CVE-2017-2680

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.1HIGH

EPSS

2.3%

top 15.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

203

Siemens Simatic CP 1243-1 Dnp3 (incl. Siplus Variants)Siemens Simatic ET 200al IM 157-1 PN Siemens Simatic ET 200mp IM 155-5 PN BA +200 more

Timeline

PublishedMay 11

Latest updateMay 13

Description

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages203 packages

▶CVEListV5siemens/softnet_profinet_io_for_pc-based_windows_systemsAll versions < V14 SP1

▶CVEListV5siemens/development/evaluation_kits_for_profinet_io:_dk_standard_ethernet_controllerAll versions < V4.1.1 Patch04

▶NVDsiemens/ups1600_profinet_firmware< 2.2.0

▶NVDsiemens/softnet_profinet_io_firmware< 14+1

▶NVDsiemens/simocode_pro_v_profinet_firmware< 2.0.0

🔴Vulnerability Details

GHSA

GHSA-4vvg-656r-c25j: Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2)↗2022-05-13

▶

CVEList

CVE-2017-2680: Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2)↗2017-05-11

▶