CVE-2015-8214
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Category : Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 9.7 | AV:N/AC:L/Au:N/C:P/I:C/A:C | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Products Mentioned
Configuraton 0
Siemens>>Simatic_cp_443-1_firmware >> Version *
- Siemens>>Simatic_cp_443-1_firmware >> Version - (Open CPE detail)
- Siemens>>Simatic_cp_443-1_firmware >> Version - (Open CPE detail)
- Siemens>>Simatic_cp_443-1_firmware >> Version 3.3 (Open CPE detail)
Siemens>>Simatic_cp_443-1_firmware >> Version *
Siemens>>Simatic_cp_443-1 >> Version *
- Siemens>>Simatic_cp_443-1 >> Version - (Open CPE detail)
- Siemens>>Simatic_cp_443-1 >> Version - (Open CPE detail)
- Siemens>>Simatic_cp_443-1 >> Version - (Open CPE detail)
Configuraton 0
Siemens>>Simatic_tim_4r-ie_firmware >> Version *
Siemens>>Simatic_tim_4r-ie_firmware >> Version *
Siemens>>Simatic_tim_4r-ie >> Version *
Configuraton 0
Siemens>>Simatic_cp_343-1_firmware >> Version *
Siemens>>Simatic_cp_343-1_firmware >> Version To (including) 3.0
- Siemens>>Simatic_cp_343-1_firmware >> Version - (Open CPE detail)
Siemens>>Simatic_cp_343-1 >> Version -
- Siemens>>Simatic_cp_343-1 >> Version - (Open CPE detail)
- Siemens>>Simatic_cp_343-1 >> Version - (Open CPE detail)
Configuraton 0
Siemens>>Simatic_tim_3v-ie_firmware >> Version -
Siemens>>Simatic_tim_3v-ie_firmware >> Version -
Siemens>>Simatic_tim_3v-ie_firmware >> Version -
Siemens>>Simatic_tim_3v-ie >> Version *
References
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
2025©
tesweb SA
