CVE-2017-6865: Input Validation
First published: Thu May 11 2017(Updated: )
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Pcs 7 | ||
| Siemens Primary Setup Tool | ||
| Siemens Security Configuration Tool | ||
| Siemens SIMATIC Automation Tool | ||
| Siemens SIMATIC NET PC-Software | ||
| Siemens Simatic Step 7 \(tia Portal\) | =5.0 | |
| Siemens Simatic Step 7 \(tia Portal\) | =13.0 | |
| Siemens Simatic Step 7 \(tia Portal\) | =14.0 | |
| Siemens Simatic Step 7 Micro\/win Smart | ||
| Siemens Simatic Winac Rtx 2010 | =sp2 | |
| Siemens Simatic Winac Rtx F 2010 | =sp2 | |
| Siemens Simatic WinCC | ||
| Siemens Simatic Wincc \(tia Portal\) | =13.0 | |
| Siemens Simatic Wincc \(tia Portal\) | =14.0 | |
| Siemens Simatic Wincc Flexible 2008 | ||
| Siemens Sinaut St7cc | ||
| Siemens SINEMA Server | ||
| Siemens Sinumerik 808d Programming Tool | ||
| Siemens Smart Pc Access | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens pcs 7
- canonical/siemens primary setup tool
- canonical/siemens security configuration tool
- canonical/siemens simatic automation tool
- canonical/siemens simatic net pc-software
- canonical/siemens simatic step 7 \(tia portal\)
- version/siemens simatic step 7 \(tia portal\)/5.0
- version/siemens simatic step 7 \(tia portal\)/13.0
- version/siemens simatic step 7 \(tia portal\)/14.0
- canonical/siemens simatic step 7 micro\/win smart
- canonical/siemens simatic winac rtx 2010
- version/siemens simatic winac rtx 2010/sp2
- canonical/siemens simatic winac rtx f 2010
- version/siemens simatic winac rtx f 2010/sp2
- canonical/siemens simatic wincc
- canonical/siemens simatic wincc \(tia portal\)
- version/siemens simatic wincc \(tia portal\)/13.0
- version/siemens simatic wincc \(tia portal\)/14.0
- canonical/siemens simatic wincc flexible 2008
- canonical/siemens sinaut st7cc
- canonical/siemens sinema server
- canonical/siemens sinumerik 808d programming tool
- canonical/siemens smart pc access
- version/siemens smart pc access/2.0