CVE-2017-2680

SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.

Published : 2017-05-11 01:29 Updated : 2018-05-11 01:29

6.1

CVSS Score More info

Score 6.1 / 10

Access vector ADJACENT_NETWORK

Access complexity LOW

Specialized access conditions or extenuating circumstances do not exist. The following are examples:

The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
The affected configuration is default or ubiquitous.
The attack can be performed manually and requires little skill or additional information gathering.
The race condition is a lazy one (i.e., it is technically a race but easily winnable).

CPE (76)
Tree view

Vendor	Product	Version	URI
Siemens	Simatic Cp 443-1 Adv Firmware	-	cpe:/o:siemens:simatic_cp_443-1_adv_firmware:-
Siemens	Sinumerik 828d Firmware	4.7	cpe:/o:siemens:sinumerik_828d_firmware:4.7
Siemens	Simatic Et 200mp Firmware	-	cpe:/o:siemens:simatic_et_200mp_firmware:-
Siemens	Scalance X200 Irt Firmware	-	cpe:/o:siemens:scalance_x200_irt_firmware:-
Siemens	Ie%2fpb-link Firmware	-	cpe:/o:siemens:ie%2fpb-link_firmware:-
Siemens	Simatic Cm 1542-1 Firmware	-	cpe:/o:siemens:simatic_cm_1542-1_firmware:-
Siemens	Simatic Et 200sp Firmware	-	cpe:/o:siemens:simatic_et_200sp_firmware:-
Siemens	Sinamics Dcm Firmware	-	cpe:/o:siemens:sinamics_dcm_firmware:-
Siemens	Simatic Cp 1543sp-1 Firmware	-	cpe:/o:siemens:simatic_cp_1543sp-1_firmware:-
Siemens	Simocode Pro V Profinet Firmware	-	cpe:/o:siemens:simocode_pro_v_profinet_firmware:-
Siemens	Sinumerik 828d Firmware	4.5	cpe:/o:siemens:sinumerik_828d_firmware:4.5
Siemens	Simatic Cp 443-1 Opc-ua Firmware	-	cpe:/o:siemens:simatic_cp_443-1_opc-ua_firmware:-
Siemens	Ups1600 Profinet Firmware	-	cpe:/o:siemens:ups1600_profinet_firmware:-
Siemens	Ek-ertec 200 Pn Io Firmware	4.2.1	cpe:/o:siemens:ek-ertec_200_pn_io_firmware:4.2.1
Siemens	Simatic Et 200s Firmware	-	cpe:/o:siemens:simatic_et_200s_firmware:-
Siemens	Simatic S7-1500 Firmware	-	cpe:/o:siemens:simatic_s7-1500_firmware:-
Siemens	Simatic Hmi Mobile Panels	-	cpe:/o:siemens:simatic_hmi_mobile_panels:-
Siemens	Simatic Teleservice Adapter Standard Modem Firmware	-	cpe:/o:siemens:simatic_teleservice_adapter_standard_modem_firmware:-
Siemens	Simatic Rf685r Firmware	-	cpe:/o:siemens:simatic_rf685r_firmware:-
Siemens	Simatic Et 200m Firmware	-	cpe:/o:siemens:simatic_et_200m_firmware:-
Siemens	Simatic S7-400 Firmware	-	cpe:/o:siemens:simatic_s7-400_firmware:-
Siemens	Pn%2fpn Coupler Firmware	-	cpe:/o:siemens:pn%2fpn_coupler_firmware:-
Siemens	Simatic Cp 1243-1 Firmware	-	cpe:/o:siemens:simatic_cp_1243-1_firmware:-
Siemens	Simatic Rf650r Firmware	-	cpe:/o:siemens:simatic_rf650r_firmware:-
Siemens	Simotion Firmware	4.5	cpe:/o:siemens:simotion_firmware:4.5
Siemens	Scalance Xm400 Firmware	-	cpe:/o:siemens:scalance_xm400_firmware:-
Siemens	Sinamics G110m Firmware	4.7	cpe:/o:siemens:sinamics_g110m_firmware:4.7
Siemens	Simatic S7-300 Firmware	-	cpe:/o:siemens:simatic_s7-300_firmware:-
Siemens	Scalance S615 Firmware	-	cpe:/o:siemens:scalance_s615_firmware:-
Siemens	Simatic Cp 343-1 Lean Firmware	-	cpe:/o:siemens:simatic_cp_343-1_lean_firmware:-
Siemens	Scalance X414 Firmware	-	cpe:/o:siemens:scalance_x414_firmware:-
Siemens	Simatic Winac Rtx 2010 Firmware	-	cpe:/o:siemens:simatic_winac_rtx_2010_firmware:-
Siemens	Sirius Act 3su1 Firmware	-	cpe:/o:siemens:sirius_act_3su1_firmware:-
Siemens	Scalance X300 Firmware	-	cpe:/o:siemens:scalance_x300_firmware:-
Siemens	Scalance X408 Firmware	-	cpe:/o:siemens:scalance_x408_firmware:-
Siemens	Sinumerik 840d Sl Firmware	4.7	cpe:/o:siemens:sinumerik_840d_sl_firmware:4.7
Siemens	Simatic Cp 343-1 Std Firmware	-	cpe:/o:siemens:simatic_cp_343-1_std_firmware:-
Siemens	Sinumerik 840d Sl Firmware	4.5	cpe:/o:siemens:sinumerik_840d_sl_firmware:4.5
Siemens	Simatic Cp 443-1 Std Firmware	-	cpe:/o:siemens:simatic_cp_443-1_std_firmware:-
Siemens	Simatic S7-1500 Software Controller Firmware	-	cpe:/o:siemens:simatic_s7-1500_software_controller_firmware:-
Siemens	Simatic Rf680r Firmware	-	cpe:/o:siemens:simatic_rf680r_firmware:-
Siemens	Scalance Xr500 Firmware	-	cpe:/o:siemens:scalance_xr500_firmware:-
Siemens	Sirius Soft Starter 3rw44 Pn Firmware	-	cpe:/o:siemens:sirius_soft_starter_3rw44_pn_firmware:-
Siemens	Simatic Cp 1604 Firmware	-	cpe:/o:siemens:simatic_cp_1604_firmware:-
Siemens	Simatic Hmi Multi Panels	-	cpe:/o:siemens:simatic_hmi_multi_panels:-
Siemens	Softnet Profinet Io Firmware	-	cpe:/o:siemens:softnet_profinet_io_firmware:-
Siemens	Sinamics Dcp Firmware	-	cpe:/o:siemens:sinamics_dcp_firmware:-
Siemens	Sitop Psu8600 Firmware	-	cpe:/o:siemens:sitop_psu8600_firmware:-
Siemens	Simatic S7-200 Smart Firmware	-	cpe:/o:siemens:simatic_s7-200_smart_firmware:-
Siemens	Sinamics G130 Firmware	4.8	cpe:/o:siemens:sinamics_g130_firmware:4.8
Siemens	Simatic Teleservice Adapter Ie Basic Modem Firmware	-	cpe:/o:siemens:simatic_teleservice_adapter_ie_basic_modem_firmware:-
Siemens	Simatic Cp 1616 Firmware	-	cpe:/o:siemens:simatic_cp_1616_firmware:-
Siemens	Simatic Dk-16xx Pn Io Firmware	-	cpe:/o:siemens:simatic_dk-16xx_pn_io_firmware:-
Siemens	Simatic S7-1200 Firmware	-	cpe:/o:siemens:simatic_s7-1200_firmware:-
Siemens	Simatic Cp 343-1 Adv Firmware	-	cpe:/o:siemens:simatic_cp_343-1_adv_firmware:-
Siemens	Simatic Cp 1542sp-1 Irc Firmware	-	cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware:-
Siemens	Simatic Et 200pro Firmware	-	cpe:/o:siemens:simatic_et_200pro_firmware:-
Siemens	Simatic Cp 1542sp-1 Firmware	-	cpe:/o:siemens:simatic_cp_1542sp-1_firmware:-
Siemens	Dk Standard Ethernet Controller Firmware	4.1.1	cpe:/o:siemens:dk_standard_ethernet_controller_firmware:4.1.1
Siemens	Sinamics S120 Firmware	4.8	cpe:/o:siemens:sinamics_s120_firmware:4.8
Siemens	Scalance X200 Firmware	-	cpe:/o:siemens:scalance_x200_firmware:-
Siemens	Ie%2fas-i Link Pn Io Firmware	-	cpe:/o:siemens:ie%2fas-i_link_pn_io_firmware:-
Siemens	Scalance M-800 Firmware	-	cpe:/o:siemens:scalance_m-800_firmware:-
Siemens	Sinamics G120%28c%2fp%2fd%29 W. Pn Firmware	4.7	cpe:/o:siemens:sinamics_g120%28c%2fp%2fd%29_w._pn_firmware:4.7
Siemens	Sinamics V90 W. Pn Firmware	-	cpe:/o:siemens:sinamics_v90_w._pn_firmware:-
Siemens	Simatic Et 200al Firmware	-	cpe:/o:siemens:simatic_et_200al_firmware:-
Siemens	Sirius Motor Starter M200d Profinet Firmware	-	cpe:/o:siemens:sirius_motor_starter_m200d_profinet_firmware:-
Siemens	Simatic Hmi Comfort Panels	-	cpe:/o:siemens:simatic_hmi_comfort_panels:-
Siemens	Scalance W700 Firmware	-	cpe:/o:siemens:scalance_w700_firmware:-
Siemens	Simatic Teleservice Adapter Ie Advanced Modem Firmware	-	cpe:/o:siemens:simatic_teleservice_adapter_ie_advanced_modem_firmware:-
Siemens	Sinamics S150 Firmware	4.8	cpe:/o:siemens:sinamics_s150_firmware:4.8
Siemens	Simatic Cp 1543-1 Firmware	-	cpe:/o:siemens:simatic_cp_1543-1_firmware:-
Siemens	Ek-ertec 200p Pn Io Firmware	4.4.0	cpe:/o:siemens:ek-ertec_200p_pn_io_firmware:4.4.0
Siemens	Sinamics S110 W. Pn Firmware	-	cpe:/o:siemens:sinamics__s110_w._pn_firmware:-
Siemens	Simatic Et 200ecopn Firmware	-	cpe:/o:siemens:simatic_et_200ecopn_firmware:-
Siemens	Sinamics G150 Firmware	4.8	cpe:/o:siemens:sinamics_g150_firmware:4.8

Siemens (74) Search CVE
1. Sinamics S120 Firmware (1) Search CVE
  1. 4.8
2. Simatic Cp 1543-1 Firmware (1) Search CVE
  1. -
3. Ek-ertec 200 Pn Io Firmware (1) Search CVE
  1. 4.2.1
4. Simatic Hmi Mobile Panels (1) Search CVE
  1. -
5. Ups1600 Profinet Firmware (1) Search CVE
  1. -
6. Simatic Et 200s Firmware (1) Search CVE
  1. -
7. Sinamics Dcm Firmware (1) Search CVE
  1. -
8. Dk Standard Ethernet Controller Firmware (1) Search CVE
  1. 4.1.1
9. Simatic Cp 343-1 Adv Firmware (1) Search CVE
  1. -
10. Pn%2fpn Coupler Firmware (1) Search CVE
  1. -
11. Scalance M-800 Firmware (1) Search CVE
  1. -
12. Simatic Cp 443-1 Opc-ua Firmware (1) Search CVE
  1. -
13. Scalance Xm400 Firmware (1) Search CVE
  1. -
14. Sinumerik 828d Firmware (2) Search CVE
  1. 4.7
  2. 4.5
15. Simatic Hmi Multi Panels (1) Search CVE
  1. -
16. Simatic Dk-16xx Pn Io Firmware (1) Search CVE
  1. -
17. Scalance Xr500 Firmware (1) Search CVE
  1. -
18. Simocode Pro V Profinet Firmware (1) Search CVE
  1. -
19. Simatic Teleservice Adapter Standard Modem Firmware (1) Search CVE
  1. -
20. Simatic S7-200 Smart Firmware (1) Search CVE
  1. -
21. Sinamics Dcp Firmware (1) Search CVE
  1. -
22. Simatic Et 200m Firmware (1) Search CVE
  1. -
23. Scalance X414 Firmware (1) Search CVE
  1. -
24. Simatic Et 200mp Firmware (1) Search CVE
  1. -
25. Simatic Teleservice Adapter Ie Basic Modem Firmware (1) Search CVE
  1. -
26. Simatic Cp 443-1 Std Firmware (1) Search CVE
  1. -
27. Scalance W700 Firmware (1) Search CVE
  1. -
28. Simatic Cp 443-1 Adv Firmware (1) Search CVE
  1. -
29. Simatic Cp 343-1 Std Firmware (1) Search CVE
  1. -
30. Simatic Et 200sp Firmware (1) Search CVE
  1. -
31. Simatic Et 200pro Firmware (1) Search CVE
  1. -
32. Simatic Rf650r Firmware (1) Search CVE
  1. -
33. Scalance X408 Firmware (1) Search CVE
  1. -
34. Simatic Teleservice Adapter Ie Advanced Modem Firmware (1) Search CVE
  1. -
35. Sinamics G110m Firmware (1) Search CVE
  1. 4.7
36. Scalance S615 Firmware (1) Search CVE
  1. -
37. Simatic Cp 1604 Firmware (1) Search CVE
  1. -
38. Scalance X200 Firmware (1) Search CVE
  1. -
39. Softnet Profinet Io Firmware (1) Search CVE
  1. -
40. Sinamics V90 W. Pn Firmware (1) Search CVE
  1. -
41. Simatic Cp 1542sp-1 Irc Firmware (1) Search CVE
  1. -
42. Simatic Cp 1543sp-1 Firmware (1) Search CVE
  1. -
43. Simatic Cm 1542-1 Firmware (1) Search CVE
  1. -
44. Simatic Cp 1616 Firmware (1) Search CVE
  1. -
45. Sinamics G150 Firmware (1) Search CVE
  1. 4.8
46. Simatic S7-1500 Software Controller Firmware (1) Search CVE
  1. -
47. Sinamics S150 Firmware (1) Search CVE
  1. 4.8
48. Sirius Soft Starter 3rw44 Pn Firmware (1) Search CVE
  1. -
49. Simatic Cp 1542sp-1 Firmware (1) Search CVE
  1. -
50. Simatic S7-1200 Firmware (1) Search CVE
  1. -
51. Simatic Rf680r Firmware (1) Search CVE
  1. -
52. Sinumerik 840d Sl Firmware (2) Search CVE
  1. 4.7
  2. 4.5
53. Simatic Winac Rtx 2010 Firmware (1) Search CVE
  1. -
54. Simatic Et 200al Firmware (1) Search CVE
  1. -
55. Simatic Hmi Comfort Panels (1) Search CVE
  1. -
56. Ek-ertec 200p Pn Io Firmware (1) Search CVE
  1. 4.4.0
57. Sitop Psu8600 Firmware (1) Search CVE
  1. -
58. Sinamics G120%28c%2fp%2fd%29 W. Pn Firmware (1) Search CVE
  1. 4.7
59. Ie%2fas-i Link Pn Io Firmware (1) Search CVE
  1. -
60. Simatic S7-300 Firmware (1) Search CVE
  1. -
61. Scalance X200 Irt Firmware (1) Search CVE
  1. -
62. Scalance X300 Firmware (1) Search CVE
  1. -
63. Simatic S7-400 Firmware (1) Search CVE
  1. -
64. Ie%2fpb-link Firmware (1) Search CVE
  1. -
65. Sirius Act 3su1 Firmware (1) Search CVE
  1. -
66. Simatic S7-1500 Firmware (1) Search CVE
  1. -
67. Simatic Cp 1243-1 Firmware (1) Search CVE
  1. -
68. Sinamics S110 W. Pn Firmware (1) Search CVE
  1. -
69. Sirius Motor Starter M200d Profinet Firmware (1) Search CVE
  1. -
70. Simatic Rf685r Firmware (1) Search CVE
  1. -
71. Simatic Et 200ecopn Firmware (1) Search CVE
  1. -
72. Simatic Cp 343-1 Lean Firmware (1) Search CVE
  1. -
73. Simotion Firmware (1) Search CVE
  1. 4.5
74. Sinamics G130 Firmware (1) Search CVE
  1. 4.8

CWE

ID	Name	Description	Links
CWE-20	Improper Input Validation	The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.		CVE

References

Source	Link
SECTRACK	http://www.securitytracker.com/id/1038463
CONFIRM	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf
MISC	https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf
BID	http://www.securityfocus.com/bid/98369

History of changes

Date

Event

2018-05-11 01:29

References changed

1 added

CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf

2018-03-07 02:29

References changed

1 added

CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf

1 removed

CONFIRM

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf

Summary changed

New summary : SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.
Old summary : A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions < V3.2.17), SIMATIC CP 443-1 Adv (All versions < V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions < V2.1.82), SIMATIC CP 1243-1 IRC (All versions < V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions < V2.0), SIMATIC CM 1542SP-1 (All versions < V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions < V1.0.15), SIMATIC CP 1543SP-1 (All versions < V1.0.15), SIMATIC CP 1543-1 (All versions < V2.1), SIMATIC RF650R (All versions < V3.0), SIMATIC RF680R (All versions < V3.0), SIMATIC RF685R (All versions < V3.0), SIMATIC CP 1616 (All versions < V2.7), SIMATIC CP 1604 (All versions < V2.7), SIMATIC DK-16xx PN IO (All versions < V2.7), SCALANCE X-200 (All versions < V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions < V4.1.0), SCALANCE X414 (All versions < V3.10.2), SCALANCE XM400 (All versions < V6.1), SCALANCE XR500 (All versions < V6.1), SCALANCE W700 (All versions < V6.1), SCALANCE M-800, S615 (All versions < V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions < V14 SP1), IE/PB-Link (All versions < V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions < V1.2.0), SITOP UPS1600 PROFINET (All versions < V2.2.0), SIMATIC ET 200AL (All versions < V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions < V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions < V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions < V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions < V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions < V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions < V2.3), SIMATIC S7-300 incl. F and T (All versions < V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.6), SIMATIC S7-400-H V6 (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions < V7.0.2), SIMATIC S7-410 (All versions < V8.2), SIMATIC S7-1200 incl. F (All versions < V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions < V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions < V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions < V2.0.0), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions < V1.2 HF 1), SINAMICS G110M w. PN (All versions < V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions < V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions < V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF27), and others. Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

2018-03-01 02:29

Summary changed

New summary : A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions < V3.2.17), SIMATIC CP 443-1 Adv (All versions < V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions < V2.1.82), SIMATIC CP 1243-1 IRC (All versions < V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions < V2.0), SIMATIC CM 1542SP-1 (All versions < V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions < V1.0.15), SIMATIC CP 1543SP-1 (All versions < V1.0.15), SIMATIC CP 1543-1 (All versions < V2.1), SIMATIC RF650R (All versions < V3.0), SIMATIC RF680R (All versions < V3.0), SIMATIC RF685R (All versions < V3.0), SIMATIC CP 1616 (All versions < V2.7), SIMATIC CP 1604 (All versions < V2.7), SIMATIC DK-16xx PN IO (All versions < V2.7), SCALANCE X-200 (All versions < V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions < V4.1.0), SCALANCE X414 (All versions < V3.10.2), SCALANCE XM400 (All versions < V6.1), SCALANCE XR500 (All versions < V6.1), SCALANCE W700 (All versions < V6.1), SCALANCE M-800, S615 (All versions < V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions < V14 SP1), IE/PB-Link (All versions < V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions < V1.2.0), SITOP UPS1600 PROFINET (All versions < V2.2.0), SIMATIC ET 200AL (All versions < V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions < V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions < V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions < V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions < V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions < V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions < V2.3), SIMATIC S7-300 incl. F and T (All versions < V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.6), SIMATIC S7-400-H V6 (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions < V7.0.2), SIMATIC S7-410 (All versions < V8.2), SIMATIC S7-1200 incl. F (All versions < V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions < V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions < V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions < V2.0.0), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions < V1.2 HF 1), SINAMICS G110M w. PN (All versions < V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions < V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions < V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF27), and others. Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
Old summary : A vulnerability has been identified in SIMATIC CP 343-1 Std, SIMATIC CP 343-1 Lean, SIMATIC CP 343-1 Adv, SIMATIC CP 443-1 Std, SIMATIC CP 443-1 Adv, SIMATIC CP 443-1 OPC-UA, SIMATIC CP 1243-1, SIMATIC CP 1243-1 IRC, SIMATIC CP 1243-1 IEC, SIMATIC CP 1243-1 DNP3, SIMATIC CM 1542-1, SIMATIC CM 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, SIMATIC CP 1543-1, SIMATIC RF650R, SIMATIC RF680R, SIMATIC RF685R, SIMATIC CP 1616, SIMATIC CP 1604, SIMATIC DK-16xx PN IO, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-300/X408, SCALANCE X414, SCALANCE XM400, SCALANCE XR500, SCALANCE W700, SCALANCE M-800, S615, Softnet PROFINET IO for PC-based Windows systems, IE/PB-Link, IE/AS-i Link PN IO, SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced, SITOP PSU8600 PROFINET, SITOP UPS1600 PROFINET, SIMATIC ET 200AL, SIMATIC ET 200ecoPN, SIMATIC ET 200M, SIMATIC ET 200MP IM155-5 PN BA, SIMATIC ET 200MP IM155-5 PN ST, SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST), SIMATIC ET 200pro, SIMATIC ET 200S, SIMATIC ET 200SP IM155-6 PN ST, SIMATIC ET 200SP (except IM155-6 PN ST), SIMATIC PN/PN Coupler, Development/Evaluation Kit DK Standard Ethernet Controller, Development/Evaluation Kit EK-ERTEC 200P, Development/Evaluation Kit EK-ERTEC 200, SIMATIC S7-200 SMART, SIMATIC S7-300 incl. F and T, SIMATIC S7-400 PN/DP V6 Incl. F, SIMATIC S7-400-H V6, SIMATIC S7-400 PN/DP V7 Incl. F, SIMATIC S7-410, SIMATIC S7-1200 incl. F, SIMATIC S7-1500 incl. F, T, and TF, SIMATIC S7-1500 Software Controller incl. F, SIMATIC WinAC RTX 2010 incl. F, SIRIUS ACT 3SU1 interface module PROFINET, SIRIUS Soft Starter 3RW44 PN, SIRIUS Motor Starter M200D PROFINET, SIMOCODE pro V PROFINET, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SIMOTION, SINUMERIK 828D V4.5 and prior, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.5 and prior, SINUMERIK 840D sl V4.7, SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels. Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

2018-02-24 02:29

Summary changed

New summary : A vulnerability has been identified in SIMATIC CP 343-1 Std, SIMATIC CP 343-1 Lean, SIMATIC CP 343-1 Adv, SIMATIC CP 443-1 Std, SIMATIC CP 443-1 Adv, SIMATIC CP 443-1 OPC-UA, SIMATIC CP 1243-1, SIMATIC CP 1243-1 IRC, SIMATIC CP 1243-1 IEC, SIMATIC CP 1243-1 DNP3, SIMATIC CM 1542-1, SIMATIC CM 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543SP-1, SIMATIC CP 1543-1, SIMATIC RF650R, SIMATIC RF680R, SIMATIC RF685R, SIMATIC CP 1616, SIMATIC CP 1604, SIMATIC DK-16xx PN IO, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-300/X408, SCALANCE X414, SCALANCE XM400, SCALANCE XR500, SCALANCE W700, SCALANCE M-800, S615, Softnet PROFINET IO for PC-based Windows systems, IE/PB-Link, IE/AS-i Link PN IO, SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced, SITOP PSU8600 PROFINET, SITOP UPS1600 PROFINET, SIMATIC ET 200AL, SIMATIC ET 200ecoPN, SIMATIC ET 200M, SIMATIC ET 200MP IM155-5 PN BA, SIMATIC ET 200MP IM155-5 PN ST, SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST), SIMATIC ET 200pro, SIMATIC ET 200S, SIMATIC ET 200SP IM155-6 PN ST, SIMATIC ET 200SP (except IM155-6 PN ST), SIMATIC PN/PN Coupler, Development/Evaluation Kit DK Standard Ethernet Controller, Development/Evaluation Kit EK-ERTEC 200P, Development/Evaluation Kit EK-ERTEC 200, SIMATIC S7-200 SMART, SIMATIC S7-300 incl. F and T, SIMATIC S7-400 PN/DP V6 Incl. F, SIMATIC S7-400-H V6, SIMATIC S7-400 PN/DP V7 Incl. F, SIMATIC S7-410, SIMATIC S7-1200 incl. F, SIMATIC S7-1500 incl. F, T, and TF, SIMATIC S7-1500 Software Controller incl. F, SIMATIC WinAC RTX 2010 incl. F, SIRIUS ACT 3SU1 interface module PROFINET, SIRIUS Soft Starter 3RW44 PN, SIRIUS Motor Starter M200D PROFINET, SIMOCODE pro V PROFINET, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SIMOTION, SINUMERIK 828D V4.5 and prior, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.5 and prior, SINUMERIK 840D sl V4.7, SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels. Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
Old summary : A vulnerability has been identified in Development/Evaluation Kit DK Standard Ethernet Controller, Development/Evaluation Kit EK-ERTEC 200 PN IO, Development/Evaluation Kit EK-ERTEC 200P PN IO, IE/AS-i Link PN IO, IE/PB-Link, SCALANCE M-800, S615, SCALANCE W700, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-300/X408, SCALANCE X414, SCALANCE XM400, SCALANCE XR500, SIMATIC WinAC RTX 2010 incl. F, SIMATIC CM 1542-1, SIMATIC CM 1542SP-1, SIMATIC CP 1243-1, SIMATIC CP 1243-1 DNP3, SIMATIC CP 1243-1 IEC, SIMATIC CP 1243-1 IRC, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543-1, SIMATIC CP 1543SP-1, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Adv, SIMATIC CP 343-1 Lean, SIMATIC CP 343-1 Std, SIMATIC CP 443-1 Adv, SIMATIC CP 443-1 OPC-UA, SIMATIC CP 443-1 Std, SIMATIC DK-16xx PN IO, SIMATIC ET 200AL, SIMATIC ET 200M, SIMATIC ET 200MP, SIMATIC ET 200S, SIMATIC ET 200SP, SIMATIC ET 200ecoPN, SIMATIC ET 200pro, SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC RF650R, SIMATIC RF680R, SIMATIC RF685R, SIMATIC S7-1200 incl. F, SIMATIC S7-1500 Software Controller incl. F, SIMATIC S7-1500 incl. F, T, and TF, SIMATIC S7-200 SMART, SIMATIC S7-300 incl. F and T, SIMATIC S7-400 PN/DP V6 Incl. F, SIMATIC S7-400 PN/DP V7 Incl. F, SIMATIC S7-400-H V6, SIMATIC S7-410, SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced, SIMOCODE pro V PROFINET, SIMOTION, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 828D V4.5 and prior, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.5 and prior, SINUMERIK 840D sl V4.7, SIRIUS ACT 3SU1 interface module PROFINET, SIRIUS Motor Starter M200D PROFINET, SIRIUS Soft Starter 3RW44 PN, SITOP PSU8600 PROFINET, SITOP UPS1600 PROFINET, Softnet PROFINET IO for PC-based Windows systems. Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

2018-01-26 02:29

References changed

1 added

MISC	https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02

2018-01-25 02:29

Summary changed

New summary : A vulnerability has been identified in Development/Evaluation Kit DK Standard Ethernet Controller, Development/Evaluation Kit EK-ERTEC 200 PN IO, Development/Evaluation Kit EK-ERTEC 200P PN IO, IE/AS-i Link PN IO, IE/PB-Link, SCALANCE M-800, S615, SCALANCE W700, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-300/X408, SCALANCE X414, SCALANCE XM400, SCALANCE XR500, SIMATIC WinAC RTX 2010 incl. F, SIMATIC CM 1542-1, SIMATIC CM 1542SP-1, SIMATIC CP 1243-1, SIMATIC CP 1243-1 DNP3, SIMATIC CP 1243-1 IEC, SIMATIC CP 1243-1 IRC, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543-1, SIMATIC CP 1543SP-1, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Adv, SIMATIC CP 343-1 Lean, SIMATIC CP 343-1 Std, SIMATIC CP 443-1 Adv, SIMATIC CP 443-1 OPC-UA, SIMATIC CP 443-1 Std, SIMATIC DK-16xx PN IO, SIMATIC ET 200AL, SIMATIC ET 200M, SIMATIC ET 200MP, SIMATIC ET 200S, SIMATIC ET 200SP, SIMATIC ET 200ecoPN, SIMATIC ET 200pro, SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC RF650R, SIMATIC RF680R, SIMATIC RF685R, SIMATIC S7-1200 incl. F, SIMATIC S7-1500 Software Controller incl. F, SIMATIC S7-1500 incl. F, T, and TF, SIMATIC S7-200 SMART, SIMATIC S7-300 incl. F and T, SIMATIC S7-400 PN/DP V6 Incl. F, SIMATIC S7-400 PN/DP V7 Incl. F, SIMATIC S7-400-H V6, SIMATIC S7-410, SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced, SIMOCODE pro V PROFINET, SIMOTION, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 828D V4.5 and prior, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.5 and prior, SINUMERIK 840D sl V4.7, SIRIUS ACT 3SU1 interface module PROFINET, SIRIUS Motor Starter M200D PROFINET, SIRIUS Soft Starter 3RW44 PN, SITOP PSU8600 PROFINET, SITOP UPS1600 PROFINET, Softnet PROFINET IO for PC-based Windows systems. Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
Old summary : A vulnerability has been identified in Extension Unit 12" PROFINET, Extension Unit 15" PROFINET, Extension Unit 19" PROFINET, Extension Unit 22" PROFINET, SIMATIC CP 1242-7 GPRS V2, SIMATIC CP 1243-7 LTE/US, SIMATIC CP 1243-8, SIMATIC CP 1626, Development/Evaluation Kit DK Standard Ethernet Controller, Development/Evaluation Kit EK-ERTEC 200 PN IO, Development/Evaluation Kit EK-ERTEC 200P PN IO, IE/AS-i Link PN IO, IE/PB-Link, SCALANCE M-800, S615, SCALANCE W700, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-300/X408, SCALANCE X414, SCALANCE XM400, SCALANCE XR500, SIMATIC WinAC RTX 2010 incl. F, SIMATIC CP 1243-1, SIMATIC CP 1243-1 DNP3, SIMATIC CP 1243-1 IEC, SIMATIC CP 1243-1 IRC, SIMATIC CP 1542-1, SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543-1, SIMATIC CP 1543SP-1, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Adv, SIMATIC CP 343-1 Lean, SIMATIC CP 343-1 Std, SIMATIC CP 443-1 Adv, SIMATIC CP 443-1 OPC-UA, SIMATIC CP 443-1 Std, SIMATIC DK-16xx PN IO, SIMATIC ET 200AL, SIMATIC ET 200M, SIMATIC ET 200MP, SIMATIC ET 200S, SIMATIC ET 200SP, SIMATIC ET 200ecoPN, SIMATIC ET 200pro, SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC RF650R, SIMATIC RF680R, SIMATIC RF685R, SIMATIC S7-1200 incl. F, SIMATIC S7-1500 Software Controller incl. F, SIMATIC S7-1500 incl. F, T, and TF, SIMATIC S7-200 SMART, SIMATIC S7-300 incl. F and T, SIMATIC S7-400 PN/DP V6 Incl. F, SIMATIC S7-400 PN/DP V7 Incl. F, SIMATIC S7-400-H V6, SIMATIC S7-410, SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced, SIMOCODE pro V PROFINET, SIMOTION, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 828D V4.5 and prior, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.5 and prior, SINUMERIK 840D sl V4.7, SIRIUS ACT 3SU1 interface module PROFINET, SIRIUS Motor Starter M200D PROFINET, SIRIUS Soft Starter 3RW44 PN, SITOP PSU8600 PROFINET, SITOP UPS1600 PROFINET, Softnet PROFINET IO for PC-based Windows systems. Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

2018-01-19 02:29

References changed

1 added

CONFIRM

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf

Summary changed

New summary : A vulnerability has been identified in Extension Unit 12" PROFINET, Extension Unit 15" PROFINET, Extension Unit 19" PROFINET, Extension Unit 22" PROFINET, SIMATIC CP 1242-7 GPRS V2, SIMATIC CP 1243-7 LTE/US, SIMATIC CP 1243-8, SIMATIC CP 1626, Development/Evaluation Kit DK Standard Ethernet Controller, Development/Evaluation Kit EK-ERTEC 200 PN IO, Development/Evaluation Kit EK-ERTEC 200P PN IO, IE/AS-i Link PN IO, IE/PB-Link, SCALANCE M-800, S615, SCALANCE W700, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-300/X408, SCALANCE X414, SCALANCE XM400, SCALANCE XR500, SIMATIC WinAC RTX 2010 incl. F, SIMATIC CP 1243-1, SIMATIC CP 1243-1 DNP3, SIMATIC CP 1243-1 IEC, SIMATIC CP 1243-1 IRC, SIMATIC CP 1542-1, SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543-1, SIMATIC CP 1543SP-1, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Adv, SIMATIC CP 343-1 Lean, SIMATIC CP 343-1 Std, SIMATIC CP 443-1 Adv, SIMATIC CP 443-1 OPC-UA, SIMATIC CP 443-1 Std, SIMATIC DK-16xx PN IO, SIMATIC ET 200AL, SIMATIC ET 200M, SIMATIC ET 200MP, SIMATIC ET 200S, SIMATIC ET 200SP, SIMATIC ET 200ecoPN, SIMATIC ET 200pro, SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC RF650R, SIMATIC RF680R, SIMATIC RF685R, SIMATIC S7-1200 incl. F, SIMATIC S7-1500 Software Controller incl. F, SIMATIC S7-1500 incl. F, T, and TF, SIMATIC S7-200 SMART, SIMATIC S7-300 incl. F and T, SIMATIC S7-400 PN/DP V6 Incl. F, SIMATIC S7-400 PN/DP V7 Incl. F, SIMATIC S7-400-H V6, SIMATIC S7-410, SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced, SIMOCODE pro V PROFINET, SIMOTION, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 828D V4.5 and prior, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.5 and prior, SINUMERIK 840D sl V4.7, SIRIUS ACT 3SU1 interface module PROFINET, SIRIUS Motor Starter M200D PROFINET, SIRIUS Soft Starter 3RW44 PN, SITOP PSU8600 PROFINET, SITOP UPS1600 PROFINET, Softnet PROFINET IO for PC-based Windows systems. Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
Old summary : Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), S7-400-H V6 (All versions before V6.0.7), S7-400 PN/DP V7 Incl. F (All versions), S7-410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (V4.7 before HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP3 HF5), SINAMICS S120 (V4.7 before HF27 and V4.8 before HF4), SINAMICS S150 (V4.7 before HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), and SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.

2017-12-30 02:29

Summary changed

New summary : Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), S7-400-H V6 (All versions before V6.0.7), S7-400 PN/DP V7 Incl. F (All versions), S7-410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (V4.7 before HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP3 HF5), SINAMICS S120 (V4.7 before HF27 and V4.8 before HF4), SINAMICS S150 (V4.7 before HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), and SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.
Old summary : Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F (All versions before V8.2), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.

2017-08-17 06:36

Summary changed

New summary : Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F (All versions before V8.2), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.
Old summary : Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F and H (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.8 HF4), SINAMICS S110 w. PN (All versions), SINAMICS S120 (All versions before V4.8 HF4), SINAMICS S150 (All versions before V4.8 HF4), SINAMICS V90 w. PN (All versions), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (V4.7 before SP6 HF8 and before V4.5), SINUMERIK 840D sl (V4.7 before SP6 HF8 and before V4.5), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.

2017-07-08 05:31

References changed

1 added

SECTRACK

http://www.securitytracker.com/id/1038463

2017-06-17 05:27

Summary changed

New summary : Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F and H (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.8 HF4), SINAMICS S110 w. PN (All versions), SINAMICS S120 (All versions before V4.8 HF4), SINAMICS S150 (All versions before V4.8 HF4), SINAMICS V90 w. PN (All versions), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (V4.7 before SP6 HF8 and before V4.5), SINUMERIK 840D sl (V4.7 before SP6 HF8 and before V4.5), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.
Old summary : Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X300, X408, X414 (All versions), SCALANCE XM400, XR500 (All versions), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 / UPS1600 PROFINET (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F and H (All versions), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.8 HF4), SINAMICS S110 w. PN (All versions), SINAMICS S120 (All versions before V4.8 HF4), SINAMICS S150 (All versions before V4.8 HF4), SINAMICS V90 w. PN (All versions), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (V4.7 before SP6 HF8 and before V4.5), SINUMERIK 840D sl (V4.7 before SP6 HF8 and before V4.5), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.

2017-05-11 01:29

CVE-2017-2680

Score 6.1 / 10

Access vector ADJACENT_NETWORK

Access complexity LOW

Authentication NONE

Confidentiality impact NONE

Integrity impact NONE

Availability impact COMPLETE

CWE

References

History of changes

References changed

References changed

Summary changed

Summary changed

Summary changed

References changed

Summary changed

References changed

Summary changed

Summary changed

Summary changed

References changed

Summary changed

New CVE