CVE-2017-2681

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.1HIGH

EPSS

0.4%

top 36.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

174

Siemens Simatic CP 1243-1 Dnp3 (incl. Siplus Variants)Siemens Simatic ET 200al IM 157-1 PN Siemens Simatic ET 200mp IM 155-5 PN BA +171 more

Timeline

PublishedMay 11

Latest updateMay 13

Description

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages175 packages

▶CVEListV5siemens/softnet_profinet_io_for_pc-based_windows_systemsAll versions < V14 SP1

▶CVEListV5siemens/development/evaluation_kits_for_profinet_io:_dk_standard_ethernet_controllerAll versions < V4.1.1 Patch04

▶NVDsiemens/ups1600_profinet_firmware< 2.2.0

▶NVDsiemens/softnet_profinet_io_firmware< 14+1

▶NVDsiemens/simocode_pro_v_profinet_firmware< 2.0.0

🔴Vulnerability Details

GHSA

GHSA-j585-83xv-q5c7: Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of↗2022-05-13

▶

CVEList

CVE-2017-2681: Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of↗2017-05-11

▶