High severity7.5NVD Advisory· Published Dec 17, 2016· Updated May 6, 2026

CVE-2016-9158

Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.

Affected products

Siemens Foundation/Simatic S7 300 Cpu Firmware
cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:-:*:*:*:*:*:*:*
Siemens Foundation/Simatic S7 400 Cpu Firmware
cpe:2.3:o:siemens:simatic_s7-400_cpu_firmware:-:*:*:*:*:*:*:*
Siemens AG/SIMATIC S7-300 CPU familyv5
Range: All versions
Siemens AG/SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)v5
Range: All versions
Siemens AG/SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)v5
Range: All versions
Siemens AG/SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)v5
Range: All versions
Siemens AG/SIMATIC S7-400 V6 and earlier CPU familyv5
Range: All versions
Siemens AG/SIMATIC S7-400 V7 CPU familyv5
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000