CVE-2017-6865
Summary
| CVE | CVE-2017-6865 |
|---|---|
| State | PUBLISHED |
| Assigner | siemens |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-11 10:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover. |
Risk And Classification
Primary CVSS: v3.0 6.5 MEDIUM from [email protected]
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Problem Types: CWE-20 | Other
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 2.0 | [email protected] | Primary | 6.1 | AV:A/AC:L/Au:N/C:N/I:N/A:C |
CVSS v3.0 Breakdown
Attack Vector
AdjacentAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
CompleteAV:A/AC:L/Au:N/C:N/I:N/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Siemens | Pcs 7 | - | All | All | All |
| Application | Siemens | Primary Setup Tool | - | All | All | All |
| Application | Siemens | Security Configuration Tool | - | All | All | All |
| Application | Siemens | Simatic Automation Tool | - | All | All | All |
| Application | Siemens | Simatic Net Pc-software | - | All | All | All |
| Application | Siemens | Simatic Step 7 Micro/win Smart | - | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 13.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 14.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 5.0 | All | All | All |
| Application | Siemens | Simatic Winac Rtx 2010 | - | sp2 | All | All |
| Application | Siemens | Simatic Winac Rtx F 2010 | - | sp2 | All | All |
| Application | Siemens | Simatic Wincc | - | All | All | All |
| Application | Siemens | Simatic Wincc Flexible 2008 | - | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 13.0 | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 14.0 | All | All | All |
| Application | Siemens | Sinaut St7cc | - | All | All | All |
| Application | Siemens | Sinema Server | - | All | All | All |
| Application | Siemens | Sinumerik 808d Programming Tool | - | All | All | All |
| Application | Siemens | Smart Pc Access | 2.0 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Siemens AG | Primary Setup Tool PST | affected All versions < V4.2 HF1 | Not specified |
| CNA | Siemens AG | SIMATIC Automation Tool | affected All versions < V3.0 | Not specified |
| CNA | Siemens AG | SIMATIC NET PC-Software | affected All versions < V14 SP1 | Not specified |
| CNA | Siemens AG | SIMATIC PCS 7 V8.1 | affected All versions | Not specified |
| CNA | Siemens AG | SIMATIC PCS 7 V8.2 | affected All versions < V8.2 SP1 | Not specified |
| CNA | Siemens AG | SIMATIC STEP 7 TIA Portal V13 | affected All versions < V13 SP2 | Not specified |
| CNA | Siemens AG | SIMATIC STEP 7 TIA Portal V14 | affected All versions < V14 SP1 | Not specified |
| CNA | Siemens AG | SIMATIC STEP 7 V5.X | affected All versions < V5.6 | Not specified |
| CNA | Siemens AG | SIMATIC WinAC RTX 2010 SP2 | affected All versions | Not specified |
| CNA | Siemens AG | SIMATIC WinAC RTX F 2010 SP2 | affected All versions | Not specified |
| CNA | Siemens AG | SIMATIC WinCC TIA Portal V13 | affected All versions < V13 SP2 | Not specified |
| CNA | Siemens AG | SIMATIC WinCC TIA Portal V14 | affected All versions < V14 SP1 | Not specified |
| CNA | Siemens AG | SIMATIC WinCC V7.2 And Prior | affected All versions | Not specified |
| CNA | Siemens AG | SIMATIC WinCC V7.3 | affected All versions < V7.3 Update 15 | Not specified |
| CNA | Siemens AG | SIMATIC WinCC V7.4 | affected All versions < V7.4 SP1 Upd1 | Not specified |
| CNA | Siemens AG | SIMATIC WinCC Flexible 2008 | affected All versions < flexible 2008 SP5 | Not specified |
| CNA | Siemens AG | SINAUT ST7CC | affected All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15 | Not specified |
| CNA | Siemens AG | SINEMA Server | affected All versions < V14 | Not specified |
| CNA | Siemens AG | SINUMERIK 808D Programming Tool | affected All versions < V4.7 SP4 HF2 | Not specified |
| CNA | Siemens AG | SMART PC Access | affected All versions < V2.3 | Not specified |
| CNA | Siemens AG | STEP 7 - Micro/WIN SMART | affected All versions < V2.3 | Not specified |
| CNA | Siemens AG | Security Configuration Tool SCT | affected All versions < V5.0 | Not specified |
| CNA | Siemens AG | Security Configuration Tool SCT | affected All versions < V5.0 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | |
| Multiple Siemens Products CVE-2017-6865 Denial of Service Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.