ID

VAR-201705-3973


CVE

CVE-2017-6865


TITLE

plural Siemens Service disruption in products (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-004136

DESCRIPTION

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover. SIMATIC WinCC (TIA Portal), SIMATIC STEP 7, SMART PC Access, SIMATIC Automation Tool, etc. are all industrial automation products from Siemens AG. A number of Siemens industrial products have a denial of service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC

Trust: 2.7

sources: NVD: CVE-2017-6865 // JVNDB: JVNDB-2017-004136 // CNVD: CNVD-2017-06152 // BID: 98366 // IVD: 1b7b75ad-c1f6-4e73-be28-ff3e458e7677 // VULHUB: VHN-115068

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1b7b75ad-c1f6-4e73-be28-ff3e458e7677 // CNVD: CNVD-2017-06152

AFFECTED PRODUCTS

vendor:siemensmodel:smart pc accessscope:eqversion:2.0

Trust: 2.5

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:14.0

Trust: 1.6

vendor:siemensmodel:sinema serverscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:13.0

Trust: 1.6

vendor:siemensmodel:sinumerik 808d programming toolscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic winccscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:sinaut st7ccscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic wincc flexible 2008scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic step 7 micro\/win smartscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic winac rtx 2010scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic automation toolscope: - version: -

Trust: 1.4

vendor:siemensmodel:sinaut st7ccscope: - version: -

Trust: 1.4

vendor:siemensmodel:sinumerik 808d programming toolscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic automation toolscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic net pc-softwarescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic step 7 \scope:eqversion:13.0

Trust: 1.0

vendor:siemensmodel:security configuration toolscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic winac rtx f 2010scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic step 7 \scope:eqversion:14.0

Trust: 1.0

vendor:siemensmodel:pcs 7scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic step 7 \scope:eqversion:5.0

Trust: 1.0

vendor:siemensmodel:primary setup toolscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:0

Trust: 0.9

vendor:siemensmodel:primary setup toolscope: - version: -

Trust: 0.8

vendor:siemensmodel:security configuration toolscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic net pc softwarescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic step 7scope:eqversion:v5.x

Trust: 0.8

vendor:siemensmodel:simatic step 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winac rtx 2010scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winac rtx f 2010scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc flexible 2008scope: - version: -

Trust: 0.8

vendor:siemensmodel:sinema serverscope: - version: -

Trust: 0.8

vendor:siemensmodel:smart pc accessscope: - version: -

Trust: 0.8

vendor:siemensmodel:step 7 - micro/win smartscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic stepscope:eqversion:75.x

Trust: 0.6

vendor:siemensmodel:simatic winac rtx sp2 allscope:eqversion:2010

Trust: 0.6

vendor:siemensmodel:simatic winac rtx f sp2 allscope:eqversion:2010

Trust: 0.6

vendor:siemensmodel:security configuration tool allscope: - version: -

Trust: 0.6

vendor:siemensmodel:primary setup tool allscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7

Trust: 0.6

vendor:siemensmodel:simatic wincc professional sp2scope:ltversion:v13

Trust: 0.6

vendor:siemensmodel:simatic wincc professional sp1scope:ltversion:v14

Trust: 0.6

vendor:siemensmodel:simatic step sp2scope:eqversion:7<v13

Trust: 0.6

vendor:siemensmodel:simatic step sp1scope:eqversion:7<v14

Trust: 0.6

vendor:siemensmodel:step micro win smartscope:eqversion:7-/

Trust: 0.6

vendor:siemensmodel:simatic net pc-softwarescope: - version: -

Trust: 0.6

vendor:siemensmodel:sinumerik 808d programming toolscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:sinema server sp2scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:sinema server sp1scope:eqversion:12.0

Trust: 0.3

vendor:siemensmodel:sinema serverscope:eqversion:12.0-

Trust: 0.3

vendor:siemensmodel:sinema serverscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:sinaut st7ccscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp3 up7scope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc basicscope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc sp1scope:eqversion:v13

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v13

Trust: 0.3

vendor:siemensmodel:simatic winac rtx f sp2scope:eqversion:2010

Trust: 0.3

vendor:siemensmodel:simatic winac rtx sp2scope:eqversion:2010

Trust: 0.3

vendor:siemensmodel:simatic step tia portalscope:eqversion:7v14

Trust: 0.3

vendor:siemensmodel:simatic step tia portal sp1scope:eqversion:7v13

Trust: 0.3

vendor:siemensmodel:simatic step tia portalscope:eqversion:7v13

Trust: 0.3

vendor:siemensmodel:simatic step sp4 hf4scope:eqversion:75.5

Trust: 0.3

vendor:siemensmodel:simatic step sp4scope:eqversion:75.5

Trust: 0.3

vendor:siemensmodel:simatic step sp3 hf10scope:eqversion:75.5

Trust: 0.3

vendor:siemensmodel:simatic step sp3scope:eqversion:75.5

Trust: 0.3

vendor:siemensmodel:simatic step sp2 hf7scope:eqversion:75.5

Trust: 0.3

vendor:siemensmodel:simatic step sp2scope:eqversion:75.5

Trust: 0.3

vendor:siemensmodel:simatic step sp1 hf2scope:eqversion:75.5

Trust: 0.3

vendor:siemensmodel:simatic step sp1scope:eqversion:75.5

Trust: 0.3

vendor:siemensmodel:simatic pcs sp4scope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic net pc-software sp2scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-software hf1scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-software sp2 hf3scope:eqversion:12

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:12

Trust: 0.3

vendor:siemensmodel:simatic automation toolscope:eqversion:1.0.2

Trust: 0.3

vendor:siemensmodel:simatic automation toolscope:eqversion:1.0

Trust: 0.3

vendor:siemensmodel:security configuration toolscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:primary setup toolscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:micro/winscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc sp1scope:neversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc sp2scope:neversion:13

Trust: 0.3

vendor:siemensmodel:simatic step tia portal sp1scope:neversion:714

Trust: 0.3

vendor:siemensmodel:simatic step tia portal sp2scope:neversion:713

Trust: 0.3

vendor:pcs 7model: - scope:eqversion: -

Trust: 0.2

vendor:primary setup toolmodel: - scope:eqversion: -

Trust: 0.2

vendor:security configuration toolmodel: - scope:eqversion: -

Trust: 0.2

vendor:simatic automation toolmodel: - scope:eqversion: -

Trust: 0.2

vendor:simatic net pcmodel: - scope:eqversion: -

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:5.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:13.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:14.0

Trust: 0.2

vendor:simatic step 7 micro win smartmodel: - scope:eqversion: -

Trust: 0.2

vendor:simatic winac rtx 2010model: - scope:eqversion: -

Trust: 0.2

vendor:simatic winac rtx f 2010model: - scope:eqversion: -

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion: -

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:13.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:14.0

Trust: 0.2

vendor:simatic wincc flexible 2008model: - scope:eqversion: -

Trust: 0.2

vendor:sinaut st7ccmodel: - scope:eqversion: -

Trust: 0.2

vendor:sinema servermodel: - scope:eqversion: -

Trust: 0.2

vendor:sinumerik 808d programming toolmodel: - scope:eqversion: -

Trust: 0.2

vendor:smart pc accessmodel: - scope:eqversion:2.0

Trust: 0.2

sources: IVD: 1b7b75ad-c1f6-4e73-be28-ff3e458e7677 // CNVD: CNVD-2017-06152 // BID: 98366 // JVNDB: JVNDB-2017-004136 // CNNVD: CNNVD-201703-632 // NVD: CVE-2017-6865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6865
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6865
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-06152
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-632
value: MEDIUM

Trust: 0.6

IVD: 1b7b75ad-c1f6-4e73-be28-ff3e458e7677
value: MEDIUM

Trust: 0.2

VULHUB: VHN-115068
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6865
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06152
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1b7b75ad-c1f6-4e73-be28-ff3e458e7677
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-115068
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6865
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 1b7b75ad-c1f6-4e73-be28-ff3e458e7677 // CNVD: CNVD-2017-06152 // VULHUB: VHN-115068 // JVNDB: JVNDB-2017-004136 // CNNVD: CNNVD-201703-632 // NVD: CVE-2017-6865

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-115068 // JVNDB: JVNDB-2017-004136 // NVD: CVE-2017-6865

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201703-632

TYPE

Input validation

Trust: 0.8

sources: IVD: 1b7b75ad-c1f6-4e73-be28-ff3e458e7677 // CNNVD: CNNVD-201703-632

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004136

PATCH

title:SSA-275839url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf

Trust: 0.8

title:There are patches for denial of service vulnerabilities in many Siemens productsurl:https://www.cnvd.org.cn/patchInfo/show/93344

Trust: 0.6

title:Multiple Siemens Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90621

Trust: 0.6

sources: CNVD: CNVD-2017-06152 // JVNDB: JVNDB-2017-004136 // CNNVD: CNNVD-201703-632

EXTERNAL IDS

db:NVDid:CVE-2017-6865

Trust: 3.6

db:BIDid:98366

Trust: 2.0

db:SIEMENSid:SSA-275839

Trust: 1.7

db:ICS CERTid:ICSA-17-129-01

Trust: 1.1

db:CNNVDid:CNNVD-201703-632

Trust: 0.9

db:CNVDid:CNVD-2017-06152

Trust: 0.8

db:JVNDBid:JVNDB-2017-004136

Trust: 0.8

db:IVDid:1B7B75AD-C1F6-4E73-BE28-FF3E458E7677

Trust: 0.2

db:VULHUBid:VHN-115068

Trust: 0.1

sources: IVD: 1b7b75ad-c1f6-4e73-be28-ff3e458e7677 // CNVD: CNVD-2017-06152 // VULHUB: VHN-115068 // BID: 98366 // JVNDB: JVNDB-2017-004136 // CNNVD: CNNVD-201703-632 // NVD: CVE-2017-6865

REFERENCES

url:https://www.securityfocus.com/bid/98366

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-17-129-01

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6865

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-6865

Trust: 0.8

url:http://www.siemens.com/cert/en/cert-security-advisories.htm

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2017-06152 // VULHUB: VHN-115068 // BID: 98366 // JVNDB: JVNDB-2017-004136 // CNNVD: CNNVD-201703-632 // NVD: CVE-2017-6865

CREDITS

Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.

Trust: 0.3

sources: BID: 98366

SOURCES

db:IVDid:1b7b75ad-c1f6-4e73-be28-ff3e458e7677
db:CNVDid:CNVD-2017-06152
db:VULHUBid:VHN-115068
db:BIDid:98366
db:JVNDBid:JVNDB-2017-004136
db:CNNVDid:CNNVD-201703-632
db:NVDid:CVE-2017-6865

LAST UPDATE DATE

2024-08-14T15:13:30.968000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-06152date:2017-05-09T00:00:00
db:VULHUBid:VHN-115068date:2019-03-21T00:00:00
db:BIDid:98366date:2017-05-23T16:23:00
db:JVNDBid:JVNDB-2017-004136date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201703-632date:2019-04-01T00:00:00
db:NVDid:CVE-2017-6865date:2019-03-21T16:29:00.407

SOURCES RELEASE DATE

db:IVDid:1b7b75ad-c1f6-4e73-be28-ff3e458e7677date:2017-05-09T00:00:00
db:CNVDid:CNVD-2017-06152date:2017-05-09T00:00:00
db:VULHUBid:VHN-115068date:2017-05-11T00:00:00
db:BIDid:98366date:2017-05-09T00:00:00
db:JVNDBid:JVNDB-2017-004136date:2017-06-16T00:00:00
db:CNNVDid:CNNVD-201703-632date:2017-03-16T00:00:00
db:NVDid:CVE-2017-6865date:2017-05-11T10:29:00.227