CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2017-2680

SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.
Publish Date : 2017-05-10 Last Update Date : 2018-05-10
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
6.1
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact None (There is no impact to the integrity of the system)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s)
CWE ID 20

- Products Affected By CVE-2017-2680

# Product Type Vendor Product Version Update Edition Language
1 OS Siemens Dk Standard Ethernet Controller Firmware 4.1.1 Version Details Vulnerabilities
2 OS Siemens Ek-ertec 200 Pn Io Firmware 4.2.1 Version Details Vulnerabilities
3 OS Siemens Ek-ertec 200p Pn Io Firmware 4.4.0 Version Details Vulnerabilities
4 OS Siemens Ie/as-i Link Pn Io Firmware - Version Details Vulnerabilities
5 OS Siemens Ie/pb-link Firmware - Version Details Vulnerabilities
6 OS Siemens Pn/pn Coupler Firmware - Version Details Vulnerabilities
7 OS Siemens Scalance M-800 Firmware - Version Details Vulnerabilities
8 OS Siemens Scalance S615 Firmware - Version Details Vulnerabilities
9 OS Siemens Scalance W700 Firmware - Version Details Vulnerabilities
10 OS Siemens Scalance X200 Firmware - Version Details Vulnerabilities
11 OS Siemens Scalance X200 Irt Firmware - Version Details Vulnerabilities
12 OS Siemens Scalance X300 Firmware - Version Details Vulnerabilities
13 OS Siemens Scalance X408 Firmware - Version Details Vulnerabilities
14 OS Siemens Scalance X414 Firmware - Version Details Vulnerabilities
15 OS Siemens Scalance Xm400 Firmware - Version Details Vulnerabilities
16 OS Siemens Scalance Xr500 Firmware - Version Details Vulnerabilities
17 OS Siemens Simatic Cm 1542-1 Firmware - Version Details Vulnerabilities
18 OS Siemens Simatic Cp 1243-1 Firmware - Version Details Vulnerabilities
19 OS Siemens Simatic Cp 1542sp-1 Firmware - Version Details Vulnerabilities
20 OS Siemens Simatic Cp 1542sp-1 Irc Firmware - Version Details Vulnerabilities
21 OS Siemens Simatic Cp 1543-1 Firmware - Version Details Vulnerabilities
22 OS Siemens Simatic Cp 1543sp-1 Firmware - Version Details Vulnerabilities
23 OS Siemens Simatic Cp 1604 Firmware - Version Details Vulnerabilities
24 OS Siemens Simatic Cp 1616 Firmware - Version Details Vulnerabilities
25 OS Siemens Simatic Cp 343-1 Adv Firmware - Version Details Vulnerabilities
26 OS Siemens Simatic Cp 343-1 Lean Firmware - Version Details Vulnerabilities
27 OS Siemens Simatic Cp 343-1 Std Firmware - Version Details Vulnerabilities
28 OS Siemens Simatic Cp 443-1 Adv Firmware - Version Details Vulnerabilities
29 OS Siemens Simatic Cp 443-1 Opc-ua Firmware - Version Details Vulnerabilities
30 OS Siemens Simatic Cp 443-1 Std Firmware - Version Details Vulnerabilities
31 OS Siemens Simatic Dk-16xx Pn Io Firmware - Version Details Vulnerabilities
32 OS Siemens Simatic Et 200al Firmware - Version Details Vulnerabilities
33 OS Siemens Simatic Et 200ecopn Firmware - Version Details Vulnerabilities
34 OS Siemens Simatic Et 200m Firmware - Version Details Vulnerabilities
35 OS Siemens Simatic Et 200mp Firmware - Version Details Vulnerabilities
36 OS Siemens Simatic Et 200pro Firmware - Version Details Vulnerabilities
37 OS Siemens Simatic Et 200s Firmware - Version Details Vulnerabilities
38 OS Siemens Simatic Et 200sp Firmware - Version Details Vulnerabilities
39 OS Siemens Simatic Hmi Comfort Panels - Version Details Vulnerabilities
40 OS Siemens Simatic Hmi Mobile Panels - Version Details Vulnerabilities
41 OS Siemens Simatic Hmi Multi Panels - Version Details Vulnerabilities
42 OS Siemens Simatic Rf650r Firmware - Version Details Vulnerabilities
43 OS Siemens Simatic Rf680r Firmware - Version Details Vulnerabilities
44 OS Siemens Simatic Rf685r Firmware - Version Details Vulnerabilities
45 OS Siemens Simatic S7-1200 Firmware - Version Details Vulnerabilities
46 OS Siemens Simatic S7-1500 Firmware - Version Details Vulnerabilities
47 OS Siemens Simatic S7-1500 Software Controller Firmware - Version Details Vulnerabilities
48 OS Siemens Simatic S7-200 Smart Firmware - Version Details Vulnerabilities
49 OS Siemens Simatic S7-300 Firmware - Version Details Vulnerabilities
50 OS Siemens Simatic S7-400 Firmware - Version Details Vulnerabilities
51 OS Siemens Simatic Teleservice Adapter Ie Advanced Modem Firmware - Version Details Vulnerabilities
52 OS Siemens Simatic Teleservice Adapter Ie Basic Modem Firmware - Version Details Vulnerabilities
53 OS Siemens Simatic Teleservice Adapter Standard Modem Firmware - Version Details Vulnerabilities
54 OS Siemens Simatic Winac Rtx 2010 Firmware - Version Details Vulnerabilities
55 OS Siemens Simocode Pro V Profinet Firmware - Version Details Vulnerabilities
56 OS Siemens Simotion Firmware 4.5 Version Details Vulnerabilities
57 OS Siemens Sinamics S110 W. Pn Firmware - Version Details Vulnerabilities
58 OS Siemens Sinamics Dcm Firmware - Version Details Vulnerabilities
59 OS Siemens Sinamics Dcp Firmware - Version Details Vulnerabilities
60 OS Siemens Sinamics G110m Firmware 4.7 Version Details Vulnerabilities
61 OS Siemens Sinamics G120(c/p/d) W. Pn Firmware 4.7 Version Details Vulnerabilities
62 OS Siemens Sinamics G130 Firmware 4.8 Version Details Vulnerabilities
63 OS Siemens Sinamics G150 Firmware 4.8 Version Details Vulnerabilities
64 OS Siemens Sinamics S120 Firmware 4.8 Version Details Vulnerabilities
65 OS Siemens Sinamics S150 Firmware 4.8 Version Details Vulnerabilities
66 OS Siemens Sinamics V90 W. Pn Firmware - Version Details Vulnerabilities
67 OS Siemens Sinumerik 828d Firmware 4.5 Version Details Vulnerabilities
68 OS Siemens Sinumerik 828d Firmware 4.7 Version Details Vulnerabilities
69 OS Siemens Sinumerik 840d Sl Firmware 4.5 Version Details Vulnerabilities
70 OS Siemens Sinumerik 840d Sl Firmware 4.7 Version Details Vulnerabilities
71 OS Siemens Sirius Act 3su1 Firmware - Version Details Vulnerabilities
72 OS Siemens Sirius Motor Starter M200d Profinet Firmware - Version Details Vulnerabilities
73 OS Siemens Sirius Soft Starter 3rw44 Pn Firmware - Version Details Vulnerabilities
74 OS Siemens Sitop Psu8600 Firmware - Version Details Vulnerabilities
75 OS Siemens Softnet Profinet Io Firmware - Version Details Vulnerabilities
76 OS Siemens Ups1600 Profinet Firmware - Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Siemens Dk Standard Ethernet Controller Firmware 1
Siemens Ek-ertec 200 Pn Io Firmware 1
Siemens Ek-ertec 200p Pn Io Firmware 1
Siemens Ie/as-i Link Pn Io Firmware 1
Siemens Ie/pb-link Firmware 1
Siemens Pn/pn Coupler Firmware 1
Siemens Scalance M-800 Firmware 1
Siemens Scalance S615 Firmware 1
Siemens Scalance W700 Firmware 1
Siemens Scalance X200 Firmware 1
Siemens Scalance X200 Irt Firmware 1
Siemens Scalance X300 Firmware 1
Siemens Scalance X408 Firmware 1
Siemens Scalance X414 Firmware 1
Siemens Scalance Xm400 Firmware 1
Siemens Scalance Xr500 Firmware 1
Siemens Simatic Cm 1542-1 Firmware 1
Siemens Simatic Cp 1243-1 Firmware 1
Siemens Simatic Cp 1542sp-1 Firmware 1
Siemens Simatic Cp 1542sp-1 Irc Firmware 1
Siemens Simatic Cp 1543-1 Firmware 1
Siemens Simatic Cp 1543sp-1 Firmware 1
Siemens Simatic Cp 1604 Firmware 1
Siemens Simatic Cp 1616 Firmware 1
Siemens Simatic Cp 343-1 Adv Firmware 1
Siemens Simatic Cp 343-1 Lean Firmware 1
Siemens Simatic Cp 343-1 Std Firmware 1
Siemens Simatic Cp 443-1 Adv Firmware 1
Siemens Simatic Cp 443-1 Opc-ua Firmware 1
Siemens Simatic Cp 443-1 Std Firmware 1
Siemens Simatic Dk-16xx Pn Io Firmware 1
Siemens Simatic Et 200al Firmware 1
Siemens Simatic Et 200ecopn Firmware 1
Siemens Simatic Et 200m Firmware 1
Siemens Simatic Et 200mp Firmware 1
Siemens Simatic Et 200pro Firmware 1
Siemens Simatic Et 200s Firmware 1
Siemens Simatic Et 200sp Firmware 1
Siemens Simatic Hmi Comfort Panels 1
Siemens Simatic Hmi Mobile Panels 1
Siemens Simatic Hmi Multi Panels 1
Siemens Simatic Rf650r Firmware 1
Siemens Simatic Rf680r Firmware 1
Siemens Simatic Rf685r Firmware 1
Siemens Simatic S7-1200 Firmware 1
Siemens Simatic S7-1500 Firmware 1
Siemens Simatic S7-1500 Software Controller Firmware 1
Siemens Simatic S7-200 Smart Firmware 1
Siemens Simatic S7-300 Firmware 1
Siemens Simatic S7-400 Firmware 1
Siemens Simatic Teleservice Adapter Ie Advanced Modem Firmware 1
Siemens Simatic Teleservice Adapter Ie Basic Modem Firmware 1
Siemens Simatic Teleservice Adapter Standard Modem Firmware 1
Siemens Simatic Winac Rtx 2010 Firmware 1
Siemens Simocode Pro V Profinet Firmware 1
Siemens Simotion Firmware 1
Siemens Sinamics S110 W. Pn Firmware 1
Siemens Sinamics Dcm Firmware 1
Siemens Sinamics Dcp Firmware 1
Siemens Sinamics G110m Firmware 1
Siemens Sinamics G120(c/p/d) W. Pn Firmware 1
Siemens Sinamics G130 Firmware 1
Siemens Sinamics G150 Firmware 1
Siemens Sinamics S120 Firmware 1
Siemens Sinamics S150 Firmware 1
Siemens Sinamics V90 W. Pn Firmware 1
Siemens Sinumerik 828d Firmware 2
Siemens Sinumerik 840d Sl Firmware 2
Siemens Sirius Act 3su1 Firmware 1
Siemens Sirius Motor Starter M200d Profinet Firmware 1
Siemens Sirius Soft Starter 3rw44 Pn Firmware 1
Siemens Sitop Psu8600 Firmware 1
Siemens Softnet Profinet Io Firmware 1
Siemens Ups1600 Profinet Firmware 1

- References For CVE-2017-2680

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf CONFIRM
http://www.securityfocus.com/bid/98369
BID 98369 Multiple Siemens Products Multiple Denial of Service Vulnerabilities Release Date:2018-05-09
http://www.securitytracker.com/id/1038463
SECTRACK 1038463

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)

- Metasploit Modules Related To CVE-2017-2680

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.