CVE-2017-6865
N/A
Summary
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens AG | Primary Setup Tool (PST) | All versions < V4.2 HF1 | affected |
| Siemens AG | SIMATIC Automation Tool | All versions < V3.0 | affected |
| Siemens AG | SIMATIC NET PC-Software | All versions < V14 SP1 | affected |
| Siemens AG | SIMATIC PCS 7 V8.1 | All versions | affected |
| Siemens AG | SIMATIC PCS 7 V8.2 | All versions < V8.2 SP1 | affected |
| Siemens AG | SIMATIC STEP 7 (TIA Portal) V13 | All versions < V13 SP2 | affected |
| Siemens AG | SIMATIC STEP 7 (TIA Portal) V14 | All versions < V14 SP1 | affected |
| Siemens AG | SIMATIC STEP 7 V5.X | All versions < V5.6 | affected |
| Siemens AG | SIMATIC WinAC RTX 2010 SP2 | All versions | affected |
| Siemens AG | SIMATIC WinAC RTX F 2010 SP2 | All versions | affected |
| Siemens AG | SIMATIC WinCC (TIA Portal) V13 | All versions < V13 SP2 | affected |
| Siemens AG | SIMATIC WinCC (TIA Portal) V14 | All versions < V14 SP1 | affected |
| Siemens AG | SIMATIC WinCC V7.2 and prior | All versions | affected |
| Siemens AG | SIMATIC WinCC V7.3 | All versions < V7.3 Update 15 | affected |
| Siemens AG | SIMATIC WinCC V7.4 | All versions < V7.4 SP1 Upd1 | affected |
| Siemens AG | SIMATIC WinCC flexible 2008 | All versions < flexible 2008 SP5 | affected |
| Siemens AG | SINAUT ST7CC | All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15 | affected |
| Siemens AG | SINEMA Server | All versions < V14 | affected |
| Siemens AG | SINUMERIK 808D Programming Tool | All versions < V4.7 SP4 HF2 | affected |
| Siemens AG | SMART PC Access | All versions < V2.3 | affected |
| Siemens AG | STEP 7 - Micro/WIN SMART | All versions < V2.3 | affected |
| Siemens AG | Security Configuration Tool (SCT) | All versions < V5.0 | affected |
| Siemens AG | Security Configuration Tool (SCT) | All versions < V5.0 | affected |
Weaknesses
- Other
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf
- https://www.securityfocus.com/bid/98366
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf
- https://www.securityfocus.com/bid/98366
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.