VDB

CVE-2017-12230

CVE-2017-12230 PUBLISHED CVSS 7.5 HIGH

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.

EPSS 0.79% · 74.2th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.79%
74.2th percentile

Affected Products

VendorProductVersions
n/aCisco IOSCisco IOS

Exploit Intelligence

Timeline

  • Sep 27, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Jun 14, 2023 PoC Published
  • Dec 24, 2024 PoC Published
  • Feb 23, 2025 PoC Published
  • Mar 17, 2025 EPSS Score
  • Mar 18, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • May 1, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›