CVE-2017-6865

Summary

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

Affected Software

VendorProductVersion RangeStatus
Siemens AGPrimary Setup Tool (PST)All versions < V4.2 HF1affected
Siemens AGSIMATIC Automation ToolAll versions < V3.0affected
Siemens AGSIMATIC NET PC-SoftwareAll versions < V14 SP1affected
Siemens AGSIMATIC PCS 7 V8.1All versionsaffected
Siemens AGSIMATIC PCS 7 V8.2All versions < V8.2 SP1affected
Siemens AGSIMATIC STEP 7 (TIA Portal) V13All versions < V13 SP2affected
Siemens AGSIMATIC STEP 7 (TIA Portal) V14All versions < V14 SP1affected
Siemens AGSIMATIC STEP 7 V5.XAll versions < V5.6affected
Siemens AGSIMATIC WinAC RTX 2010 SP2All versionsaffected
Siemens AGSIMATIC WinAC RTX F 2010 SP2All versionsaffected
Siemens AGSIMATIC WinCC (TIA Portal) V13All versions < V13 SP2affected
Siemens AGSIMATIC WinCC (TIA Portal) V14All versions < V14 SP1affected
Siemens AGSIMATIC WinCC V7.2 and priorAll versionsaffected
Siemens AGSIMATIC WinCC V7.3All versions < V7.3 Update 15affected
Siemens AGSIMATIC WinCC V7.4All versions < V7.4 SP1 Upd1affected
Siemens AGSIMATIC WinCC flexible 2008All versions < flexible 2008 SP5affected
Siemens AGSINAUT ST7CCAll versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15affected
Siemens AGSINEMA ServerAll versions < V14affected
Siemens AGSINUMERIK 808D Programming ToolAll versions < V4.7 SP4 HF2affected
Siemens AGSMART PC AccessAll versions < V2.3affected
Siemens AGSTEP 7 - Micro/WIN SMARTAll versions < V2.3affected
Siemens AGSecurity Configuration Tool (SCT)All versions < V5.0affected
Siemens AGSecurity Configuration Tool (SCT)All versions < V5.0affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References