HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2016-8562

CVSS 7.5v3.1pub. 2016-11-18upd. 2026-04-21

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Siemens Simatic Cp 1543 1

    HW
    Siemens
    wszystkie wersje
  • Siemens Simatic Cp 1543 1 Firmware

    OS
    Siemens
    < 2.0.28
  • Siemens Siplus Net Cp 1543 1

    HW
    Siemens
    wszystkie wersje
  • Siemens Siplus Net Cp 1543 1 Firmware

    OS
    Siemens
    < 2.0.28

CISA KEV — detailsi

Vendori
Siemens
Producti
SIMATIC CP
Added to KEVi
March 3, 2022
Remediation deadline (US Federal)i
March 24, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 24 marca 2022
CWE
References

Related vulnerabilities

CVE-2022-34819CRITICAL10.0ten sam produkt

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All v...

CVE-2019-12815CRITICAL9.8ten sam produkt

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and ...

CVE-2024-50310HIGH8.7ten sam produkt

A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < ...

CVE-2022-34820HIGH8.4ten sam produkt

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All v...

CVE-2022-34821HIGH8.8ten sam produkt

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(...