CVE-2013-0659

critical

Published 2013-04-01 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-628113.pdf

Application impact

Vendor	Product	Versions	Fixed
siemens	cp_1604_firmware	`{"endIncluding":"2.5.1"}`
siemens	cp_1616_firmware	`{"endIncluding":"2.5.1"}`

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-084-01.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-628113.pdf
http://ics-cert.us-cert.gov/pdf/ICSA-13-084-01.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-628113.pdf

Verify integrity in audit chain (admin only). AS-IS.