CVE-2016-8562
Published: 18 November 2016
Summary
CVE-2016-8562 is a high-severity an unspecified weakness vulnerability in Siemens Simatic Cp 1543-1 Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2016-8562 affects Siemens SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 devices in all versions prior to V2.0.28. It permits writing to certain SNMP variables exposed on UDP port 161 that are designed to be read-only and configurable exclusively through TIA-Portal, under special conditions. Successful modification of these variables can degrade device availability or trigger a denial-of-service condition.
An attacker with network access and low privileges may exploit the flaw by sending crafted SNMP writes to the affected port. The CVSS vector indicates the attack requires high complexity yet can result in high impact across confidentiality, integrity, and availability when conditions are met.
Siemens security advisory SSA-672373 and the related ICS-CERT advisory ICSA-16-327-01 both direct users to apply firmware version V2.0.28 or later, which corrects the improper write access on the SNMP interface. The advisories are available at the Siemens and US-CERT reference URLs provided for the CVE.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2016-9410
Vulnerability details
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should…
more
only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces that SNMP variables on UDP 161 remain read-only except via the authorized TIA-Portal path, blocking the unauthorized write primitive.
Requires prompt application of the vendor firmware V2.0.28+ that corrects the improper write access on the SNMP interface.
Boundary-protection rules can restrict which hosts are permitted to reach UDP 161, reducing the attack surface for crafted SNMP writes.