CVE-2017-6865 — MEDIUM (6.5)

Q: How severe is CVE-2017-6865?

CVE-2017-6865 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-6865?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Pcs 7, Siemens Primary Setup Tool, Siemens Security Configuration Tool, Siemens Simatic Automation Tool, Siemens Simatic Net Pc-Software.

Vulnerability Description

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Pcs 7	-
Siemens	Primary Setup Tool	-
Siemens	Security Configuration Tool	-
Siemens	Simatic Automation Tool	-
Siemens	Simatic Net Pc-Software	-
Siemens	Simatic Step 7 \(Tia Portal\)	5.0
Siemens	Simatic Step 7 Micro\/Win Smart	-
Siemens	Simatic Winac Rtx 2010	-
Siemens	Simatic Winac Rtx F 2010	-
Siemens	Simatic Wincc	-
Siemens	Simatic Wincc \(Tia Portal\)	13.0
Siemens	Simatic Wincc Flexible 2008	-
Siemens	Sinaut St7Cc	-
Siemens	Sinema Server	-
Siemens	Sinumerik 808D Programming Tool	-
Siemens	Smart Pc Access	2.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2017-6865?

CVE-2017-6865 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS ...

How severe is CVE-2017-6865?

CVE-2017-6865 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-6865?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Pcs 7, Siemens Primary Setup Tool, Siemens Security Configuration Tool, Siemens Simatic Automation Tool, Siemens Simatic Net Pc-Software.