Cyber Resilience

CVE-2016-8562

HighCISA KEVActive ExploitationEUVD Exploited

Published: 18 November 2016

Published
18 November 2016
Modified
21 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1855 95.4th percentile
Risk Priority 46 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-8562 is a high-severity an unspecified weakness vulnerability in Siemens Simatic Cp 1543-1 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2016-8562 affects Siemens SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 devices in all versions prior to V2.0.28. It permits writing to certain SNMP variables exposed on UDP port 161 that are designed to be read-only and configurable exclusively through TIA-Portal, under special conditions. Successful modification of these variables can degrade device availability or trigger a denial-of-service condition.

An attacker with network access and low privileges may exploit the flaw by sending crafted SNMP writes to the affected port. The CVSS vector indicates the attack requires high complexity yet can result in high impact across confidentiality, integrity, and availability when conditions are met.

Siemens security advisory SSA-672373 and the related ICS-CERT advisory ICSA-16-327-01 both direct users to apply firmware version V2.0.28 or later, which corrects the improper write access on the SNMP interface. The advisories are available at the Siemens and US-CERT reference URLs provided for the CVE.

EU & UK References

Vulnerability details

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should…

more

only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

siemens
simatic cp 1543-1 firmware
≤ 2.0.28
siemens
siplus net cp 1543-1 firmware
≤ 2.0.28

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces that SNMP variables on UDP 161 remain read-only except via the authorized TIA-Portal path, blocking the unauthorized write primitive.

prevent

Requires prompt application of the vendor firmware V2.0.28+ that corrects the improper write access on the SNMP interface.

prevent

Boundary-protection rules can restrict which hosts are permitted to reach UDP 161, reducing the attack surface for crafted SNMP writes.

References