CVE-2017-2681
Summary
| CVE | CVE-2017-2681 |
|---|---|
| State | PUBLISHED |
| Assigner | siemens |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-11 10:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. |
Risk And Classification
Primary CVSS: v4.0 7.1 HIGH from [email protected]
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-400 | CWE-400 CWE-400: Uncontrolled Resource Consumption
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 7.1 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | DECLARED | 7.1 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| 3.1 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | [email protected] | Secondary | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 3.1 | CNA | DECLARED | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 2.0 | [email protected] | Primary | 6.1 | AV:A/AC:L/Au:N/C:N/I:N/A:C |
CVSS v4.0 Breakdown
Attack Vector
AdjacentAttack Complexity
LowAttack Requirements
NonePrivileges Required
NoneUser Interaction
NoneConfidentiality
NoneIntegrity
NoneAvailability
HighSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
AdjacentAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
CompleteAV:A/AC:L/Au:N/C:N/I:N/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Siemens | Simatic Cm 1542-1 | - | All | All | All |
| Operating System | Siemens | Simatic Cm 1542-1 Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Cp 1243-1 | - | All | All | All |
| Operating System | Siemens | Simatic Cp 1243-1 Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Cp 1542sp-1 | - | All | All | All |
| Hardware | Siemens | Simatic Cp 1542sp-1 Irc | - | All | All | All |
| Operating System | Siemens | Simatic Cp 1542sp-1 Irc Firmware | All | All | All | All |
| Operating System | Siemens | Simatic Cp 1543sp-1 Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Cp 343-1 Adv | - | All | All | All |
| Operating System | Siemens | Simatic Cp 343-1 Adv Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Cp 343-1 Lean | - | All | All | All |
| Operating System | Siemens | Simatic Cp 343-1 Lean Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Cp 343-1 Std | - | All | All | All |
| Operating System | Siemens | Simatic Cp 343-1 Std Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Cp 443-1 Adv | - | All | All | All |
| Operating System | Siemens | Simatic Cp 443-1 Adv Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Cp 443-1 Opc-ua | - | All | All | All |
| Operating System | Siemens | Simatic Cp 443-1 Opc-ua Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Cp 443-1 Std | - | All | All | All |
| Operating System | Siemens | Simatic Cp 443-1 Std Firmware | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Siemens | Development/Evaluation Kits For PROFINET IO DK Standard Ethernet Controller | affected All versions < V4.1.1 Patch04 | Not specified |
| CNA | Siemens | Development/Evaluation Kits For PROFINET IO EK-ERTEC 200 | affected All versions < V4.2.1 Patch03 | Not specified |
| CNA | Siemens | Development/Evaluation Kits For PROFINET IO EK-ERTEC 200P | affected All versions < V4.4.0 Patch01 | Not specified |
| CNA | Siemens | IE/AS-i Link PN IO | affected All versions | Not specified |
| CNA | Siemens | IE/PB-Link Incl. SIPLUS NET Variants | affected All versions < V3.0 | Not specified |
| CNA | Siemens | SCALANCE M-800 Family Incl. S615 MUM-800 And RM1224 | affected All versions < V4.03 | Not specified |
| CNA | Siemens | SCALANCE W-700 IEEE 802.11n Family | affected All versions < V6.1 | Not specified |
| CNA | Siemens | SCALANCE X-200 Family Incl. SIPLUS NET Variants | affected All versions < V5.2.2 | Not specified |
| CNA | Siemens | SCALANCE X-200IRT Family Incl. SIPLUS NET Variants | affected All versions < V5.4.0 | Not specified |
| CNA | Siemens | SCALANCE X-300 Family Incl. X408 And SIPLUS NET Variants | affected All versions < V4.1.0 | Not specified |
| CNA | Siemens | SCALANCE X408 Family | affected All versions < V4.1.0 | Not specified |
| CNA | Siemens | SCALANCE X414 | affected All versions < V3.10.2 | Not specified |
| CNA | Siemens | SCALANCE XM-400 Family | affected All versions < V6.1 | Not specified |
| CNA | Siemens | SCALANCE XR-500 Family | affected All versions < V6.1 | Not specified |
| CNA | Siemens | SIMATIC CM 1542-1 | affected All versions < V2.0 | Not specified |
| CNA | Siemens | SIMATIC CM 1542SP-1 | affected All versions < V1.0.15 | Not specified |
| CNA | Siemens | SIMATIC CP 1243-1 Incl. SIPLUS Variants | affected All versions < V2.1.82 | Not specified |
| CNA | Siemens | SIMATIC CP 1243-1 DNP3 Incl. SIPLUS Variants | affected * custom | Not specified |
| CNA | Siemens | SIMATIC CP 1243-1 IEC Incl. SIPLUS Variants | affected All versions | Not specified |
| CNA | Siemens | SIMATIC CP 1243-8 IRC | affected All versions < V2.1.82 | Not specified |
| CNA | Siemens | SIMATIC CP 1542SP-1 IRC Incl. SIPLUS Variants | affected All versions < V1.0.15 | Not specified |
| CNA | Siemens | SIMATIC CP 1543-1 Incl. SIPLUS Variants | affected All versions < V2.1 | Not specified |
| CNA | Siemens | SIMATIC CP 1543SP-1 Incl. SIPLUS Variants | affected All versions < V1.0.15 | Not specified |
| CNA | Siemens | SIMATIC CP 1604 | affected All versions < V2.7 | Not specified |
| CNA | Siemens | SIMATIC CP 1616 | affected All versions < V2.7 | Not specified |
| CNA | Siemens | SIMATIC CP 343-1 Incl. SIPLUS Variants | affected All versions < V3.1.3 | Not specified |
| CNA | Siemens | SIMATIC CP 343-1 Advanced Incl. SIPLUS Variants | affected All versions | Not specified |
| CNA | Siemens | SIMATIC CP 343-1 Lean Incl. SIPLUS Variants | affected All versions < V3.1.3 | Not specified |
| CNA | Siemens | SIMATIC CP 443-1 Incl. SIPLUS Variants | affected All versions < V3.2.17 | Not specified |
| CNA | Siemens | SIMATIC CP 443-1 Advanced Incl. SIPLUS Variants | affected All versions < V3.2.17 | Not specified |
| CNA | Siemens | SIMATIC CP 443-1 OPC UA | affected All versions | Not specified |
| CNA | Siemens | SIMATIC DK-16xx PN IO | affected All versions < V2.7 | Not specified |
| CNA | Siemens | SIMATIC ET 200AL IM 157-1 PN | affected V1.0.2 custom | Not specified |
| CNA | Siemens | SIMATIC ET 200M Incl. SIPLUS Variants | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET 200MP IM 155-5 PN BA | affected V4.0.1 custom | Not specified |
| CNA | Siemens | SIMATIC ET 200MP IM 155-5 PN HF | affected V4.2.0 custom | Not specified |
| CNA | Siemens | SIMATIC ET 200MP IM 155-5 PN ST | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIMATIC ET 200pro IM 154-3 PN HF | affected * custom | Not specified |
| CNA | Siemens | SIMATIC ET 200pro IM 154-4 PN HF | affected * custom | Not specified |
| CNA | Siemens | SIMATIC ET 200SP IM 155-6 PN BA | affected * custom | Not specified |
| CNA | Siemens | SIMATIC ET 200SP IM 155-6 PN HF | affected V4.2.0 custom | Not specified |
| CNA | Siemens | SIMATIC ET 200SP IM 155-6 PN HS | affected V4.0.1 custom | Not specified |
| CNA | Siemens | SIMATIC ET 200SP IM 155-6 PN ST | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIMATIC ET 200SP IM 155-6 PN ST BA | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 16DI DC24V 8xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 16DO DC24V/13A 8xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 4AO U/I 4xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8 DIO DC24V/13A 8xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8 DO DC24V/2A 8xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8AI RTD/TC 8xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8AI 4 U/I 4 RTD/TC 8xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8DI DC24V 4xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8DI DC24V 8xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8DO DC24V/05A 4xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8DO DC24V/13A 4xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN 8DO DC24V/13A 8xM12 | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200ecoPN IO-Link Master | affected All versions | Not specified |
| CNA | Siemens | SIMATIC ET200S Incl. SIPLUS Variants | affected All versions | Not specified |
| CNA | Siemens | SIMATIC HMI Comfort Panels HMI Multi Panels HMI Mobile Panels Incl. SIPLUS Variants | affected All versions < V15.1 | Not specified |
| CNA | Siemens | SIMATIC MV420 SR-B | affected V7.0.6 custom | Not specified |
| CNA | Siemens | SIMATIC MV420 SR-B Body | affected V7.0.6 custom | Not specified |
| CNA | Siemens | SIMATIC MV420 SR-P | affected V7.0.6 custom | Not specified |
| CNA | Siemens | SIMATIC MV420 SR-P Body | affected V7.0.6 custom | Not specified |
| CNA | Siemens | SIMATIC MV440 HR | affected V7.0.6 custom | Not specified |
| CNA | Siemens | SIMATIC MV440 SR | affected V7.0.6 custom | Not specified |
| CNA | Siemens | SIMATIC MV440 UR | affected V7.0.6 custom | Not specified |
| CNA | Siemens | SIMATIC PN/PN Coupler Incl. SIPLUS NET Variants | affected All versions < V4.0 | Not specified |
| CNA | Siemens | SIMATIC RF650R | affected All versions < V3.0 | Not specified |
| CNA | Siemens | SIMATIC RF680R | affected All versions < V3.0 | Not specified |
| CNA | Siemens | SIMATIC RF685R | affected All versions < V3.0 | Not specified |
| CNA | Siemens | SIMATIC S7-1200 CPU Family Incl. SIPLUS Variants | affected All versions < V4.2.1 | Not specified |
| CNA | Siemens | SIMATIC S7-1500 CPU Family Incl. Related ET200 CPUs And SIPLUS Variants | affected All versions < V2.1 | Not specified |
| CNA | Siemens | SIMATIC S7-1500 Software Controller | affected All versions < V2.1 | Not specified |
| CNA | Siemens | SIMATIC S7-200 SMART | affected All versions < V2.3 | Not specified |
| CNA | Siemens | SIMATIC S7-300 CPU Family Incl. Related ET200 CPUs And SIPLUS Variants | affected V3.X.14 custom | Not specified |
| CNA | Siemens | SIMATIC S7-400 H V6 CPU Family Incl. SIPLUS Variants | affected V6.0.7 custom | Not specified |
| CNA | Siemens | SIMATIC S7-400 PN/DP V6 CPU Family Incl. SIPLUS Variants | affected V6.0.6 custom | Not specified |
| CNA | Siemens | SIMATIC S7-400 PN/DP V7 CPU Family Incl. SIPLUS Variants | affected V7.0.2 custom | Not specified |
| CNA | Siemens | SIMATIC S7-410 CPU Family Incl. SIPLUS Variants | affected All versions < V8.2 | Not specified |
| CNA | Siemens | SIMATIC TDC CP51M1 | affected V1.1.8 custom | Not specified |
| CNA | Siemens | SIMATIC TDC CPU555 | affected V1.1.1 custom | Not specified |
| CNA | Siemens | SIMATIC Teleservice Adapter IE Advanced | affected All versions | Not specified |
| CNA | Siemens | SIMATIC Teleservice Adapter IE Basic | affected All versions | Not specified |
| CNA | Siemens | SIMATIC Teleservice Adapter IE Standard | affected All versions | Not specified |
| CNA | Siemens | SIMATIC WinAC RTX 2010 | affected All versions < V2010 SP3 | Not specified |
| CNA | Siemens | SIMATIC WinAC RTX F 2010 | affected All versions < V2010 SP3 | Not specified |
| CNA | Siemens | SIMOCODE Pro V PROFINET Incl. SIPLUS Variants | affected All versions < V2.0.0 | Not specified |
| CNA | Siemens | SIMOTION | affected All versions < V4.5 HF1 | Not specified |
| CNA | Siemens | SINAMICS DCM W. PN | affected All versions < V1.4 SP1 HF5 | Not specified |
| CNA | Siemens | SINAMICS DCP W. PN | affected All versions < V1.2 HF1 | Not specified |
| CNA | Siemens | SINAMICS G110M W. PN | affected All versions < V4.7 SP6 HF3 | Not specified |
| CNA | Siemens | SINAMICS G120C/P/D W. PN Incl. SIPLUS Variants | affected All versions < V4.7 SP6 HF3 | Not specified |
| CNA | Siemens | SINAMICS G130 V4.7 W. PN | affected All versions < V4.7 HF27 | Not specified |
| CNA | Siemens | SINAMICS G130 V4.8 W. PN | affected All versions < V4.8 HF4 | Not specified |
| CNA | Siemens | SINAMICS G150 V4.7 W. PN | affected V4.7: All versions < V4.7 HF27 | Not specified |
| CNA | Siemens | SINAMICS G150 V4.8 W. PN | affected All versions < V4.8 HF4 | Not specified |
| CNA | Siemens | SINAMICS S110 W. PN | affected All versions < V4.4 SP3 HF5 | Not specified |
| CNA | Siemens | SINAMICS S120 Prior To V4.7 W. PN Incl. SIPLUS Variants | affected All versions < V4.7 | Not specified |
| CNA | Siemens | SINAMICS S120 V4.7 SP1 W. PN Incl. SIPLUS Variants | affected All versions | Not specified |
| CNA | Siemens | SINAMICS S120 V4.7 W. PN Incl. SIPLUS Variants | affected All versions < V4.7 HF27 | Not specified |
| CNA | Siemens | SINAMICS S120 V4.8 W. PN Incl. SIPLUS Variants | affected All versions < V4.8 HF4 | Not specified |
| CNA | Siemens | SINAMICS S150 V4.7 W. PN | affected All versions < V4.7 HF27 | Not specified |
| CNA | Siemens | SINAMICS S150 V4.8 W. PN | affected All versions < V4.8 HF4 | Not specified |
| CNA | Siemens | SINAMICS V90 W. PN | affected All versions < V1.01 | Not specified |
| CNA | Siemens | SINUMERIK 828D V4.5 And Prior | affected All versions < V4.5 SP6 HF2 | Not specified |
| CNA | Siemens | SINUMERIK 828D V4.7 | affected All versions < V4.7 SP4 HF1 | Not specified |
| CNA | Siemens | SINUMERIK 840D Sl V4.5 And Prior | affected All versions < V4.5 SP6 HF2 | Not specified |
| CNA | Siemens | SINUMERIK 840D Sl V4.7 | affected All versions < V4.7 SP4 HF1 | Not specified |
| CNA | Siemens | SIPLUS ET 200MP IM 155-5 PN HF | affected V4.2.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200MP IM 155-5 PN HF | affected V4.2.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL | affected V4.2.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200MP IM 155-5 PN ST | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200MP IM 155-5 PN ST TX RAIL | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200SP IM 155-6 PN HF | affected V4.2.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200SP IM 155-6 PN HF | affected V4.2.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL | affected V4.2.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200SP IM 155-6 PN ST | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200SP IM 155-6 PN ST BA | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIPLUS ET 200SP IM 155-6 PN ST TX RAIL | affected V4.1.0 custom | Not specified |
| CNA | Siemens | SIRIUS ACT 3SU1 Interface Module PROFINET | affected All versions < V1.1.0 | Not specified |
| CNA | Siemens | SIRIUS Motor Starter M200D PROFINET | affected All versions | Not specified |
| CNA | Siemens | SIRIUS Soft Starter 3RW44 PN | affected All versions | Not specified |
| CNA | Siemens | SITOP PSU8600 PROFINET | affected All versions < V1.2.0 | Not specified |
| CNA | Siemens | SITOP UPS1600 PROFINET Incl. SIPLUS Variants | affected All versions < V2.2.0 | Not specified |
| CNA | Siemens | Softnet PROFINET IO For PC-based Windows Systems | affected All versions < V14 SP1 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.securityfocus.com/bid/98369 | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Siemens | af854a3a-2127-422b-91ae-364da2661108 | www.siemens.com | Broken Link |
| Siemens SIMATIC Controller PROFINET DCP Packet Processing Bugs Let Remote Users Deny Service - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| cert-portal.siemens.com/productcert/html/ssa-293562.html | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.