Siemens Multiple Devices Profinet DCP Denial of Service

medium Nessus Network Monitor Plugin ID 720110

Synopsis

Specially crafted PROFINET DCP broadcast packets could cause a denial-of-service condition of affected products on a local Ethernet segment (Layer 2).

Description

SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03)

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://www.securitytracker.com/id/1038463,https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02,http://www.securityfocus.com/bid/98369,https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf,https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf,https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf

Plugin Details

Severity: Medium

ID: 720110

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 1/23/2018

Vulnerability Publication Date: 1/23/2018

Reference Information

CVE: CVE-2017-2680

BID: 98369