The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cp_1604_firmware | Siemens | * | 2.5.1 (including) |
| Cp_1616_firmware | Siemens | * | 2.5.1 (including) |
| Cp_1604 | Siemens | - (including) | - (including) |
| Cp_1616 | Siemens | - (including) | - (including) |
References
- http://ics-cert.us-cert.gov/pdf/ICSA-13-084-01.pdf
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-628113.pdf
- http://ics-cert.us-cert.gov/pdf/ICSA-13-084-01.pdf
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-628113.pdf