CVE-2017-2681 — MEDIUM (6.5)

Q: How severe is CVE-2017-2681?

CVE-2017-2681 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-2681?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Cp 343-1 Std Firmware, Siemens Simatic Cp 343-1 Std, Siemens Simatic Cp 343-1 Lean Firmware, Siemens Simatic Cp 343-1 Lean, Siemens Simatic Cp 343-1 Adv Firmware.

Vulnerability Description

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Simatic Cp 343-1 Std Firmware	< 3.1.3
Siemens	Simatic Cp 343-1 Std	-
Siemens	Simatic Cp 343-1 Lean Firmware	< 3.1.3
Siemens	Simatic Cp 343-1 Lean	-
Siemens	Simatic Cp 343-1 Adv Firmware	All versions
Siemens	Simatic Cp 343-1 Adv	-
Siemens	Simatic Cp 443-1 Std Firmware	< 3.2.17
Siemens	Simatic Cp 443-1 Std	-
Siemens	Simatic Cp 443-1 Adv Firmware	< 3.2.17
Siemens	Simatic Cp 443-1 Adv	-
Siemens	Simatic Cp 443-1 Opc-Ua Firmware	All versions
Siemens	Simatic Cp 443-1 Opc-Ua	-
Siemens	Simatic Cp 1243-1 Firmware	< 2.1.82
Siemens	Simatic Cp 1243-1	-
Siemens	Simatic Cm 1542-1 Firmware	< 2.0
Siemens	Simatic Cm 1542-1	-
Siemens	Simatic Cp 1543Sp-1 Firmware	< 1.0.15
Siemens	Simatic Cp 1542Sp-1	-
Siemens	Simatic Cp 1542Sp-1 Irc Firmware	< 1.0.15
Siemens	Simatic Cp 1542Sp-1 Irc	-

Related Weaknesses (CWE)

CWE-400

References

http://www.securityfocus.com/bid/98369Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038463Third Party AdvisoryVDB Entry
https://cert-portal.siemens.com/productcert/html/ssa-293562.html
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfVendor Advisory
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdfBroken Link
http://www.securityfocus.com/bid/98369Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038463Third Party AdvisoryVDB Entry
https://cert-portal.siemens.com/productcert/html/ssa-293562.html
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfVendor Advisory
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdfBroken Link

FAQ

What is CVE-2017-2681?

CVE-2017-2681 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to rec...

How severe is CVE-2017-2681?

CVE-2017-2681 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2681?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Cp 343-1 Std Firmware, Siemens Simatic Cp 343-1 Std, Siemens Simatic Cp 343-1 Lean Firmware, Siemens Simatic Cp 343-1 Lean, Siemens Simatic Cp 343-1 Adv Firmware.