CVE-2017-12741

high-risk
Published 2017-12-26

Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

Do I need to act?

~
5.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Simatic S7-200 Firmware
Simatic S7-400Pn V6 Firmware
Simatic S7-400Pn\/Dp V7 Firmware
Simatic S7-410 V8 Firmware
Simatic S7-1200 Firmware
Simatic S7-1500 Controller Firmware
Simatic Et 200Mp Firmware
Simatic Et 200Pro Firmware
Simatic Et 200S Firmware
Ek-Ertec 200P Firmware
Ek-Ertec 200Pn Io Firmware
Sinamics Dcm Firmware
Sinamics Dcp Firmware
Sinamics G110M\/G120Pn Firmware
Sinamics G130 Firmware
Sinamics G150 Firmware
Sinamics S110Pn Firmware
Sinamics S120 Firmware
Sinamics S150 V4.7 Firmware
Sinamics V90Pn Firmware

Affected Vendors

Siemens

References (14)

https://cert-portal.siemens.com/productcert/html/ssa-141614.html
https://cert-portal.siemens.com/productcert/html/ssa-346262.html
https://cert-portal.siemens.com/productcert/html/ssa-546832.html
https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf
https://www.securityfocus.com/bid/101964
https://cert-portal.siemens.com/productcert/html/ssa-141614.html
https://cert-portal.siemens.com/productcert/html/ssa-346262.html
https://cert-portal.siemens.com/productcert/html/ssa-546832.html
https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf
https://www.securityfocus.com/bid/101964
58
/ 100
high-risk
Severity 26/34 · High
Exploitability 8/34 · Low
Exposure 24/34 · High