CVE-2017-12741

7.5HIGH

Key Information:

Vendor
Siemens
Status
Development/evaluation Kits For Profinet Io: Dk Standard Ethernet Controller
Development/evaluation Kits For Profinet Io: Ek-ertec 200
Development/evaluation Kits For Profinet Io: Ek-ertec 200p
Simatic Compact Field Unit
Vendor
CVE Published:
26 December 2017

Summary

Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

Affected Version(s)

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller All versions < V4.1.1 Patch 05

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 All versions < V4.5

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P All versions < V4.5

References

https://www.securityfocus.com/bid/101964
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-54683...
x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-34626...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.