CVE-2015-2177
published 2015-03-07CVE-2015-2177: Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2)…
PriorityP358high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
34.44%
98.2th percentile
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Siemens SIMATIC S7-300 Cpu input validation (ssa-987029 / EDB-44802)
vuldb·2026-06-03·CVSS 7.5
CVE-2015-2177 [HIGH] Siemens SIMATIC S7-300 Cpu input validation (ssa-987029 / EDB-44802)
A vulnerability marked as problematic has been reported in Siemens SIMATIC S7-300 Cpu. Impacted is an unknown function. This manipulation causes improper input validation.
This vulnerability is registered as CVE-2015-2177. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
GHSA
GHSA-wm75-j4x9-j8hf: Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 10
ghsa_unreviewed·2022-05-14
CVE-2015-2177 [HIGH] CWE-20 GHSA-wm75-j4x9-j8hf: Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 10
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
CISA ICS
Siemens SIMATIC S7-300 CPU Denial-of-Service Vulnerability
cisa_ics·2018-08-22
Siemens SIMATIC S7-300 CPU Denial-of-Service Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC S7-300 CPU Denial-of-Service Vulnerability
Last RevisedAugust 22, 2018
Alert CodeICSA-15-064-04
## OVERVIEW
Johannes Klick, Christian Pfahl, Martin Gebert, and Lucas Jacob from Freie Universität Berlin’s work team SCADACS have identified a Denial-of-Service (DoS) vulnerability in Siemens SIMATIC S7-300 CPUs. Siemens has developed mitigations for this vulnerability.
This vulnerability could be exploited remotely.
## AFFECTED PRODUCTS
The following SIMATIC S7-300 CPUs are affected:
- SIMATIC S7-300 CPU family: all versions.
## IMPACT
This vulnerability could
No detection rules found.
http://www.securityfocus.com/bid/72973http://www.securitytracker.com/id/1032040http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-987029.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-15-064-04https://www.exploit-db.com/exploits/44802/http://www.securityfocus.com/bid/72973http://www.securitytracker.com/id/1032040http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-987029.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-15-064-04https://www.exploit-db.com/exploits/44802/
2015-03-07
Published