CVE-2018-4850

Name: CVE-2018-4850
Creator: NVD / NIST
Published: 2018-05-16T17:29:00.387+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.54%

Last modified Jun 17, 2026

CVE-2018-4850 is a vulnerability of currently unknown severity. A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. EPSS estimates a 2.54% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.

Metrics

EPSS Probability

2.54%

83.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Siemens	Simatic S7-400 Firmware	<= 4.0
Siemens	Simatic S7-400 Firmware	< 5.2
Siemens	Simatic S7-400h Firmware	<= 4.5

References

http://www.securityfocus.com/bid/104217Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdfVendor Advisory
https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublicationsVendor Advisory
http://www.securityfocus.com/bid/104217Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdfVendor Advisory
https://www.siemens.com/global/en/home/products/services/cert.html#SecurityPublicationsVendor Advisory

Timeline

Published: May 16, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-4850?

How severe is CVE-2018-4850?

Severity scoring for CVE-2018-4850 is pending analysis. The EPSS model estimates a 2.54% probability of exploitation in the next 30 days.

How do I fix CVE-2018-4850?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-4850?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST