CVE-2016-9158: A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family...
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.
Security readout for executives and security teams
This flaw can let a network attacker knock affected Siemens SIMATIC S7-300 and S7-400 CPUs into defect mode by sending crafted traffic to TCP port 80. Recovery requires a cold restart, so the main business risk is operational downtime in industrial environments. Exposure is most likely where affected Siemens CPUs are deployed and TCP port 80 is reachable from plant, engineering, vendor-access, or other routable network paths. The bundle lists all versions of several S7-300 and S7-400 CPU families as affected. Treat this as a high-priority availability risk for facilities using affected Siemens PLCs. It does not indicate data theft, but it can interrupt industrial operations and may require hands-on recovery planning. Mitigation focus: Review Siemens SSA-731239 and CISA ICSA-16-348-05 for official guidance.; Inventory affected S7-300 and S7-400 CPUs and SIPLUS variants.; Restrict TCP port 80 access to trusted management and engineering hosts..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-20: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-20 · source CWE mapping
Improper Input Validation
Improper Input Validation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.