Denial of service in Siemens PROFINET Devices

Published: 2021-07-14

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2020-28400
CWE-ID	CWE-770
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller Hardware solutions / Firmware Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 Hardware solutions / Firmware Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P Hardware solutions / Firmware SCALANCE W700 IEEE 802.11n Hardware solutions / Firmware SCALANCE W700 IEEE 802.11ac Hardware solutions / Firmware SCALANCE X20204-2LD TS Hardware solutions / Firmware SCALANCE X204 -2TS Hardware solutions / Firmware SCALANCE X12-2LD Hardware solutions / Firmware SCALANCE X302-7EEC Hardware solutions / Firmware SCALANCE 304-2FE Hardware solutions / Firmware SCALANCE X306-1LDFE Hardware solutions / Firmware SCALANCE X307-2EEC Hardware solutions / Firmware SCALANCE X307-3 Hardware solutions / Firmware SCALANCE X307-3LD Hardware solutions / Firmware SCALANCE X308-2 Hardware solutions / Firmware SCALANCE X308-2LD Hardware solutions / Firmware SCALANCE X308-2LH Hardware solutions / Firmware SCALANCE X308-2LH+ Hardware solutions / Firmware SCALANCE X308-2M Hardware solutions / Firmware SCALANCE X308-2M POE Hardware solutions / Firmware SCALANCE X308-2M TS Hardware solutions / Firmware SCALANCE X310 Hardware solutions / Firmware SCALANCE X310FE Hardware solutions / Firmware SCALANCE X320-1FE Hardware solutions / Firmware SCALANCE X320-3LDFE Hardware solutions / Firmware SCALANCE XR324-4M EEC Hardware solutions / Firmware SCALANCE XR324-4M POE Hardware solutions / Firmware SCALANCE XR324-4M POE TS Hardware solutions / Firmware SCALANCE XR324-12M Hardware solutions / Firmware SCALANCE XR324-12M TS Hardware solutions / Firmware SIMATIC CFU PA Hardware solutions / Firmware SIMATIC IE/PB-LINK V3 Hardware solutions / Firmware SIMATIC NET CM 1542-1 Hardware solutions / Firmware SIMATIC NET CP1616/CP1604 Hardware solutions / Firmware SIMATIC NET CP1626 Hardware solutions / Firmware SIMATIC NET DK-16xx PN IO Hardware solutions / Firmware SIMATIC Power Line Booster PLB Hardware solutions / Firmware Base Module Hardware solutions / Firmware SOFTNET-IE PNIO Hardware solutions / Firmware SCALANCE M-800 Hardware solutions / Firmware SCALANCE S615 Hardware solutions / Firmware SCALANCE X200-4 P IRT Hardware solutions / Firmware SCALANCE XM400 Hardware solutions / Firmware SCALANCE XR500 Hardware solutions / Firmware SIMATIC MV500 family Hardware solutions / Firmware SIMATIC S7-1200 CPU family Hardware solutions / Firmware SIMOCODE proV Ethernet/IP Hardware solutions / Firmware SIMOCODE proV PROFINET Hardware solutions / Firmware SCALANCE X204-2 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204-2FM Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204-2LD Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X206-1 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X206-1LD Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X208 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X208PRO Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X212-2 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X216 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X224 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XB-200 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XC-200 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF204 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF204-2 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF206-1 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF208 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF-200BA Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XP-200 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XR-300WG Hardware solutions / Routers & switches, VoIP, GSM, etc RUGGEDCOM RM1224 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X201-3P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X201-3P IRT PRO Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X202-2 IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X202-2P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X202-2P IRT PRO Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204 IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE X204 IRT PRO Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF201-3P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF202-2P IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF204 IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE XF204-2BA IRT Hardware solutions / Routers & switches, VoIP, GSM, etc SIMATIC PROFINET Driver Hardware solutions / Drivers
Vendor	Siemens

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU54867

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-28400

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits issue. A remote attacker can send specially crafted DCP packets and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller: All versions

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200: All versions

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P: All versions

SCALANCE W700 IEEE 802.11n: All versions

SCALANCE W700 IEEE 802.11ac: All versions

SCALANCE X204-2: All versions

SCALANCE X204-2FM: All versions

SCALANCE X204-2LD: All versions

SCALANCE X20204-2LD TS: All versions

SCALANCE X204 -2TS: All versions

SCALANCE X206-1: All versions

SCALANCE X206-1LD: All versions

SCALANCE X208: All versions

SCALANCE X208PRO: All versions

SCALANCE X212-2: All versions

SCALANCE X12-2LD: All versions

SCALANCE X216: All versions

SCALANCE X224: All versions

SCALANCE X302-7EEC: All versions

SCALANCE 304-2FE: All versions

SCALANCE X306-1LDFE: All versions

SCALANCE X307-2EEC: All versions

SCALANCE X307-3: All versions

SCALANCE X307-3LD: All versions

SCALANCE X308-2: All versions

SCALANCE X308-2LD: All versions

SCALANCE X308-2LH: All versions

SCALANCE X308-2LH+: All versions

SCALANCE X308-2M: All versions

SCALANCE X308-2M POE: All versions

SCALANCE X308-2M TS: All versions

SCALANCE X310: All versions

SCALANCE X310FE: All versions

SCALANCE X320-1FE: All versions

SCALANCE X320-3LDFE: All versions

SCALANCE XB-200: All versions

SCALANCE XC-200: All versions

SCALANCE XF204: All versions

SCALANCE XF204-2: All versions

SCALANCE XF206-1: All versions

SCALANCE XF208: All versions

SCALANCE XF-200BA: All versions

SCALANCE XP-200: All versions

SCALANCE XR324-4M EEC: All versions

SCALANCE XR324-4M POE: All versions

SCALANCE XR324-4M POE TS: All versions

SCALANCE XR324-12M: All versions

SCALANCE XR324-12M TS: All versions

SCALANCE XR-300WG: All versions

SIMATIC CFU PA: All versions

SIMATIC IE/PB-LINK V3: All versions

SIMATIC NET CM 1542-1: All versions

SIMATIC NET CP1616/CP1604: All versions

SIMATIC NET CP1626: All versions

SIMATIC NET DK-16xx PN IO: All versions

SIMATIC Power Line Booster PLB: All versions

Base Module: All versions

SIMATIC PROFINET Driver: All versions

SOFTNET-IE PNIO: All versions

RUGGEDCOM RM1224: before 6.4

SCALANCE M-800: before 6.4

SCALANCE S615: before 6.4

SCALANCE X200-4 P IRT: before 5.5.0

SCALANCE X201-3P IRT: before 5.5.0

SCALANCE X201-3P IRT PRO: before 5.5.0

SCALANCE X202-2 IRT: before 5.5.0

SCALANCE X202-2P IRT: before 5.5.0

SCALANCE X202-2P IRT PRO: before 5.5.0

SCALANCE X204 IRT: before 5.5.0

SCALANCE X204 IRT PRO: before 5.5.0

SCALANCE XF201-3P IRT: before 5.5.0

SCALANCE XF202-2P IRT: before 5.5.0

SCALANCE XF204 IRT: before 5.5.0

SCALANCE XF204-2BA IRT: before 5.5.0

SCALANCE XM400: before 6.3.1

SCALANCE XR500: before 6.3.1

SIMATIC MV500 family: before 3.0

SIMATIC S7-1200 CPU family: before 4.5

SIMOCODE proV Ethernet/IP: before 1.1.3

SIMOCODE proV PROFINET: before 2.1.3

External links

http://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.