Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cnvd-2017-06152
Vulnerability from cnvd
Title: Siemens多个工业产品存在拒绝服务漏洞
Description:
SIMATIC WinCC(TIA Portal)、SIMATIC STEP 7、SMART PC Access、SIMATIC Automation Tool等都是德国西门子(Siemens)公司的工业自动化产品。
Siemens多个工业产品存在拒绝服务漏洞。当PROFINET DCP广播数据包发送到本地以太网段(第2层)上的受影响的产品时,攻击者可在某些情况下通过PROFINET DCP网络数据包导致拒绝服务条件。这些服务需要手动重新启动才能恢复。
Severity: 中
Patch Name: Siemens多个工业产品存在拒绝服务漏洞的补丁
Patch Description:
SIMATIC WinCC(TIA Portal)、SIMATIC STEP 7、SMART PC Access、SIMATIC Automation Tool等都是德国西门子(Siemens)公司的工业自动化产品。
Siemens多个工业产品存在拒绝服务漏洞。当PROFINET DCP广播数据包发送到本地以太网段(第2层)上的受影响的产品时,攻击者可在某些情况下通过PROFINET DCP网络数据包导致拒绝服务条件。这些服务需要手动重新启动才能恢复。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
用户可联系供应商获得补丁信息: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf
Reference: http://www.siemens.com/cert/en/cert-security-advisories.htm
Impacted products
| Name | ['Siemens SIMATIC WinCC Flexible 2008', 'Siemens SIMATIC WinCC 0', 'Siemens SIMATIC STEP 7 5.x', 'SIEMENS SIMATIC WinAC RTX 2010 SP2 All', 'SIEMENS SIMATIC WinAC RTX F 2010 SP2 All', 'SIEMENS Security Configuration Tool (SCT) All', 'SIEMENS Primary Setup Tool (PST) All', 'SIEMENS SIMATIC PCS 7', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional <V13 SP2', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional <V14 SP1', 'Siemens SIMATIC STEP 7 (TIA Portal) <V13 SP2', 'Siemens SIMATIC STEP 7 (TIA Portal) <V14 SP1', 'SIEMENS STEP 7 - Micro / WIN SMART', 'SIEMENS SMART PC Access 2.0', 'SIEMENS SIMATIC Automation Tool', 'SIEMENS SIMATIC NET PC-Software', 'SIEMENS SINAUT ST7CC', 'SIEMENS SINUMERIK 808D Programming Tool'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-6865"
}
},
"description": "SIMATIC WinCC\uff08TIA Portal\uff09\u3001SIMATIC STEP 7\u3001SMART PC Access\u3001SIMATIC Automation Tool\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u4ea7\u54c1\u3002\r\n\r\nSiemens\u591a\u4e2a\u5de5\u4e1a\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53PROFINET DCP\u5e7f\u64ad\u6570\u636e\u5305\u53d1\u9001\u5230\u672c\u5730\u4ee5\u592a\u7f51\u6bb5\uff08\u7b2c2\u5c42\uff09\u4e0a\u7684\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u901a\u8fc7PROFINET DCP\u7f51\u7edc\u6570\u636e\u5305\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u8fd9\u4e9b\u670d\u52a1\u9700\u8981\u624b\u52a8\u91cd\u65b0\u542f\u52a8\u624d\u80fd\u6062\u590d\u3002",
"discovererName": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team",
"formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-06152",
"openTime": "2017-05-09",
"patchDescription": "SIMATIC WinCC\uff08TIA Portal\uff09\u3001SIMATIC STEP 7\u3001SMART PC Access\u3001SIMATIC Automation Tool\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u4ea7\u54c1\u3002\r\n\r\nSiemens\u591a\u4e2a\u5de5\u4e1a\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53PROFINET DCP\u5e7f\u64ad\u6570\u636e\u5305\u53d1\u9001\u5230\u672c\u5730\u4ee5\u592a\u7f51\u6bb5\uff08\u7b2c2\u5c42\uff09\u4e0a\u7684\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u901a\u8fc7PROFINET DCP\u7f51\u7edc\u6570\u636e\u5305\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u8fd9\u4e9b\u670d\u52a1\u9700\u8981\u624b\u52a8\u91cd\u65b0\u542f\u52a8\u624d\u80fd\u6062\u590d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens\u591a\u4e2a\u5de5\u4e1a\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SIMATIC WinCC Flexible 2008",
"Siemens SIMATIC WinCC 0",
"Siemens SIMATIC STEP 7 5.x",
"SIEMENS SIMATIC WinAC RTX 2010 SP2 All",
"SIEMENS SIMATIC WinAC RTX F 2010 SP2 All",
"SIEMENS Security Configuration Tool (SCT) All",
"SIEMENS Primary Setup Tool (PST) All",
"SIEMENS SIMATIC PCS 7",
"SIEMENS SIMATIC WinCC (TIA Portal) Professional \u003cV13 SP2",
"SIEMENS SIMATIC WinCC (TIA Portal) Professional \u003cV14 SP1",
"Siemens SIMATIC STEP 7 (TIA Portal) \u003cV13 SP2",
"Siemens SIMATIC STEP 7 (TIA Portal) \u003cV14 SP1",
"SIEMENS STEP 7 - Micro / WIN SMART",
"SIEMENS SMART PC Access 2.0",
"SIEMENS SIMATIC Automation Tool",
"SIEMENS SIMATIC NET PC-Software",
"SIEMENS SINAUT ST7CC",
"SIEMENS SINUMERIK 808D Programming Tool"
]
},
"referenceLink": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
"serverity": "\u4e2d",
"submitTime": "2017-05-09",
"title": "Siemens\u591a\u4e2a\u5de5\u4e1a\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
CVE-2017-6865 (GCVE-0-2017-6865)
Vulnerability from cvelistv5
Published
2017-05-11 10:00
Modified
2024-08-05 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf | x_refsource_CONFIRM | |
| https://www.securityfocus.com/bid/98366 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens AG | Primary Setup Tool (PST) |
Version: All versions < V4.2 HF1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf"
},
{
"name": "98366",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/98366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Primary Setup Tool (PST)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2 HF1"
}
]
},
{
"product": "SIMATIC Automation Tool",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0"
}
]
},
{
"product": "SIMATIC NET PC-Software",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1"
}
]
},
{
"product": "SIMATIC PCS 7 V8.1",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC PCS 7 V8.2",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2 SP1"
}
]
},
{
"product": "SIMATIC STEP 7 (TIA Portal) V13",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13 SP2"
}
]
},
{
"product": "SIMATIC STEP 7 (TIA Portal) V14",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1"
}
]
},
{
"product": "SIMATIC STEP 7 V5.X",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.6"
}
]
},
{
"product": "SIMATIC WinAC RTX 2010 SP2",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinAC RTX F 2010 SP2",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC (TIA Portal) V13",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13 SP2"
}
]
},
{
"product": "SIMATIC WinCC (TIA Portal) V14",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1"
}
]
},
{
"product": "SIMATIC WinCC V7.2 and prior",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC V7.3",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.3 Update 15"
}
]
},
{
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.4 SP1 Upd1"
}
]
},
{
"product": "SIMATIC WinCC flexible 2008",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c flexible 2008 SP5"
}
]
},
{
"product": "SINAUT ST7CC",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15"
}
]
},
{
"product": "SINEMA Server",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14"
}
]
},
{
"product": "SINUMERIK 808D Programming Tool",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP4 HF2"
}
]
},
{
"product": "SMART PC Access",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"product": "STEP 7 - Micro/WIN SMART",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3"
}
]
},
{
"product": "Security Configuration Tool (SCT)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0"
}
]
},
{
"product": "Security Configuration Tool (SCT)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0"
}
]
}
],
"datePublic": "2017-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC Automation Tool (All versions \u003c V3.0), SIMATIC NET PC-Software (All versions \u003c V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC STEP 7 V5.X (All versions \u003c V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Update 15), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions \u003c flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15), SINEMA Server (All versions \u003c V14), SINUMERIK 808D Programming Tool (All versions \u003c V4.7 SP4 HF2), SMART PC Access (All versions \u003c V2.3), STEP 7 - Micro/WIN SMART (All versions \u003c V2.3), Security Configuration Tool (SCT) (All versions \u003c V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-21T15:44:20",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf"
},
{
"name": "98366",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/98366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2017-6865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Primary Setup Tool (PST)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.2 HF1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC Automation Tool",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.0"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC NET PC-Software",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.2 SP1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 (TIA Portal) V13",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13 SP2"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 (TIA Portal) V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.6"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinAC RTX 2010 SP2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinAC RTX F 2010 SP2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13 SP2"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC V7.2 and prior",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.3 Update 15"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.4 SP1 Upd1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC flexible 2008",
"version": {
"version_data": [
{
"version_value": "All versions \u003c flexible 2008 SP5"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SINAUT ST7CC",
"version": {
"version_data": [
{
"version_value": "All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SINEMA Server",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SINUMERIK 808D Programming Tool",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.7 SP4 HF2"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "SMART PC Access",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.3"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "STEP 7 - Micro/WIN SMART",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.3"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "Security Configuration Tool (SCT)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.0"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
},
{
"product": {
"product_data": [
{
"product_name": "Security Configuration Tool (SCT)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.0"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC Automation Tool (All versions \u003c V3.0), SIMATIC NET PC-Software (All versions \u003c V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC STEP 7 V5.X (All versions \u003c V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Update 15), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions \u003c flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15), SINEMA Server (All versions \u003c V14), SINUMERIK 808D Programming Tool (All versions \u003c V4.7 SP4 HF2), SMART PC Access (All versions \u003c V2.3), STEP 7 - Micro/WIN SMART (All versions \u003c V2.3), Security Configuration Tool (SCT) (All versions \u003c V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf"
},
{
"name": "98366",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/98366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-6865",
"datePublished": "2017-05-11T10:00:00",
"dateReserved": "2017-03-13T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…