Vulnerability identifier: #VU25270
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-400
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Development/Evaluation Kits for PROFINET IO
Hardware solutions /
Firmware
SCALANCE M-800 / S615
Hardware solutions /
Firmware
SCALANCE W-700 (IEEE 802.11n)
Hardware solutions /
Firmware
SIMATIC CP 343-1 ERPC
Hardware solutions /
Firmware
SIMATIC CP 343-1 LEAN
Hardware solutions /
Firmware
SIMATIC ET200AL IM 157-1 PN
Hardware solutions /
Firmware
SIMATIC ET200M IM153-4 PN IO HF
Hardware solutions /
Firmware
SIMATIC ET200M IM153-4 PN IO ST
Hardware solutions /
Firmware
SIMATIC ET200MP IM155-5 PN HF
Hardware solutions /
Firmware
SIMATIC ET200MP IM155-5 PN ST
Hardware solutions /
Firmware
SIMATIC ET 200S
Hardware solutions /
Firmware
SIMATIC ET200SP IM155-6 PN Basic
Hardware solutions /
Firmware
SIMATIC ET200SP IM155-6 PN HF
Hardware solutions /
Firmware
SIMATIC ET200SP IM155-6 PN ST
Hardware solutions /
Firmware
SIMATIC ET 200ecoPN
Hardware solutions /
Firmware
SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0
Hardware solutions /
Firmware
SINAMICS DCP
Hardware solutions /
Firmware
SIMATIC PROFINET Driver
Hardware solutions /
Drivers
RUGGEDCOM RM1224
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X-200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X-200 IRT
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE X-300
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XB-200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XC-200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XP-200
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XF-200BA
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XR-300WG
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XM-400
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE XR-500
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SIMATIC CP 1616
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SIMATIC CP 1604
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SIMATIC ET200pro IM 154-3 PN HF
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SIMATIC ET200pro IM 154-4 PN HF
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SIMATIC RF182C
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SIMATIC RF180C
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SIMATIC CP 343-1 Advanced
Server applications /
SCADA systems
SIMATIC CP 343-1 Standard
Server applications /
SCADA systems
SIMATIC CP 443-1 Advanced
Server applications /
SCADA systems
SIMATIC CP 443-1 Standard
Server applications /
SCADA systems
SIMATIC CP443-1 OPC UA
Server applications /
SCADA systems
SIMATIC RF600
Server applications /
SCADA systems
SIMATIC IPC Support, Package for VxWorks
Web applications /
Modules and components for CMS
SIMATIC MV400
Hardware solutions /
Security hardware applicances
Vendor: Siemens
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the Profinet-IO (PNIO) stack versions prior v06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Mitigation
Vulnerable software versions
Development/Evaluation Kits for PROFINET IO: All versions
SIMATIC PROFINET Driver: All versions
RUGGEDCOM RM1224: All versions
SCALANCE M-800 / S615: All versions
SCALANCE W-700 (IEEE 802.11n): All versions
SCALANCE X-200: All versions
SCALANCE X-200 IRT: All versions
SCALANCE X-300: All versions
SCALANCE XB-200: All versions
SCALANCE XC-200: All versions
SCALANCE XP-200: All versions
SCALANCE XF-200BA: All versions
SCALANCE XR-300WG: All versions
SCALANCE XM-400: All versions
SCALANCE XR-500: All versions
SIMATIC CP 1616: All versions
SIMATIC CP 1604: All versions
SIMATIC CP 343-1 Advanced: All versions
SIMATIC CP 343-1 Standard: All versions
SIMATIC CP 343-1 ERPC: All versions
SIMATIC CP 343-1 LEAN: All versions
SIMATIC CP 443-1 Advanced: All versions
SIMATIC CP 443-1 Standard: All versions
SIMATIC CP443-1 OPC UA: All versions
SIMATIC ET200AL IM 157-1 PN: All versions
SIMATIC ET200M IM153-4 PN IO HF: All versions
SIMATIC ET200M IM153-4 PN IO ST: All versions
SIMATIC ET200MP IM155-5 PN HF: All versions
SIMATIC ET200MP IM155-5 PN ST: All versions
SIMATIC ET 200S: All versions
SIMATIC ET200SP IM155-6 PN Basic: All versions
SIMATIC ET200SP IM155-6 PN HF: All versions
SIMATIC ET200SP IM155-6 PN ST: All versions
SIMATIC ET 200ecoPN: All versions
SIMATIC ET200pro IM 154-3 PN HF: All versions
SIMATIC ET200pro IM 154-4 PN HF: All versions
SIMATIC IPC Support, Package for VxWorks: All versions
SIMATIC MV400: All versions
SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0: All versions
SIMATIC RF182C: All versions
SIMATIC RF180C: All versions
SIMATIC RF600: All versions
SINAMICS DCP: All versions
External links
http://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.