CVE-2017-2680

high-risk

Published 2017-05-11

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

Do I need to act?

2.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Simatic Cp 343-1 Lean Firmware

Simatic Cp 343-1 Adv Firmware

Simatic Cp 1542Sp-1 Firmware

Simatic Cp 1542Sp-1 Irc Firmware

Simatic Rf650R Firmware

Simatic Cp 1604 Firmware

Simatic Dk-1616 Pn Io Firmware

Scalance X408 Firmware

Scalance X414 Firmware

Scalance Xm400 Firmware

Scalance Xr500 Firmware

Scalance S615 Firmware

Softnet Profinet Io Firmware

Ie\/As-I Link Pn Io Firmware

Simatic Teleservice Adapter Ie Standard Firmware

Simatic Teleservice Adapter Ie Basic Firmware

Simatic Teleservice Adapter Ie Advanced Firmware

Simatic Et 200Al Firmware

Simatic Et 200M Firmware

Simatic Et 200Pro Firmware

Affected Vendors

Siemens

References (20)

Third Party Advisory http://www.securityfocus.com/bid/98369

Third Party Advisory http://www.securitytracker.com/id/1038463

https://cert-portal.siemens.com/productcert/html/ssa-284673.html

https://cert-portal.siemens.com/productcert/html/ssa-293562.html

https://cert-portal.siemens.com/productcert/html/ssa-546832.html

Vendor Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf

Vendor Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf

Vendor Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02

Broken Link https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf