Vulnerability CVE-2017-2681


Published: 2017-05-11

Description:
A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions < V3.2.17), SIMATIC CP 443-1 Adv (All versions < V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions < V2.1.82), SIMATIC CP 1243-1 IRC (All versions < V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions < V2.0), SIMATIC CM 1542SP-1 (All versions < V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions < V1.0.15), SIMATIC CP 1543SP-1 (All versions < V1.0.15), SIMATIC CP 1543-1 (All versions < V2.1), SIMATIC RF650R (All versions < V3.0), SIMATIC RF680R (All versions < V3.0), SIMATIC RF685R (All versions < V3.0), SIMATIC CP 1616 (All versions < V2.7), SIMATIC CP 1604 (All versions < V2.7), SIMATIC DK-16xx PN IO (All versions < V2.7), SCALANCE X-200 (All versions < V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions < V4.1.0), SCALANCE X414 (All versions < V3.10.2), SCALANCE XM400 (All versions < V6.1), SCALANCE XR500 (All versions < V6.1), SCALANCE W700 (All versions < V6.1), SCALANCE M-800, S615 (All versions < V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions < V14 SP1), IE/PB-Link (All versions < V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions < V1.2.0), SITOP UPS1600 PROFINET (All versions < V2.2.0), SIMATIC ET 200AL (All versions < V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions < V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions < V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions < V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions < V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions < V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions < V2.3), SIMATIC S7-300 incl. F and T (All versions < V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.6), SIMATIC S7-400-H V6 (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions < V7.0.2), SIMATIC S7-410 (All versions < V8.2), SIMATIC S7-1200 incl. F (All versions < V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions < V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions < V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions < V2.0.0), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions < V1.2 HF 1), SINAMICS G110M w. PN (All versions < V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions < V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions < V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF27), and others. Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a Denial-of-Service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.1/10
6.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Siemens -> Simatic et 200ecopn firmware 
Siemens -> Sinamics g150 firmware 
Siemens -> Simatic s7-400 firmware 
Siemens -> Ups1600 profinet firmware 
Siemens -> Scalance x414 firmware 
Siemens -> Softnet profinet io firmware 
Siemens -> Simatic et 200mp firmware 
Siemens -> Simatic hmi mobile panels 
Siemens -> Simatic et 200m firmware 
Siemens -> Sinamics v90 w. pn firmware 
Siemens -> Simatic cp 1243-1 firmware 
Siemens -> Ek-ertec 200 pn io firmware 
Siemens -> Simotion firmware 
Siemens -> Simatic et 200al firmware 
Siemens -> Sinamics g120(c/p/d) w. pn firmware 
Siemens -> Simatic teleservice adapter ie basic modem firmware 
Siemens -> Simatic rf685r firmware 
Siemens -> Simatic hmi multi panels 
Siemens -> Simatic et 200sp firmware 
Siemens -> Simatic cp 343-1 adv firmware 
Siemens -> Pn/pn coupler firmware 
Siemens -> Ek-ertec 200p pn io firmware 
Siemens -> Sinamics s150 firmware 
Siemens -> Sinamics g110m firmware 
Siemens -> Sirius soft starter 3rw44 pn firmware 
Siemens -> Simatic s7-300 firmware 
Siemens -> Simatic cp 1604 firmware 
Siemens -> Simatic rf680r firmware 
Siemens -> Simatic cm 1542-1 firmware 
Siemens -> Scalance w700 firmware 
Siemens -> Simatic teleservice adapter ie advanced modem firmware 
Siemens -> Sinamics dcm firmware 
Siemens -> Sinamics s110 w. pn firmware 
Siemens -> Simatic dk-16xx pn io firmware 
Siemens -> Simatic s7-1500 software controller firmware 
Siemens -> Simatic winac rtx 2010 firmware 
Siemens -> Scalance x200 firmware 
Siemens -> Simatic cp 1543-1 firmware 
Siemens -> Sinamics dcp firmware 
Siemens -> Sinumerik 828d firmware 
Siemens -> Simatic cp 343-1 std firmware 
Siemens -> Sinamics s120 firmware 
Siemens -> Scalance m-800 firmware 
Siemens -> Simatic hmi comfort panels 
Siemens -> Scalance xm400 firmware 
Siemens -> Simatic cp 343-1 lean firmware 
Siemens -> Simatic s7-1500 firmware 
Siemens -> Dk standard ethernet controller firmware 
Siemens -> Simatic cp 1542sp-1 firmware 
Siemens -> Sirius act 3su1 firmware 
Siemens -> Simatic cp 443-1 std firmware 
Siemens -> Simatic cp 443-1 opc-ua firmware 
Siemens -> Sirius motor starter m200d profinet firmware 
Siemens -> Simatic cp 443-1 adv firmware 
Siemens -> Simatic cp 1616 firmware 
Siemens -> Simatic et 200pro firmware 
Siemens -> Scalance x200 irt firmware 
Siemens -> Simatic teleservice adapter standard modem firmware 
Siemens -> Scalance x408 firmware 
Siemens -> Ie/pb-link firmware 
Siemens -> Simatic et 200s firmware 
Siemens -> Sitop psu8600 firmware 
Siemens -> Simatic rf650r firmware 
Siemens -> Simatic cp 1543sp-1 firmware 
Siemens -> Simocode pro v profinet firmware 
Siemens -> Simatic cp 1542sp-1 irc firmware 
Siemens -> Sinumerik 840d sl firmware 
Siemens -> Simatic s7-1200 firmware 
Siemens -> Scalance s615 firmware 
Siemens -> Simatic s7-200 smart firmware 
Siemens -> Ie/as-i link pn io firmware 
Siemens -> Scalance xr500 firmware 
Siemens -> Scalance x300 firmware 
Siemens -> Sinamics g130 firmware 

 References:
http://www.securityfocus.com/bid/98369
http://www.securitytracker.com/id/1038463
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf

Copyright 2024, cxsecurity.com

 

Back to Top