medium
6.5
CWE
20
Advisory Published
Updated

CVE-2017-6865: Input Validation

First published: Thu May 11 2017(Updated: )

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens Simatic PCS 7
Siemens Primary Setup Tool
Siemens Security Configuration Tool
Siemens SIMATIC Automation Tool
Siemens SIMATIC NET PC software
Siemens SIMATIC STEP 7 (TIA Portal)=5.0
Siemens SIMATIC STEP 7 (TIA Portal)=13.0
Siemens SIMATIC STEP 7 (TIA Portal)=14.0
Siemens SIMATIC STEP 7 micro/win SMART
Siemens SIMATIC WinAC RTX=sp2
Siemens SIMATIC WinAC RTX=sp2
Siemens WinCC
Siemens SIMATIC WinCC (TIA Portal)=13.0
Siemens SIMATIC WinCC (TIA Portal)=14.0
Siemens SIMATIC WinCC flexible Runtime
Siemens SINAUT ST7CC
Siemens SINEMA Server SP3
Siemens SINUMERIK 808D
Siemens SIMATIC STEP 7 Micro/WIN SMART=2.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2017-6865?

    CVE-2017-6865 has been rated as a medium severity vulnerability.

  • How do I fix CVE-2017-6865?

    To fix CVE-2017-6865, upgrade to the latest versions of the affected software that are available.

  • Which versions are affected by CVE-2017-6865?

    CVE-2017-6865 affects various versions of Siemens products such as Primary Setup Tool, SIMATIC Automation Tool, and SIMATIC PCS 7 among others.

  • Can CVE-2017-6865 be exploited remotely?

    Yes, CVE-2017-6865 may be exploited remotely, potentially allowing an attacker to gain unauthorized access.

  • What types of software are impacted by CVE-2017-6865?

    CVE-2017-6865 impacts industrial software solutions such as automation tools, configuration tools, and control software from Siemens.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203