CVE-2017-6865
Summary
| CVE | CVE-2017-6865 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-11 10:29:00 UTC |
| Updated | 2019-03-21 16:29:00 UTC |
| Description | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Siemens | Pcs 7 | - | All | All | All |
| Application | Siemens | Pcs 7 | - | All | All | All |
| Application | Siemens | Primary Setup Tool | - | All | All | All |
| Application | Siemens | Primary Setup Tool | - | All | All | All |
| Application | Siemens | Security Configuration Tool | - | All | All | All |
| Application | Siemens | Security Configuration Tool | - | All | All | All |
| Application | Siemens | Simatic Automation Tool | - | All | All | All |
| Application | Siemens | Simatic Automation Tool | - | All | All | All |
| Application | Siemens | Simatic Net Pc-software | - | All | All | All |
| Application | Siemens | Simatic Net Pc-software | - | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 13.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 14.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 5.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Micro/win Smart | - | All | All | All |
| Application | Siemens | Simatic Step 7 Micro/win Smart | - | All | All | All |
| Application | Siemens | Simatic Step 7 Micro/win Smart | - | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 13.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 14.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 5.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 13.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 14.0 | All | All | All |
| Application | Siemens | Simatic Step 7 Tia Portal | 5.0 | All | All | All |
| Application | Siemens | Simatic Winac Rtx 2010 | - | sp2 | All | All |
| Application | Siemens | Simatic Winac Rtx 2010 | - | sp2 | All | All |
| Application | Siemens | Simatic Winac Rtx F 2010 | - | sp2 | All | All |
| Application | Siemens | Simatic Winac Rtx F 2010 | - | sp2 | All | All |
| Application | Siemens | Simatic Wincc | - | All | All | All |
| Application | Siemens | Simatic Wincc | - | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 13.0 | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 14.0 | All | All | All |
| Application | Siemens | Simatic Wincc Flexible 2008 | - | All | All | All |
| Application | Siemens | Simatic Wincc Flexible 2008 | - | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 13.0 | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 14.0 | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 13.0 | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 14.0 | All | All | All |
| Application | Siemens | Sinaut St7cc | - | All | All | All |
| Application | Siemens | Sinaut St7cc | - | All | All | All |
| Application | Siemens | Sinema Server | - | All | All | All |
| Application | Siemens | Sinema Server | - | All | All | All |
| Application | Siemens | Sinumerik 808d Programming Tool | - | All | All | All |
| Application | Siemens | Sinumerik 808d Programming Tool | - | All | All | All |
| Application | Siemens | Smart Pc Access | 2.0 | All | All | All |
| Application | Siemens | Smart Pc Access | 2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf | CONFIRM | cert-portal.siemens.com | |
| Multiple Siemens Products CVE-2017-6865 Denial of Service Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.