Denial of service in Siemens Multiple Industrial Products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-12741 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SINAMICS S150 Hardware solutions / Firmware SINAMICS G120 Hardware solutions / Firmware SIMOTION Firmware Hardware solutions / Firmware SIMATIC S7-1500 CPU Hardware solutions / Firmware SIMATIC S7-1200 Hardware solutions / Firmware SIMATIC S7-410 Hardware solutions / Firmware SIMATIC S7-400 Hardware solutions / Firmware SIMATIC S7-300 Hardware solutions / Firmware SIMATIC S7-200 Smart Hardware solutions / Firmware SIMOCODE pro V PROFINET Hardware solutions / Firmware SIMATIC PN/PN Coupler Hardware solutions / Firmware SIMATIC Compact Field Unit Hardware solutions / Firmware SINUMERIK 840D Hardware solutions / Firmware SINAMICS V90 Hardware solutions / Firmware SINAMICS S120 Hardware solutions / Firmware SINAMICS S110 Hardware solutions / Firmware SINAMICS G130 Hardware solutions / Firmware SINAMICS DCP Hardware solutions / Firmware SINAMICS DCM Hardware solutions / Firmware SIMATIC WinAC RTX 2010 Hardware solutions / Firmware SIMATIC ET 200SP Hardware solutions / Firmware SIMATIC ET 200S Hardware solutions / Firmware SIMATIC ET 200pro Hardware solutions / Firmware SIMATIC ET 200MP Hardware solutions / Firmware SIMATIC ET 200M Hardware solutions / Firmware SIMATIC ET 200ecoPN Hardware solutions / Firmware SIMATIC ET 200AL Hardware solutions / Firmware Development/Evaluation Kits for PROFINET IO Hardware solutions / Firmware |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper input validation
EUVDB-ID: #VU9545
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12741
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an error when processing malicious packets. A remote attacker can send specially crafted packets via UDP port 161 and cause the device to crash or become unresponsive.
Successful exploitation of the vulnerability results in denial of service.
MitigationInstall update from vendor's website.
SINAMICS S150: 4.7 - 4.8
SINAMICS G120: 4.7
SIMOTION Firmware: 5.1
SIMATIC S7-1500 CPU: 1.0 - 1.8
SIMATIC S7-1200: 2.00 - 4.1.2
SIMATIC S7-410: V8
SIMATIC S7-400: PN/DP V7 - H V6
SIMATIC S7-300: 2.0.0 - 3.3.0
SIMATIC S7-200 Smart: 2.03
SIMOCODE pro V PROFINET: All versions
SIMATIC PN/PN Coupler: All versions
SIMATIC Compact Field Unit: All versions
SINUMERIK 840D: All versions
SINAMICS V90: All versions
SINAMICS S120: All versions
SINAMICS S110: All versions
SINAMICS G130: All versions
SINAMICS DCP: All versions
SINAMICS DCM: All versions
SIMATIC WinAC RTX 2010: All versions
SIMATIC ET 200SP: All versions
SIMATIC ET 200S: All versions
SIMATIC ET 200pro: All versions
SIMATIC ET 200MP: All versions
SIMATIC ET 200M: All versions
SIMATIC ET 200ecoPN: All versions
SIMATIC ET 200AL: All versions
Development/Evaluation Kits for PROFINET IO: All versions
CPE2.3- cpe:2.3:h:siemens:sinamics_s150:4.7:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinamics_s150:4.8:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinamics_g120:4.7:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simotion_firmware:5.1:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu:1.0:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1500_cpu:1.5:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1200:2.00:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1200:2.2:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-1200:2.3:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-410:V8:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-400:PN/DP V7:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-300:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-200_smart:2.03:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simocode_pro_v_profinet:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_pn_pn_coupler:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_compact_field_unit:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinumerik_840d:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinamics_v90:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinamics_s120:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinamics_s110:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinamics_g130:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinamics_dcp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:sinamics_dcm:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_winac_rtx_2010:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_et_200sp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_et_200s:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_et_200pro:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_et_200mp:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_et_200m:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_et_200ecopn:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_et_200al:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:development_evaluation_kits_for_profinet_io:*:*:*:*:*:*:*:*
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
