CVE-2017-12741
https://notcve.org/view.php?id=CVE-2017-12741
Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually. Se ha identificado una vulnerabilidad en Development/Evaluation Kits para PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits para PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits para PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incluidas las variantes SIPLUS), SIMATIC ET200MP IM155-5 PN BA (incluidas las variantes SIPLUS), SIMATIC ET200MP IM155-5 PN HF (incluidas las variantes SIPLUS), SIMATIC ET200MP IM155-5 PN ST (incluidas las variantes SIPLUS), SIMATIC ET200S (incluidas las variantes SIPLUS), SIMATIC ET200SP IM155-6 PN BA (incluidas las variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HA (incluidas las variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HF (incluidas las variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HS (incluidas las variantes SIPLUS), SIMATIC ET200SP IM155-6 PN ST (incluidas las variantes SIPLUS), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC PN/PN Coupler (incluidas las variantes SIPLUS NET), familia SIMATIC S7-1200 CPU (incluidas las variantes SIPLUS), familia SIMATIC S7-1500 CPU (incluyendo las variantes relacionadas ET200 CPUs y SIPLUS), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 SMART, familia SIMATIC S7-300 CPU (incluyendo las variantes relacionadas ET200 CPUs y SIPLUS), SIMATIC S7-400 H V6 CPU familia y posteriores (incluidas las variantes SIPLUS), SIMATIC S7-400 PN/DP V6 CPU familia y posteriores (incluidas las variantes SIPLUS), familia SIMATIC S7-400 PN/DP V7 CPU (incluidas las variantes SIPLUS), familia SIMATIC S7-410 V8 CPU (incluidas las variantes SIPLUS), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incluidas las variantes SIPLUS), SIMOCODE pro V PN (incluidas las variantes SIPLUS), SIMOTION C, SIMOTION D (incluidas las variantes SIPLUS), SIMOTION D4xx V4.4 para SINAMICS SM150i-2 w. PROFINET (incluidas las variantes SIPLUS), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. • https://cert-portal.siemens.com/productcert/html/ssa-141614.html https://cert-portal.siemens.com/productcert/html/ssa-346262.html https://cert-portal.siemens.com/productcert/html/ssa-546832.html https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf https://www.securityfocus.com/bid/101964 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-2681
https://notcve.org/view.php?id=CVE-2017-2681
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Los paquetes PROFINET DCP especialmente diseñados que se envían en un segmento Ethernet local (capa 2) a un producto afectado podrían causar una condición de denegación de servicio de ese producto. • http://www.securityfocus.com/bid/98369 http://www.securitytracker.com/id/1038463 https://cert-portal.siemens.com/productcert/html/ssa-293562.html https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-2680
https://notcve.org/view.php?id=CVE-2017-2680
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. Los paquetes de difusión PROFINET DCP especialmente elaborados podrían causar una condición de denegación de servicio de los productos afectados en un segmento Ethernet local (capa 2). Se requiere la interacción humana para recuperar los sistemas. • http://www.securityfocus.com/bid/98369 http://www.securitytracker.com/id/1038463 https://cert-portal.siemens.com/productcert/html/ssa-284673.html https://cert-portal.siemens.com/productcert/html/ssa-293562.html https://cert-portal.siemens.com/productcert/html/ssa-546832.html https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf https://ics-cert.us- • CWE-400: Uncontrolled Resource Consumption •
CVE-2013-6920
https://notcve.org/view.php?id=CVE-2013-6920
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. Los controladores Siemens SINAMICS S/G con firmware anterior a 4.6.11 no requiere autenticación para sesiones FTP y TELNET, lo que permite a atacantes remotos evadir restricciones de acceso intencionadas a través de trafico TCP al puerto (1) 21 o (2) 23. • http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf • CWE-287: Improper Authentication •