CVE-2017-2681 is a vulnerability in Siemens Simatic S7 1500 Software Controller
Published on May 11, 2017

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2017-2681 has been classified to as a Resource Exhaustion vulnerability or weakness.

Products Associated with CVE-2017-2681

Want to know whenever a new CVE is published for Siemens Simatic S7 1500 Software Controller? stack.watch will email you.

Siemens Simatic S7 1500 Software Controller

Affected Versions

Siemens Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller:

Version All versions < V4.1.1 Patch04 is affected.

Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200:

Version All versions < V4.2.1 Patch03 is affected.

Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P:

Version All versions < V4.4.0 Patch01 is affected.

Siemens IE/AS-i Link PN IO:

Version All versions is affected.

Siemens IE/PB-Link (incl. SIPLUS NET variants):

Version All versions < V3.0 is affected.

Siemens SCALANCE M-800 family (incl. S615, MUM-800 and RM1224):

Version All versions < V4.03 is affected.

Siemens SCALANCE W-700 IEEE 802.11n family:

Version All versions < V6.1 is affected.

Siemens SCALANCE X-200 family (incl. SIPLUS NET variants):

Version All versions < V5.2.2 is affected.

Siemens SCALANCE X-200IRT family (incl. SIPLUS NET variants):

Version All versions < V5.4.0 is affected.

Siemens SCALANCE X-300 family (incl. X408 and SIPLUS NET variants):

Version All versions < V4.1.0 is affected.

Siemens SCALANCE X408 family:

Version All versions < V4.1.0 is affected.

Siemens SCALANCE X414:

Version All versions < V3.10.2 is affected.

Siemens SCALANCE XM-400 family:

Version All versions < V6.1 is affected.

Siemens SCALANCE XR-500 family:

Version All versions < V6.1 is affected.

Siemens SIMATIC CM 1542-1:

Version All versions < V2.0 is affected.

Siemens SIMATIC CM 1542SP-1:

Version All versions < V1.0.15 is affected.

Siemens SIMATIC CP 1243-1 (incl. SIPLUS variants):

Version All versions < V2.1.82 is affected.

Siemens SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants):

Before * is affected.

Siemens SIMATIC CP 1243-1 IEC (incl. SIPLUS variants):

Version All versions is affected.

Siemens SIMATIC CP 1243-8 IRC:

Version All versions < V2.1.82 is affected.

Siemens SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants):

Version All versions < V1.0.15 is affected.

Siemens SIMATIC CP 1543-1 (incl. SIPLUS variants):

Version All versions < V2.1 is affected.

Siemens SIMATIC CP 1543SP-1 (incl. SIPLUS variants):

Version All versions < V1.0.15 is affected.

Siemens SIMATIC CP 1604:

Version All versions < V2.7 is affected.

Siemens SIMATIC CP 1616:

Version All versions < V2.7 is affected.

Siemens SIMATIC CP 343-1 (incl. SIPLUS variants):

Version All versions < V3.1.3 is affected.

Siemens SIMATIC CP 343-1 Advanced (incl. SIPLUS variants):

Version All versions is affected.

Siemens SIMATIC CP 343-1 Lean (incl. SIPLUS variants):

Version All versions < V3.1.3 is affected.

Siemens SIMATIC CP 443-1 (incl. SIPLUS variants):

Version All versions < V3.2.17 is affected.

Siemens SIMATIC CP 443-1 Advanced (incl. SIPLUS variants):

Version All versions < V3.2.17 is affected.

Siemens SIMATIC CP 443-1 OPC UA:

Version All versions is affected.

Siemens SIMATIC DK-16xx PN IO:

Version All versions < V2.7 is affected.

Siemens SIMATIC ET 200AL IM 157-1 PN:

Before V1.0.2 is affected.

Siemens SIMATIC ET 200M (incl. SIPLUS variants):

Version All versions is affected.

Siemens SIMATIC ET 200MP IM 155-5 PN BA:

Before V4.0.1 is affected.

Siemens SIMATIC ET 200MP IM 155-5 PN HF:

Before V4.2.0 is affected.

Siemens SIMATIC ET 200MP IM 155-5 PN ST:

Before V4.1.0 is affected.

Siemens SIMATIC ET 200pro IM 154-3 PN HF:

Before * is affected.

Siemens SIMATIC ET 200pro IM 154-4 PN HF:

Before * is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN BA:

Before * is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN HF:

Before V4.2.0 is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN HS:

Before V4.0.1 is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN ST:

Before V4.1.0 is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN ST BA:

Before V4.1.0 is affected.

Siemens SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 4AO U/I 4xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN: IO-Link Master:

Version All versions is affected.

Siemens SIMATIC ET200S (incl. SIPLUS variants):

Version All versions is affected.

Siemens SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (incl. SIPLUS variants):

Version All versions < V15.1 is affected.

Siemens SIMATIC MV420 SR-B:

Before V7.0.6 is affected.

Siemens SIMATIC MV420 SR-B Body:

Before V7.0.6 is affected.

Siemens SIMATIC MV420 SR-P:

Before V7.0.6 is affected.

Siemens SIMATIC MV420 SR-P Body:

Before V7.0.6 is affected.

Siemens SIMATIC MV440 HR:

Before V7.0.6 is affected.

Siemens SIMATIC MV440 SR:

Before V7.0.6 is affected.

Siemens SIMATIC MV440 UR:

Before V7.0.6 is affected.

Siemens SIMATIC PN/PN Coupler (incl. SIPLUS NET variants):

Version All versions < V4.0 is affected.

Siemens SIMATIC RF650R:

Version All versions < V3.0 is affected.

Siemens SIMATIC RF680R:

Version All versions < V3.0 is affected.

Siemens SIMATIC RF685R:

Version All versions < V3.0 is affected.

Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants):

Version All versions < V4.2.1 is affected.

Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants):

Version All versions < V2.1 is affected.

Siemens SIMATIC S7-1500 Software Controller:

Version All versions < V2.1 is affected.

Siemens SIMATIC S7-200 SMART:

Version All versions < V2.3 is affected.

Siemens SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants):

Before V3.X.14 is affected.

Siemens SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants):

Before V6.0.7 is affected.

Siemens SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants):

Before V6.0.6 is affected.

Siemens SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants):

Before V7.0.2 is affected.

Siemens SIMATIC S7-410 CPU family (incl. SIPLUS variants):

Version All versions < V8.2 is affected.

Siemens SIMATIC TDC CP51M1:

Before V1.1.8 is affected.

Siemens SIMATIC TDC CPU555:

Before V1.1.1 is affected.

Siemens SIMATIC Teleservice Adapter IE Advanced:

Version All versions is affected.

Siemens SIMATIC Teleservice Adapter IE Basic:

Version All versions is affected.

Siemens SIMATIC Teleservice Adapter IE Standard:

Version All versions is affected.

Siemens SIMATIC WinAC RTX 2010:

Version All versions < V2010 SP3 is affected.

Siemens SIMATIC WinAC RTX F 2010:

Version All versions < V2010 SP3 is affected.

Siemens SIMOCODE pro V PROFINET (incl. SIPLUS variants):

Version All versions < V2.0.0 is affected.

Siemens SIMOTION:

Version All versions < V4.5 HF1 is affected.

Siemens SINAMICS DCM w. PN:

Version All versions < V1.4 SP1 HF5 is affected.

Siemens SINAMICS DCP w. PN:

Version All versions < V1.2 HF1 is affected.

Siemens SINAMICS G110M w. PN:

Version All versions < V4.7 SP6 HF3 is affected.

Siemens SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants):

Version All versions < V4.7 SP6 HF3 is affected.

Siemens SINAMICS G130 V4.7 w. PN:

Version All versions < V4.7 HF27 is affected.

Siemens SINAMICS G130 V4.8 w. PN:

Version All versions < V4.8 HF4 is affected.

Siemens SINAMICS G150 V4.7 w. PN:

Version V4.7: All versions < V4.7 HF27 is affected.

Siemens SINAMICS G150 V4.8 w. PN:

Version All versions < V4.8 HF4 is affected.

Siemens SINAMICS S110 w. PN:

Version All versions < V4.4 SP3 HF5 is affected.

Siemens SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants):

Version All versions < V4.7 is affected.

Siemens SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants):

Version All versions is affected.

Siemens SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants):

Version All versions < V4.7 HF27 is affected.

Siemens SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants):

Version All versions < V4.8 HF4 is affected.

Siemens SINAMICS S150 V4.7 w. PN:

Version All versions < V4.7 HF27 is affected.

Siemens SINAMICS S150 V4.8 w. PN:

Version All versions < V4.8 HF4 is affected.

Siemens SINAMICS V90 w. PN:

Version All versions < V1.01 is affected.

Siemens SINUMERIK 828D V4.5 and prior:

Version All versions < V4.5 SP6 HF2 is affected.

Siemens SINUMERIK 828D V4.7:

Version All versions < V4.7 SP4 HF1 is affected.

Siemens SINUMERIK 840D sl V4.5 and prior:

Version All versions < V4.5 SP6 HF2 is affected.

Siemens SINUMERIK 840D sl V4.7:

Version All versions < V4.7 SP4 HF1 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN ST:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN ST TX RAIL:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN ST:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN ST BA:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN ST TX RAIL:

Before V4.1.0 is affected.

Siemens SIRIUS ACT 3SU1 interface module PROFINET:

Version All versions < V1.1.0 is affected.

Siemens SIRIUS Motor Starter M200D PROFINET:

Version All versions is affected.

Siemens SIRIUS Soft Starter 3RW44 PN:

Version All versions is affected.

Siemens SITOP PSU8600 PROFINET:

Version All versions < V1.2.0 is affected.

Siemens SITOP UPS1600 PROFINET (incl. SIPLUS variants):

Version All versions < V2.2.0 is affected.

Siemens Softnet PROFINET IO for PC-based Windows systems:

Version All versions < V14 SP1 is affected.

Exploit Probability

EPSS

0.44%

Percentile

62.96%