Vulnerability-Lookup

BDU:2019-00766

Vulnerability from fstec - Published: 08.05.2017

Title

Уязвимость сетевого программного обеспечения Siemens, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость сетевого программного обеспечения Siemens связана с недостаточной проверкой вводимых данных в сегменте Ethernet. Эксплуататция уязвимости может позволить нарушителю вызвать отказ в обслуживании некоторых служб, путем отправки специально подготовленных широковещательных пакетов PROFINET DCP

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Siemens AG, OnePlus, Dell Technologies

Software Name

SIMATIC WinCC, Primary Setup Tool, Simatic Automation Tool, Simatic NET PC-Software, SIMATIC PCS 7, SIMATIC STEP 7 (TIA Portal), SIMATIC STEP 7, SIMATIC WinAC RTX 2010 SP2, SIMATIC WinAC RTX F 2010 SP2, SIMATIC WinCC (TIA Portal), SINAUT ST7CC, SINEMA Server, SINUMERIK 808D Programming Tool, SMART PC Access, STEP 7 - Micro/WIN SMART, Security Configuration Tool

Software Version

до 7.2 включительно (SIMATIC WinCC), до 4.2 HF1 (Primary Setup Tool), до 3.0 (Simatic Automation Tool), до 14 SP1 (Simatic NET PC-Software), до 8.1 (SIMATIC PCS 7), от 8.2 до 8.2 SP1 (SIMATIC PCS 7), от 13 до 13 SP2 (SIMATIC STEP 7 (TIA Portal)), от 14 до 14 SP1 (SIMATIC STEP 7 (TIA Portal)), от 5.X до 5.6 (SIMATIC STEP 7), - (SIMATIC WinAC RTX 2010 SP2), - (SIMATIC WinAC RTX F 2010 SP2), от 13 до 13 SP2 (SIMATIC WinCC (TIA Portal)), от 14 до 14 SP1 (SIMATIC WinCC (TIA Portal)), от 7.4 до 7.4 SP1 Upd1 (SIMATIC WinCC), от flexible до flexible 2008 SP5 (SIMATIC WinCC), до 7.3 Update 15 (SINAUT ST7CC), до 14 (SINEMA Server), до 4.7 SP4 HF2 (SINUMERIK 808D Programming Tool), до 2.3 (SMART PC Access), до 2.3 (STEP 7 - Micro/WIN SMART), до 5.0 (Security Configuration Tool)

Possible Mitigations

Обновление программного обеспечения: Для Primary Setup Tool до V4.2 HF1: https://support.industry.siemens.com/cs/ww/en/view/19440762 Для SIMATIC Automation Tool до V3.0: https://support.industry.siemens.com/cs/ww/en/view/98161300 Для SIMATIC NET PC-Software до V14 SP1: https://support.industry.siemens.com/cs/ww/en/view/109747482 Для SIMATIC PCS 7 V8.1 или версии ранее обновить до V9.0: https://www.siemens.de/automation/partner Для обновления SIMATIC PCS 7 V8.2 до V8.2 SP1 свяжитесь со службой поддержки Для SIMATIC STEP 7 (TIA Portal) V13 до V13 SP 2: https://support.industry.siemens.com/cs/ww/en/view/109745155 SIMATIC STEP 7 (TIA Portal) V14 до V14 SP 1: https://support.industry.siemens.com/cs/ww/en/view/109745984 Для SIMATIC STEP 7 V5.X до V5.6: https://support.industry.siemens.com/cs/ww/en/view/109747706 Для SIMATIC WinCC (TIA Portal) V13 до V13 SP2: https://support.industry.siemens.com/cs/ww/en/view/109746073 Для SIMATIC WinCC (TIA Portal) V14 до V14 SP 1: https://support.industry.siemens.com/cs/ww/en/view/109745460 Для SIMATIC WinCC V7.3 до V7.3 Update 15: https://support.industry.siemens.com/cs/ww/en/view/109750182 Для SIMATIC WinCC V7.4 до V7.4 SP1 Upd1: https://support.industry.siemens.com/cs/ww/en/view/109748024 Для SIMATIC WinCC flexible 2008 до WinCC flexible 2008 SP5: https://support.industry.siemens.com/cs/ww/en/view/109749111 Для SINAUT ST7CC до V7.3 Update 15 или новее: https://support.industry.siemens.com/cs/ww/en/view/109750182 Для SINEMA Server до V14: https://support.industry.siemens.com/cs/ww/en/view/109748854 Для SINUMERIK 808D Programming Tool до V4.7 SP4 HF2 необходимо связаться со службой технической поддержки Для SMART PC Access и STEP 7 - Micro/WIN SMART до V2.3: https://w3.siemens.com/aspa_app/ Для Security Configuration Tool до V5.0: https://support.industry.siemens.com/cs/de/en/view/109747539 Для SIMATIC WinAC RTX (F) 2010 SP2 до SIMATIC WinAC RTX 2010 SP3: https://support.industry.siemens.com/cs/ww/en/view/109765109 Компенсирующие меры: Применение концепции защиты ячеек Использование VPN для защиты сетевого взаимодействия между ячейками

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf https://nvd.nist.gov/vuln/detail/CVE-2017-6865 https://nvd.nist.gov/vuln/detail/CVE-2017-6865

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG, OnePlus, Dell Technologies",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 7.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SIMATIC WinCC), \u0434\u043e 4.2 HF1 (Primary Setup Tool), \u0434\u043e 3.0 (Simatic Automation Tool), \u0434\u043e 14 SP1 (Simatic NET PC-Software), \u0434\u043e 8.1 (SIMATIC PCS 7), \u043e\u0442 8.2 \u0434\u043e 8.2 SP1 (SIMATIC PCS 7), \u043e\u0442 13 \u0434\u043e 13 SP2 (SIMATIC STEP 7 (TIA Portal)), \u043e\u0442 14 \u0434\u043e 14 SP1 (SIMATIC STEP 7 (TIA Portal)), \u043e\u0442 5.X \u0434\u043e 5.6 (SIMATIC STEP 7), - (SIMATIC WinAC RTX 2010 SP2), - (SIMATIC WinAC RTX F 2010 SP2), \u043e\u0442 13 \u0434\u043e 13 SP2 (SIMATIC WinCC (TIA Portal)), \u043e\u0442 14 \u0434\u043e 14 SP1 (SIMATIC WinCC (TIA Portal)), \u043e\u0442 7.4 \u0434\u043e 7.4 SP1 Upd1 (SIMATIC WinCC), \u043e\u0442 flexible \u0434\u043e flexible 2008 SP5 (SIMATIC WinCC), \u0434\u043e 7.3 Update 15 (SINAUT ST7CC), \u0434\u043e 14 (SINEMA Server), \u0434\u043e 4.7 SP4 HF2 (SINUMERIK 808D Programming Tool), \u0434\u043e 2.3 (SMART PC Access), \u0434\u043e 2.3 (STEP 7 - Micro/WIN SMART), \u0434\u043e 5.0 (Security Configuration Tool)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\n\u0414\u043b\u044f Primary Setup Tool \u0434\u043e V4.2 HF1:\nhttps://support.industry.siemens.com/cs/ww/en/view/19440762\n\n\u0414\u043b\u044f SIMATIC Automation Tool \u0434\u043e V3.0:\nhttps://support.industry.siemens.com/cs/ww/en/view/98161300\n\n\u0414\u043b\u044f SIMATIC NET PC-Software \u0434\u043e V14 SP1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109747482\n\n\u0414\u043b\u044f SIMATIC PCS 7 V8.1 \u0438\u043b\u0438 \u0432\u0435\u0440\u0441\u0438\u0438 \u0440\u0430\u043d\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e V9.0:\nhttps://www.siemens.de/automation/partner\n\n\u0414\u043b\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f SIMATIC PCS 7 V8.2 \u0434\u043e V8.2 SP1 \u0441\u0432\u044f\u0436\u0438\u0442\u0435\u0441\u044c \u0441\u043e \u0441\u043b\u0443\u0436\u0431\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438\n\n\u0414\u043b\u044f SIMATIC STEP 7 (TIA Portal) V13 \u0434\u043e V13 SP 2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109745155\n\nSIMATIC STEP 7 (TIA Portal) V14 \u0434\u043e V14 SP 1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109745984\n\n\u0414\u043b\u044f SIMATIC STEP 7 V5.X \u0434\u043e V5.6:\nhttps://support.industry.siemens.com/cs/ww/en/view/109747706\n\n\u0414\u043b\u044f SIMATIC WinCC (TIA Portal) V13 \u0434\u043e V13 SP2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109746073\n\n\u0414\u043b\u044f SIMATIC WinCC (TIA Portal) V14 \u0434\u043e V14 SP 1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109745460\n\n\u0414\u043b\u044f SIMATIC WinCC V7.3 \u0434\u043e V7.3 Update 15:\nhttps://support.industry.siemens.com/cs/ww/en/view/109750182\n\n\u0414\u043b\u044f SIMATIC WinCC V7.4 \u0434\u043e V7.4 SP1 Upd1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109748024\n\n\u0414\u043b\u044f SIMATIC WinCC flexible 2008 \u0434\u043e WinCC flexible 2008 SP5:\nhttps://support.industry.siemens.com/cs/ww/en/view/109749111\n\n\u0414\u043b\u044f SINAUT ST7CC \u0434\u043e V7.3 Update 15 \u0438\u043b\u0438 \u043d\u043e\u0432\u0435\u0435:\nhttps://support.industry.siemens.com/cs/ww/en/view/109750182\n\n\u0414\u043b\u044f SINEMA Server \u0434\u043e V14:\nhttps://support.industry.siemens.com/cs/ww/en/view/109748854\n\n\u0414\u043b\u044f SINUMERIK 808D Programming Tool \u0434\u043e V4.7 SP4 HF2 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0432\u044f\u0437\u0430\u0442\u044c\u0441\u044f \u0441\u043e \u0441\u043b\u0443\u0436\u0431\u043e\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438\n\n\u0414\u043b\u044f SMART PC Access \u0438 STEP 7 - Micro/WIN SMART \u0434\u043e V2.3:\nhttps://w3.siemens.com/aspa_app/\n\n\u0414\u043b\u044f Security Configuration Tool \u0434\u043e V5.0:\nhttps://support.industry.siemens.com/cs/de/en/view/109747539\n\n\u0414\u043b\u044f SIMATIC WinAC RTX (F) 2010 SP2 \u0434\u043e SIMATIC WinAC RTX 2010 SP3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109765109\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u044f\u0447\u0435\u0435\u043a\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 VPN \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043c\u0435\u0436\u0434\u0443 \u044f\u0447\u0435\u0439\u043a\u0430\u043c\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.05.2017",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.02.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00766",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-6865",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIMATIC WinCC, Primary Setup Tool, Simatic Automation Tool, Simatic NET PC-Software, SIMATIC PCS 7, SIMATIC STEP 7 (TIA Portal), SIMATIC STEP 7, SIMATIC WinAC RTX 2010 SP2, SIMATIC WinAC RTX F 2010 SP2, SIMATIC WinCC (TIA Portal), SINAUT ST7CC, SINEMA Server, SINUMERIK 808D Programming Tool, SMART PC Access, STEP 7 - Micro/WIN SMART, Security Configuration Tool",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Siemens, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Siemens \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0435 Ethernet. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0442\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0436\u0431, \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0448\u0438\u0440\u043e\u043a\u043e\u0432\u0435\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 PROFINET DCP",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6865\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6865",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CVE-2017-6865 (GCVE-0-2017-6865)

Vulnerability from cvelistv5 – Published: 2017-05-11 10:00 – Updated: 2024-08-05 15:41

Summary

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

Severity ?

No CVSS data available.

CWE

Other

Assigner

siemens

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://www.securityfocus.com/bid/98366	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

Siemens AG

Primary Setup Tool (PST)

Affected: All versions < V4.2 HF1

Siemens AG	SIMATIC Automation Tool	Affected: All versions < V3.0
Siemens AG	SIMATIC NET PC-Software	Affected: All versions < V14 SP1
Siemens AG	SIMATIC PCS 7 V8.1	Affected: All versions
Siemens AG	SIMATIC PCS 7 V8.2	Affected: All versions < V8.2 SP1
Siemens AG	SIMATIC STEP 7 (TIA Portal) V13	Affected: All versions < V13 SP2
Siemens AG	SIMATIC STEP 7 (TIA Portal) V14	Affected: All versions < V14 SP1
Siemens AG	SIMATIC STEP 7 V5.X	Affected: All versions < V5.6
Siemens AG	SIMATIC WinAC RTX 2010 SP2	Affected: All versions
Siemens AG	SIMATIC WinAC RTX F 2010 SP2	Affected: All versions
Siemens AG	SIMATIC WinCC (TIA Portal) V13	Affected: All versions < V13 SP2
Siemens AG	SIMATIC WinCC (TIA Portal) V14	Affected: All versions < V14 SP1
Siemens AG	SIMATIC WinCC V7.2 and prior	Affected: All versions
Siemens AG	SIMATIC WinCC V7.3	Affected: All versions < V7.3 Update 15
Siemens AG	SIMATIC WinCC V7.4	Affected: All versions < V7.4 SP1 Upd1
Siemens AG	SIMATIC WinCC flexible 2008	Affected: All versions < flexible 2008 SP5
Siemens AG	SINAUT ST7CC	Affected: All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15
Siemens AG	SINEMA Server	Affected: All versions < V14
Siemens AG	SINUMERIK 808D Programming Tool	Affected: All versions < V4.7 SP4 HF2
Siemens AG	SMART PC Access	Affected: All versions < V2.3
Siemens AG	STEP 7 - Micro/WIN SMART	Affected: All versions < V2.3
Siemens AG	Security Configuration Tool (SCT)	Affected: All versions < V5.0
Siemens AG	Security Configuration Tool (SCT)	Affected: All versions < V5.0

Date Public ?

2017-05-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.697Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf"
          },
          {
            "name": "98366",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/98366"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Primary Setup Tool (PST)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.2 HF1"
            }
          ]
        },
        {
          "product": "SIMATIC Automation Tool",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0"
            }
          ]
        },
        {
          "product": "SIMATIC NET PC-Software",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V14 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC PCS 7 V8.1",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC PCS 7 V8.2",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V8.2 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V13",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13 SP2"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 (TIA Portal) V14",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V14 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC STEP 7 V5.X",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.6"
            }
          ]
        },
        {
          "product": "SIMATIC WinAC RTX 2010 SP2",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinAC RTX F 2010 SP2",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC (TIA Portal) V13",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13 SP2"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC (TIA Portal) V14",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V14 SP1"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC V7.2 and prior",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC V7.3",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.3 Update 15"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC V7.4",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V7.4 SP1 Upd1"
            }
          ]
        },
        {
          "product": "SIMATIC WinCC flexible 2008",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c flexible 2008 SP5"
            }
          ]
        },
        {
          "product": "SINAUT ST7CC",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15"
            }
          ]
        },
        {
          "product": "SINEMA Server",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V14"
            }
          ]
        },
        {
          "product": "SINUMERIK 808D Programming Tool",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP4 HF2"
            }
          ]
        },
        {
          "product": "SMART PC Access",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.3"
            }
          ]
        },
        {
          "product": "STEP 7 - Micro/WIN SMART",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.3"
            }
          ]
        },
        {
          "product": "Security Configuration Tool (SCT)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.0"
            }
          ]
        },
        {
          "product": "Security Configuration Tool (SCT)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC Automation Tool (All versions \u003c V3.0), SIMATIC NET PC-Software (All versions \u003c V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC STEP 7 V5.X (All versions \u003c V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Update 15), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions \u003c flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15), SINEMA Server (All versions \u003c V14), SINUMERIK 808D Programming Tool (All versions \u003c V4.7 SP4 HF2), SMART PC Access (All versions \u003c V2.3), STEP 7 - Micro/WIN SMART (All versions \u003c V2.3), Security Configuration Tool (SCT) (All versions \u003c V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-21T15:44:20.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf"
        },
        {
          "name": "98366",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/98366"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-6865",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Primary Setup Tool (PST)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.2 HF1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC Automation Tool",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC NET PC-Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V14 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC PCS 7 V8.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC PCS 7 V8.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V8.2 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V13",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V13 SP2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC STEP 7 (TIA Portal) V14",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V14 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC STEP 7 V5.X",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinAC RTX 2010 SP2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinAC RTX F 2010 SP2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinCC (TIA Portal) V13",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V13 SP2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinCC (TIA Portal) V14",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V14 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinCC V7.2 and prior",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinCC V7.3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V7.3 Update 15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinCC V7.4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V7.4 SP1 Upd1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC WinCC flexible 2008",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c flexible 2008 SP5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SINAUT ST7CC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SINEMA Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V14"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SINUMERIK 808D Programming Tool",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.7 SP4 HF2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SMART PC Access",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "STEP 7 - Micro/WIN SMART",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Configuration Tool (SCT)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security Configuration Tool (SCT)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC Automation Tool (All versions \u003c V3.0), SIMATIC NET PC-Software (All versions \u003c V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC STEP 7 V5.X (All versions \u003c V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Update 15), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions \u003c flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15), SINEMA Server (All versions \u003c V14), SINUMERIK 808D Programming Tool (All versions \u003c V4.7 SP4 HF2), SMART PC Access (All versions \u003c V2.3), STEP 7 - Micro/WIN SMART (All versions \u003c V2.3), Security Configuration Tool (SCT) (All versions \u003c V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf"
            },
            {
              "name": "98366",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/98366"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-6865",
    "datePublished": "2017-05-11T10:00:00.000Z",
    "dateReserved": "2017-03-13T00:00:00.000Z",
    "dateUpdated": "2024-08-05T15:41:17.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-00766

CVE-2017-6865 (GCVE-0-2017-6865)

Tags

Sightings

Nomenclature