Vulnerability Description
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Cp 343-1 Std Firmware | < 3.1.3 |
| Siemens | Simatic Cp 343-1 Std | - |
| Siemens | Simatic Cp 343-1 Lean Firmware | < 3.1.3 |
| Siemens | Simatic Cp 343-1 Lean | - |
| Siemens | Simatic Cp 343-1 Adv Firmware | All versions |
| Siemens | Simatic Cp 343-1 Adv | - |
| Siemens | Simatic Cp 443-1 Std Firmware | < 3.2.17 |
| Siemens | Simatic Cp 443-1 Std | - |
| Siemens | Simatic Cp 443-1 Adv Firmware | < 3.2.17 |
| Siemens | Simatic Cp 443-1 Adv | - |
| Siemens | Simatic Cp 443-1 Opc-Ua Firmware | All versions |
| Siemens | Simatic Cp 443-1 Opc-Ua | - |
| Siemens | Simatic Cp 1243-1 Firmware | < 2.1.82 |
| Siemens | Simatic Cp 1243-1 | - |
| Siemens | Simatic Cm 1542-1 Firmware | < 2.0 |
| Siemens | Simatic Cm 1542-1 | - |
| Siemens | Simatic Cp 1542Sp-1 Firmware | < 1.0.15 |
| Siemens | Simatic Cp 1542Sp-1 | - |
| Siemens | Simatic Cp 1542Sp-1 Irc Firmware | < 1.0.15 |
| Siemens | Simatic Cp 1542Sp-1 Irc | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98369Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038463Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/html/ssa-284673.html
- https://cert-portal.siemens.com/productcert/html/ssa-293562.html
- https://cert-portal.siemens.com/productcert/html/ssa-546832.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02Third Party AdvisoryUS Government Resource
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdfBroken Link
- http://www.securityfocus.com/bid/98369Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038463Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/html/ssa-284673.html
- https://cert-portal.siemens.com/productcert/html/ssa-293562.html
- https://cert-portal.siemens.com/productcert/html/ssa-546832.html
FAQ
What is CVE-2017-2680?
CVE-2017-2680 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the syst...
How severe is CVE-2017-2680?
CVE-2017-2680 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2680?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Cp 343-1 Std Firmware, Siemens Simatic Cp 343-1 Std, Siemens Simatic Cp 343-1 Lean Firmware, Siemens Simatic Cp 343-1 Lean, Siemens Simatic Cp 343-1 Adv Firmware.