Denial of Service Vulnerability in Siemens Devices
CVE-2017-12741

7.5HIGH

Key Information:

Vendor

Siemens
Status
Development/evaluation Kits For Profinet Io: Dk Standard Ethernet Controller
Development/evaluation Kits For Profinet Io: Ek-ertec 200
Development/evaluation Kits For Profinet Io: Ek-ertec 200p
Simatic Compact Field Unit
Vendor
CVE Published:
26 December 2017

What is CVE-2017-12741?

A vulnerability exists in Siemens devices that may allow attackers to send specially crafted packets to port 161/udp, which can trigger a denial of service condition. Following the exploitation of this vulnerability, affected devices require a manual restart to recover functionality, potentially disrupting operations and impacting service availability.

Affected Version(s)

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller All versions < V4.1.1 Patch 05

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 All versions < V4.5

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P All versions < V4.5

References

https://www.securityfocus.com/bid/101964
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-54683...
x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-34626...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.