#VU54867 Allocation of Resources Without Limits or Throttling in Siemens products - CVE-2020-28400


Vulnerability identifier: #VU54867

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-28400

CWE-ID: CWE-770

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Hardware solutions / Firmware
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200
Hardware solutions / Firmware
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P
Hardware solutions / Firmware
SCALANCE W700 IEEE 802.11n
Hardware solutions / Firmware
SCALANCE W700 IEEE 802.11ac
Hardware solutions / Firmware
SCALANCE X20204-2LD TS
Hardware solutions / Firmware
SCALANCE X204 -2TS
Hardware solutions / Firmware
SCALANCE X12-2LD
Hardware solutions / Firmware
SCALANCE X302-7EEC
Hardware solutions / Firmware
SCALANCE 304-2FE
Hardware solutions / Firmware
SCALANCE X306-1LDFE
Hardware solutions / Firmware
SCALANCE X307-2EEC
Hardware solutions / Firmware
SCALANCE X307-3
Hardware solutions / Firmware
SCALANCE X307-3LD
Hardware solutions / Firmware
SCALANCE X308-2
Hardware solutions / Firmware
SCALANCE X308-2LD
Hardware solutions / Firmware
SCALANCE X308-2LH
Hardware solutions / Firmware
SCALANCE X308-2LH+
Hardware solutions / Firmware
SCALANCE X308-2M
Hardware solutions / Firmware
SCALANCE X308-2M POE
Hardware solutions / Firmware
SCALANCE X308-2M TS
Hardware solutions / Firmware
SCALANCE X310
Hardware solutions / Firmware
SCALANCE X310FE
Hardware solutions / Firmware
SCALANCE X320-1FE
Hardware solutions / Firmware
SCALANCE X320-3LDFE
Hardware solutions / Firmware
SCALANCE XR324-4M EEC
Hardware solutions / Firmware
SCALANCE XR324-4M POE
Hardware solutions / Firmware
SCALANCE XR324-4M POE TS
Hardware solutions / Firmware
SCALANCE XR324-12M
Hardware solutions / Firmware
SCALANCE XR324-12M TS
Hardware solutions / Firmware
SIMATIC CFU PA
Hardware solutions / Firmware
SIMATIC IE/PB-LINK V3
Hardware solutions / Firmware
SIMATIC NET CM 1542-1
Hardware solutions / Firmware
SIMATIC NET CP1616/CP1604
Hardware solutions / Firmware
SIMATIC NET CP1626
Hardware solutions / Firmware
SIMATIC NET DK-16xx PN IO
Hardware solutions / Firmware
SIMATIC Power Line Booster PLB
Hardware solutions / Firmware
Base Module
Hardware solutions / Firmware
SOFTNET-IE PNIO
Hardware solutions / Firmware
SCALANCE M-800
Hardware solutions / Firmware
SCALANCE S615
Hardware solutions / Firmware
SCALANCE X200-4 P IRT
Hardware solutions / Firmware
SCALANCE XM400
Hardware solutions / Firmware
SCALANCE XR500
Hardware solutions / Firmware
SIMATIC MV500 family
Hardware solutions / Firmware
SIMATIC S7-1200 CPU family
Hardware solutions / Firmware
SIMOCODE proV Ethernet/IP
Hardware solutions / Firmware
SIMOCODE proV PROFINET
Hardware solutions / Firmware
SCALANCE X204-2
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X204-2FM
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X204-2LD
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X206-1
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X206-1LD
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X208PRO
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X212-2
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X216
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X224
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XB-200
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XC-200
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204-2
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF206-1
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF208
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF-200BA
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XP-200
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XR-300WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
RUGGEDCOM RM1224
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X201-3P IRT
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X201-3P IRT PRO
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X202-2 IRT
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X202-2P IRT
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X202-2P IRT PRO
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X204 IRT
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X204 IRT PRO
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF201-3P IRT
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF202-2P IRT
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204 IRT
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XF204-2BA IRT
Hardware solutions / Routers & switches, VoIP, GSM, etc
SIMATIC PROFINET Driver
Hardware solutions / Drivers

Vendor: Siemens

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits issue. A remote attacker can send specially crafted DCP packets and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller: All versions

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200: All versions

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P: All versions

SCALANCE W700 IEEE 802.11n: All versions

SCALANCE W700 IEEE 802.11ac: All versions

SCALANCE X204-2: All versions

SCALANCE X204-2FM: All versions

SCALANCE X204-2LD: All versions

SCALANCE X20204-2LD TS: All versions

SCALANCE X204 -2TS: All versions

SCALANCE X206-1: All versions

SCALANCE X206-1LD: All versions

SCALANCE X208: All versions

SCALANCE X208PRO: All versions

SCALANCE X212-2: All versions

SCALANCE X12-2LD: All versions

SCALANCE X216: All versions

SCALANCE X224: All versions

SCALANCE X302-7EEC: All versions

SCALANCE 304-2FE: All versions

SCALANCE X306-1LDFE: All versions

SCALANCE X307-2EEC: All versions

SCALANCE X307-3: All versions

SCALANCE X307-3LD: All versions

SCALANCE X308-2: All versions

SCALANCE X308-2LD: All versions

SCALANCE X308-2LH: All versions

SCALANCE X308-2LH+: All versions

SCALANCE X308-2M: All versions

SCALANCE X308-2M POE: All versions

SCALANCE X308-2M TS: All versions

SCALANCE X310: All versions

SCALANCE X310FE: All versions

SCALANCE X320-1FE: All versions

SCALANCE X320-3LDFE: All versions

SCALANCE XB-200: All versions

SCALANCE XC-200: All versions

SCALANCE XF204: All versions

SCALANCE XF204-2: All versions

SCALANCE XF206-1: All versions

SCALANCE XF208: All versions

SCALANCE XF-200BA: All versions

SCALANCE XP-200: All versions

SCALANCE XR324-4M EEC: All versions

SCALANCE XR324-4M POE: All versions

SCALANCE XR324-4M POE TS: All versions

SCALANCE XR324-12M: All versions

SCALANCE XR324-12M TS: All versions

SCALANCE XR-300WG: All versions

SIMATIC CFU PA: All versions

SIMATIC IE/PB-LINK V3: All versions

SIMATIC NET CM 1542-1: All versions

SIMATIC NET CP1616/CP1604: All versions

SIMATIC NET CP1626: All versions

SIMATIC NET DK-16xx PN IO: All versions

SIMATIC Power Line Booster PLB: All versions

Base Module: All versions

SIMATIC PROFINET Driver: All versions

SOFTNET-IE PNIO: All versions

RUGGEDCOM RM1224: before 6.4

SCALANCE M-800: before 6.4

SCALANCE S615: before 6.4

SCALANCE X200-4 P IRT: before 5.5.0

SCALANCE X201-3P IRT: before 5.5.0

SCALANCE X201-3P IRT PRO: before 5.5.0

SCALANCE X202-2 IRT: before 5.5.0

SCALANCE X202-2P IRT: before 5.5.0

SCALANCE X202-2P IRT PRO: before 5.5.0

SCALANCE X204 IRT: before 5.5.0

SCALANCE X204 IRT PRO: before 5.5.0

SCALANCE XF201-3P IRT: before 5.5.0

SCALANCE XF202-2P IRT: before 5.5.0

SCALANCE XF204 IRT: before 5.5.0

SCALANCE XF204-2BA IRT: before 5.5.0

SCALANCE XM400: before 6.3.1

SCALANCE XR500: before 6.3.1

SIMATIC MV500 family: before 3.0

SIMATIC S7-1200 CPU family: before 4.5

SIMOCODE proV Ethernet/IP: before 1.1.3

SIMOCODE proV PROFINET: before 2.1.3

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Denial of service in Siemens PROFINET Devices