A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.
Published February 11, 2020.
Siemens Scalance Xr-300 Firmware
Siemens Scalance Xf-200ba Firmware
Siemens Simatic Cp 343-1 Advanced Firmware
Siemens Simatic Et200pro Firmware
Siemens Simatic Et200sp Im155-6 Pn Basic Firmware
Siemens Scalance S615 Firmware
Siemens Scalance Xc-200 Firmware
Siemens Ruggedcom Rm1224 Firmware
Siemens Simatic Cp 343-1 Firmware
Siemens Simatic Cp 443-1 Advanced Firmware
Siemens Simatic Cp 443-1 Opc Ua Firmware
Siemens Scalance X-300 Firmware
Siemens Simatic Rf182c Firmware
Siemens Im 154-3 Pn Hf Firmware
Siemens Dk Standard Ethernet Controller
Siemens Simatic Et200s Firmware
Siemens Scalance Xr528 Firmware
Siemens Simatic Rf180c Firmware
Siemens Simatic Mv420 Firmware
Siemens Simatic Cp 343-1 Lean Firmware
Siemens Simatic Et200m Im153-4 Pn Io Hf Firmware
Siemens Simatic Et200mp Im155-5 Pn St Firmware
Siemens Simatic Cp 443-1 Firmware
Siemens Simatic Et200al Im 157-1 Pn Firmware
Siemens Scalance Xp-200 Firmware
Siemens Scalance X-400 Firmware
Siemens Scalance X-200irt Pro Firmware
Siemens Simatic Et200m Im153-4 Pn Io St Firmware
Siemens Simatic Mv440 Firmware
Siemens Ek-ertec 200p Firmware
Siemens Scalance X-200irt Firmware
Siemens Scalance M-800 Firmware
Siemens Scalance Xr526 Firmware
Siemens Simatic Cp 343-1 Erpc Firmware
Siemens Scalance Xm-400 Firmware
Siemens Scalance Xr552 Firmware
Siemens Simatic Cp 1604 Firmware
Siemens Im 154-4 Pn Hf Firmware
Siemens Simatic Pn\/pn Coupler Firmware
Siemens Scalance Xf-200 Firmware
Siemens Simatic Et200sp Im155-6 Pn St Firmware
Siemens Scalance Xr524 Firmware
Siemens Scalance Xr-300wg Firmware
Siemens Simatic Cp 1616 Firmware
Siemens Scalance W700 Ieee 802.11n Firmware
Siemens Simatic Et200ecopn Firmware
Siemens Simatic Rf600 Firmware
Siemens Scalance Xb-200 Firmware