Vulnetix
Try Vulnetix Request Demo
SSA-592007 PUBLISHED CVSS 6.5 MEDIUM

Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0)
SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0)
SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0)
SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0)
SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0)
SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0)
SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0)
SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0)
SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0)
SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0)
SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0)
SIMATIC CP 443-1 (6GK7443-1EX30-0XE1)
SIMATIC CP 343-1 (incl. SIPLUS variants)
SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0)
SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)
SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0)
SIMATIC CP 443-1 (6GK7443-1EX30-0XE0)
SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0)
SIMATIC S7-1500 Software Controller

Timeline

References

…and 7 more

Open in Interactive Console →