#VU9545 Improper input validation in Siemens products - CVE-2017-12741

Vulnerability identifier: #VU9545

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12741

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SINAMICS S150
Hardware solutions / Firmware
SINAMICS G120
Hardware solutions / Firmware
SIMOTION Firmware
Hardware solutions / Firmware
SIMATIC S7-1500 CPU
Hardware solutions / Firmware
SIMATIC S7-1200
Hardware solutions / Firmware
SIMATIC S7-410
Hardware solutions / Firmware
SIMATIC S7-400
Hardware solutions / Firmware
SIMATIC S7-300
Hardware solutions / Firmware
SIMATIC S7-200 Smart
Hardware solutions / Firmware
SIMOCODE pro V PROFINET
Hardware solutions / Firmware
SIMATIC PN/PN Coupler
Hardware solutions / Firmware
SIMATIC Compact Field Unit
Hardware solutions / Firmware
SINUMERIK 840D
Hardware solutions / Firmware
SINAMICS V90
Hardware solutions / Firmware
SINAMICS S120
Hardware solutions / Firmware
SINAMICS S110
Hardware solutions / Firmware
SINAMICS G130
Hardware solutions / Firmware
SINAMICS DCP
Hardware solutions / Firmware
SINAMICS DCM
Hardware solutions / Firmware
SIMATIC WinAC RTX 2010
Hardware solutions / Firmware
SIMATIC ET 200SP
Hardware solutions / Firmware
SIMATIC ET 200S
Hardware solutions / Firmware
SIMATIC ET 200pro
Hardware solutions / Firmware
SIMATIC ET 200MP
Hardware solutions / Firmware
SIMATIC ET 200M
Hardware solutions / Firmware
SIMATIC ET 200ecoPN
Hardware solutions / Firmware
SIMATIC ET 200AL
Hardware solutions / Firmware
Development/Evaluation Kits for PROFINET IO
Hardware solutions / Firmware

Vendor: Siemens

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when processing malicious packets. A remote attacker can send specially crafted packets via UDP port 161 and cause the device to crash or become unresponsive.

Successful exploitation of the vulnerability results in denial of service.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SINAMICS S150: 4.7 - 4.8

SINAMICS G120: 4.7

SIMOTION Firmware: 5.1

SIMATIC S7-1500 CPU: 1.0 - 1.8

SIMATIC S7-1200: 2.00 - 4.1.2

SIMATIC S7-410: V8

SIMATIC S7-400: PN/DP V7 - H V6

SIMATIC S7-300: 2.0.0 - 3.3.0

SIMATIC S7-200 Smart: 2.03

SIMOCODE pro V PROFINET: All versions

SIMATIC PN/PN Coupler: All versions

SIMATIC Compact Field Unit: All versions

SINUMERIK 840D: All versions

SINAMICS V90: All versions

SINAMICS S120: All versions

SINAMICS S110: All versions

SINAMICS G130: All versions

SINAMICS DCP: All versions

SINAMICS DCM: All versions

SIMATIC WinAC RTX 2010: All versions

SIMATIC ET 200SP: All versions

SIMATIC ET 200S: All versions

SIMATIC ET 200pro: All versions

SIMATIC ET 200MP: All versions

SIMATIC ET 200M: All versions

SIMATIC ET 200ecoPN: All versions

SIMATIC ET 200AL: All versions

Development/Evaluation Kits for PROFINET IO: All versions

---

External links
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262.pdf

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.