Vulnerability Details : CVE-2015-2177
Potential exploit
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
Vulnerability category: Denial of service
Products affected by CVE-2015-2177
- cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:simatic_s7-300_cpu:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2177
50.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2177
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2015-2177
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2177
-
https://www.exploit-db.com/exploits/44802/
Siemens SIMATIC S7-300 CPU - Remote Denial of Service
-
http://www.securityfocus.com/bid/72973
Siemens SIMATIC S7-300 CVE-2015-2177 Denial of Service Vulnerability
-
https://ics-cert.us-cert.gov/advisories/ICSA-15-064-04
Siemens SIMATIC S7-300 CPU Denial-of-Service Vulnerability | CISA
-
http://www.securitytracker.com/id/1032040
Siemens SIMATIC S7-300 Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf
-
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-987029.pdf
Vendor Advisory
Jump to