Denial of service in Siemens Multiple Industrial Products



Published: 2017-12-06
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-12741
CWE-ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SINAMICS S150
Hardware solutions / Firmware

SINAMICS G120
Hardware solutions / Firmware

SIMOTION Firmware
Hardware solutions / Firmware

SIMATIC S7-1500 CPU
Hardware solutions / Firmware

SIMATIC S7-1200
Hardware solutions / Firmware

SIMATIC S7-410
Hardware solutions / Firmware

SIMATIC S7-400
Hardware solutions / Firmware

SIMATIC S7-300
Hardware solutions / Firmware

SIMATIC S7-200 Smart
Hardware solutions / Firmware

SIMOCODE pro V PROFINET
Hardware solutions / Firmware

SIMATIC PN/PN Coupler
Hardware solutions / Firmware

SIMATIC Compact Field Unit
Hardware solutions / Firmware

SINUMERIK 840D
Hardware solutions / Firmware

SINAMICS V90
Hardware solutions / Firmware

SINAMICS S120
Hardware solutions / Firmware

SINAMICS S110
Hardware solutions / Firmware

SINAMICS G130
Hardware solutions / Firmware

SINAMICS DCP
Hardware solutions / Firmware

SINAMICS DCM
Hardware solutions / Firmware

SIMATIC WinAC RTX 2010
Hardware solutions / Firmware

SIMATIC ET 200SP
Hardware solutions / Firmware

SIMATIC ET 200S
Hardware solutions / Firmware

SIMATIC ET 200pro
Hardware solutions / Firmware

SIMATIC ET 200MP
Hardware solutions / Firmware

SIMATIC ET 200M
Hardware solutions / Firmware

SIMATIC ET 200ecoPN
Hardware solutions / Firmware

SIMATIC ET 200AL
Hardware solutions / Firmware

Development/Evaluation Kits for PROFINET IO
Hardware solutions / Firmware

Vendor Siemens

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper input validation

EUVDB-ID: #VU9545

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12741

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when processing malicious packets. A remote attacker can send specially crafted packets via UDP port 161 and cause the device to crash or become unresponsive.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SINAMICS S150: 4.7 - 4.8

SINAMICS G120: 4.7

SIMOTION Firmware: 5.1

SIMATIC S7-1500 CPU: 1.0 - 1.8

SIMATIC S7-1200: 2.00 - 4.1.2

SIMATIC S7-410: V8

SIMATIC S7-400: H V6 - PN V6

SIMATIC S7-300: 2.0.0 - 3.3.0

SIMATIC S7-200 Smart: 2.03

SIMOCODE pro V PROFINET: All versions

SIMATIC PN/PN Coupler: All versions

SIMATIC Compact Field Unit: All versions

SINUMERIK 840D: All versions

SINAMICS V90: All versions

SINAMICS S120: All versions

SINAMICS S110: All versions

SINAMICS G130: All versions

SINAMICS DCP: All versions

SINAMICS DCM: All versions

SIMATIC WinAC RTX 2010: All versions

SIMATIC ET 200SP: All versions

SIMATIC ET 200S: All versions

SIMATIC ET 200pro: All versions

SIMATIC ET 200MP: All versions

SIMATIC ET 200M: All versions

SIMATIC ET 200ecoPN: All versions

SIMATIC ET 200AL: All versions

Development/Evaluation Kits for PROFINET IO: All versions

External links

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###