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
CVSS v3.1 Base Score |
5.3 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE: |
CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score |
7.5 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
CWE: |
CWE-287: Improper Authentication |
CVSS v3.1 Base Score |
7.5 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
CWE: |
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) |
CVSS v3.1 Base Score |
5.9 |
CVSS Vector |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE: |
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) |
CVSS v3.1 Base Score |
5.3 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE: |
CWE-20: Improper Input Validation |
CVSS v3.1 Base Score |
5.3 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
CWE: |
CWE-20: Improper Input Validation |
CVSS v3.1 Base Score |
5.3 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C |
CWE: |
CWE-682: Incorrect Calculation |
CVSS v3.1 Base Score |
5.9 |
CVSS Vector |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CWE: |
CWE-20: Improper Input Validation |
CVSS v3.1 Base Score |
8.8 |
CVSS Vector |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE: |
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |