Denial-of-Service Vulnerability in SIMATIC Products from Siemens
CVE-2017-6865

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Primary Setup Tool (pst); Simatic Automation Tool; Simatic Net Pc-software; Simatic Pcs 7 V8.1
Vendor: CVE Published:; 11 May 2017

Summary

A vulnerability has been discovered in various Siemens SIMATIC products that could allow specially crafted PROFINET DCP broadcast packets to be sent on a local Ethernet segment. This could lead to a Denial-of-Service condition for affected services, requiring manual intervention to restart and recover those services. This vulnerability affects multiple product versions and poses a risk to the operational integrity of systems utilizing these tools.

Affected Version(s)

Primary Setup Tool (PST) All versions < V4.2 HF1

Security Configuration Tool (SCT) All versions < V5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-27583...

x_refsource_CONFIRM

https://www.securityfocus.com/bid/98366

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2017
Vulnerability Reserved
Mar 13, 2017