CVE-2017-12741 : Specially crafted packets sent to port 161/udp could cause a denial of service c

Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

Published 2017-12-26 04:29:14

Updated 2024-07-09 12:15:03

Source Siemens AG

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2017-12741

Siemens » Simatic Et 200al Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_et_200al_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Et 200al » Version: N/A
Siemens » Simatic Et 200ecopn Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Et 200ecopn » Version: N/A
Siemens » Simatic Et 200m Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_et_200m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Et 200m » Version: N/A
Siemens » Simatic Et 200mp Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_et_200mp_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Et 200mp » Version: N/A
Siemens » Simatic Et 200pro Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_et_200pro_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Et 200pro » Version: N/A
Siemens » Simatic Et 200s Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_et_200s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Et 200s » Version: N/A
Siemens » Simatic Et 200sp Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_et_200sp_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Et 200sp » Version: N/A
Siemens » Dk Standard Ethernet Controller Firmware » Version: N/A
cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Dk Standard Ethernet Controller » Version: N/A
Siemens » Simatic S7-300 Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_s7-300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-300 » Version: N/A
Siemens » Simatic S7-1200 Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_s7-1200_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-1200 » Version: N/A
Siemens » Simatic S7-1500 Firmware
Versions before (<) 2.0
cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-1500 » Version: N/A
Siemens » Simocode Pro V Profinet Firmware » Version: N/A
cpe:2.3:o:siemens:simocode_pro_v_profinet_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simocode Pro V Profinet » Version: N/A
Siemens » Sinamics Dcm Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_dcm_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics Dcm » Version: N/A
Siemens » Sinamics Dcp Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_dcp_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics Dcp » Version: N/A
Siemens » Sinamics G130 Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_g130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics G130 » Version: N/A
Siemens » Sinamics G150 Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_g150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics G150 » Version: N/A
Siemens » Sinamics S120 Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_s120_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics S120 » Version: N/A
Siemens » Sinumerik 840d Sl Firmware » Version: N/A
cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinumerik 840d Sl » Version: N/A
Siemens » Simatic S7-400pn/dp V7 Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_s7-400pn\/dp_v7_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-400pn/dp V7 » Version: N/A
Siemens » Simatic S7-410 V8 Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_s7-410_v8_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-410 V8 » Version: N/A
Siemens » Simatic S7-1500 Controller Firmware » Version: 2.0
cpe:2.3:o:siemens:simatic_s7-1500_controller_firmware:2.0:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-1500 Controller » Version: N/A
Siemens » Simatic Winac Rtx F 2010 Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_winac_rtx_f_2010_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Winac Rtx F 2010 » Version: N/A
Siemens » Ek-ertec 200pn Io Firmware » Version: N/A
cpe:2.3:o:siemens:ek-ertec_200pn_io_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ek-ertec 200pn Io » Version: N/A
Siemens » Simotion D Firmware
Versions up to, including, (<=) 5.1
cpe:2.3:o:siemens:simotion_d_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simotion D » Version: N/A
Siemens » Simotion C Firmware
Versions up to, including, (<=) 5.1
cpe:2.3:o:siemens:simotion_c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simotion C » Version: N/A
Siemens » Simotion P Firmware
Versions up to, including, (<=) 5.1
cpe:2.3:o:siemens:simotion_p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simotion P » Version: N/A
Siemens » Sinamics G110m/g120pn Firmware
Versions up to, including, (<=) 4.7
cpe:2.3:o:siemens:sinamics_g110m\/g120pn_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics G110m/g120pn » Version: N/A
Siemens » Sinamics S110pn Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_s110pn_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics S110pn » Version: N/A
Siemens » Sinamics S150 V4.7 Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_s150_v4.7_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics S150 V4.7 » Version: N/A
Siemens » Sinamics S150 V4.8 Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_s150_v4.8_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics S150 V4.8 » Version: N/A
Siemens » Sinamics V90pn Firmware » Version: N/A
cpe:2.3:o:siemens:sinamics_v90pn_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sinamics V90pn » Version: N/A
Siemens » Simatic Compact Field Unit Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_compact_field_unit_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Compact Field Unit » Version: N/A
Siemens » Simatic Pn/pn Coupler Firmware » Version: N/A
cpe:2.3:o:siemens:simatic_pn\/pn_coupler_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Pn/pn Coupler » Version: N/A
Siemens » Sirius Soft Starter 3rw44pn Firmware » Version: N/A
cpe:2.3:o:siemens:sirius_soft_starter_3rw44pn_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Sirius Soft Starter 3rw44pn » Version: N/A
Siemens » Simatic S7-400h V6 Firmware
Versions before (<) 6.0.8
cpe:2.3:o:siemens:simatic_s7-400h_v6_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-400h V6 » Version: N/A
Siemens » Ek-ertec 200p Firmware
Versions before (<) 4.5
cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Ek-ertec 200p » Version: N/A
Siemens » Simatic S7-200 Firmware
Versions before (<) 2.03.01
cpe:2.3:o:siemens:simatic_s7-200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-200 » Version: N/A
Siemens » Simatic S7-400pn V6 Firmware
Versions before (<) 6.0.6
cpe:2.3:o:siemens:simatic_s7-400pn_v6_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic S7-400pn V6 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-12741

EPSS FAQ

3.94%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-12741

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Siemens AG	2024-07-09
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/V...	N/A	N/A	Siemens AG	2024-07-09
Attack Vector: Network Attack Complexity: Low Attack Requirements: None Privileges Required: None User Interaction: None Confidentiality (VC): None Integrity (VI): None Availability (VA): High

CWE ids for CVE-2017-12741

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: productcert@siemens.com (Primary)

References for CVE-2017-12741

https://cert-portal.siemens.com/productcert/html/ssa-346262.html

SSA-346262
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf
https://cert-portal.siemens.com/productcert/html/ssa-546832.html

SSA-546832

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf

CVEs referencing this url
https://www.securityfocus.com/bid/101964

Multiple Siemens Products CVE-2017-12741 Denial of Service Vulnerability
https://cert-portal.siemens.com/productcert/html/ssa-141614.html

SSA-141614

Jump to

Vulnerability Details : CVE-2017-12741

Products affected by CVE-2017-12741

Exploit prediction scoring system (EPSS) score for CVE-2017-12741

CVSS scores for CVE-2017-12741

CWE ids for CVE-2017-12741

References for CVE-2017-12741