CVE-2017-6865 Information

Description

A vulnerability has been identified in Primary Setup Tool (PST) (All versions V4.2 HF1) SIMATIC Automation Tool (All versions V3.0) SIMATIC NET PC-Software (All versions V14 SP1) SIMATIC PCS 7 V8.1 (All versions) SIMATIC PCS 7 V8.2 (All versions V8.2 SP1) SIMATIC STEP 7 (TIA Portal) V13 (All versions V13 SP2) SIMATIC STEP 7 (TIA Portal) V14 (All versions V14 SP1) SIMATIC STEP 7 V5.X (All versions V5.6) SIMATIC WinAC RTX 2010 SP2 (All versions) SIMATIC WinAC RTX F 2010 SP2 (All versions) SIMATIC WinCC (TIA Portal) V13 (All versions V13 SP2) SIMATIC WinCC (TIA Portal) V14 (All versions V14 SP1) SIMATIC WinCC V7.2 and prior (All versions) SIMATIC WinCC V7.3 (All versions V7.3 Update 15) SIMATIC WinCC V7.4 (All versions V7.4 SP1 Upd1) SIMATIC WinCC flexible 2008 (All versions flexible 2008 SP5) SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC V7.3 Update 15) SINEMA Server (All versions V14) SINUMERIK 808D Programming Tool (All versions V4.7 SP4 HF2) SMART PC Access (All versions V2.3) STEP 7 - Micro/WIN SMART (All versions V2.3) Security Configuration Tool (SCT) (All versions V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf https://www.securityfocus.com/bid/98366

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5