CVE-2017-6865

EPSS 0.08%
Published 11.05.2017 10:29:00
Last modified 20.04.2025 01:37:25
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Pcs 7 Version-

Siemens ≫ Primary Setup Tool Version-

Siemens ≫ Security Configuration Tool Version-

Siemens ≫ Simatic Automation Tool Version-

Siemens ≫ Simatic Net Pc-software Version-

Siemens ≫ Simatic Winac Rtx 2010 Version- Updatesp2

Siemens ≫ Simatic Winac Rtx F 2010 Version- Updatesp2

Siemens ≫ Simatic Wincc Version-

Siemens ≫ Simatic Wincc Flexible 2008 Version-

Siemens ≫ Sinaut St7cc Version-

Siemens ≫ Sinema Server Version-

Siemens ≫ Sinumerik 808d Programming Tool Version-

Siemens ≫ Smart Pc Access Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.217

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf

https://www.securityfocus.com/bid/98366

https://nvd.nist.gov/vuln/detail/CVE-2017-6865

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6865

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6865

EUVD