// For flags

CVE-2017-6865

 

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

Se ha identificado una vulnerabilidad en Primary Setup Tool (PST) (todas las versiones 4.2 HF1), SIMATIC Automation Tool (todas las versiones 3.0), SIMATIC NET PC-software (todas las versiones 14 SP1), SIMATIC PCS 7 Versión 8.1 (todas las versiones), SIMATIC PCS 7 Versión 8.2 (todas las versiones 8.2 SP1), SIMATIC STEP Versión 7 (TIA Portal) Versión 13 (todas las versiones 13 SP2), SIMATIC STEP Versión 7 (TIA Portal) Versión 14 (todas las versiones 14 SP1), SIMATIC STEP 7 Versión 5.x (todas las versiones 5.6), SIMATIC WinAC RTX 2010 SP2 (todas las versiones), SIMATIC WinAC RTX F 2010 SP2 (todas versiones), SIMATIC WinCC (TIA Portal) Versión 13 (todas las versiones 13 SP2), SIMATIC WinCC (TIA Portal) Versión 14 (todas las versiones 14 SP1), SIMATIC WinCC Versión 7.2 y anteriores (todos versiones), SIMATIC WinCC Versión 7.3 (todas las versiones 7.3 actualización 15), SIMATIC WinCC Versión 7.4 (todas las versiones 7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (todas las versiones anteriores a flexible 2008 SP5), SINAUT ST7CC (todas las versiones instaladas en conjunto con SIMATIC WinCC Versión 7.3 actualización 15), SINEMA Server (todas las versiones 14), SINUMERIK 808D Programming Tool (todas las versiones 4.7 SP4 HF2), SMART PC Access (todas las versiones 2.3), STEP 7 - Micro/WIN SMART (todas las versiones 2.3), Security Configuration Tool (SCT) (todas las versiones 5.0). Los paquetes de difusión PROFINET DCP especialmente creados enviados a los productos afectados en un segmento Ethernet local (Layer 2) podrían causar una condición de denegación de servicio de algunos servicios. Los servicios requieren el reinicio manual para recuperarse.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-03-13 CVE Reserved
  • 2017-05-11 CVE Published
  • 2023-03-21 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Pcs 7
Search vendor "Siemens" for product "Pcs 7"
--
Affected
Siemens
Search vendor "Siemens"
Primary Setup Tool
Search vendor "Siemens" for product "Primary Setup Tool"
--
Affected
Siemens
Search vendor "Siemens"
Security Configuration Tool
Search vendor "Siemens" for product "Security Configuration Tool"
--
Affected
Siemens
Search vendor "Siemens"
Simatic Automation Tool
Search vendor "Siemens" for product "Simatic Automation Tool"
--
Affected
Siemens
Search vendor "Siemens"
Simatic Net Pc-software
Search vendor "Siemens" for product "Simatic Net Pc-software"
--
Affected
Siemens
Search vendor "Siemens"
Simatic Step 7 \(tia Portal\)
Search vendor "Siemens" for product "Simatic Step 7 \(tia Portal\)"
5.0
Search vendor "Siemens" for product "Simatic Step 7 \(tia Portal\)" and version "5.0"
-
Affected
Siemens
Search vendor "Siemens"
Simatic Step 7 \(tia Portal\)
Search vendor "Siemens" for product "Simatic Step 7 \(tia Portal\)"
13.0
Search vendor "Siemens" for product "Simatic Step 7 \(tia Portal\)" and version "13.0"
-
Affected
Siemens
Search vendor "Siemens"
Simatic Step 7 \(tia Portal\)
Search vendor "Siemens" for product "Simatic Step 7 \(tia Portal\)"
14.0
Search vendor "Siemens" for product "Simatic Step 7 \(tia Portal\)" and version "14.0"
-
Affected
Siemens
Search vendor "Siemens"
Simatic Step 7 Micro\/win Smart
Search vendor "Siemens" for product "Simatic Step 7 Micro\/win Smart"
--
Affected
Siemens
Search vendor "Siemens"
Simatic Winac Rtx 2010
Search vendor "Siemens" for product "Simatic Winac Rtx 2010"
-sp2
Affected
Siemens
Search vendor "Siemens"
Simatic Winac Rtx F 2010
Search vendor "Siemens" for product "Simatic Winac Rtx F 2010"
-sp2
Affected
Siemens
Search vendor "Siemens"
Simatic Wincc
Search vendor "Siemens" for product "Simatic Wincc"
--
Affected
Siemens
Search vendor "Siemens"
Simatic Wincc \(tia Portal\)
Search vendor "Siemens" for product "Simatic Wincc \(tia Portal\)"
13.0
Search vendor "Siemens" for product "Simatic Wincc \(tia Portal\)" and version "13.0"
-
Affected
Siemens
Search vendor "Siemens"
Simatic Wincc \(tia Portal\)
Search vendor "Siemens" for product "Simatic Wincc \(tia Portal\)"
14.0
Search vendor "Siemens" for product "Simatic Wincc \(tia Portal\)" and version "14.0"
-
Affected
Siemens
Search vendor "Siemens"
Simatic Wincc Flexible 2008
Search vendor "Siemens" for product "Simatic Wincc Flexible 2008"
--
Affected
Siemens
Search vendor "Siemens"
Sinaut St7cc
Search vendor "Siemens" for product "Sinaut St7cc"
--
Affected
Siemens
Search vendor "Siemens"
Sinema Server
Search vendor "Siemens" for product "Sinema Server"
--
Affected
Siemens
Search vendor "Siemens"
Sinumerik 808d Programming Tool
Search vendor "Siemens" for product "Sinumerik 808d Programming Tool"
--
Affected
Siemens
Search vendor "Siemens"
Smart Pc Access
Search vendor "Siemens" for product "Smart Pc Access"
2.0
Search vendor "Siemens" for product "Smart Pc Access" and version "2.0"
-
Affected