6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.3%
This updated advisory is a follow-up to the advisory update titled ICSA-17-129-02 Siemens PROFINET DCP (Update U) that was published October 14, 2021, to the ICS webpage on us-cert.cisa.gov.
Successful exploitation of these vulnerabilities could cause the targeted device to enter a denial-of-service condition, which may require human interaction to recover the system.
Siemens reports these vulnerabilities affect the following products using PROFINET DCP:
Specially crafted PROFINET DCP broadcast packets could cause a denial-of-service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected…
CVE-2017-2680 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial-of-service condition in that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.
CVE-2017-2681 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Duan JinTong, Ma ShaoShuai, and Cheng Lei from the NSFOCUS Security Team reported these vulnerabilities to Siemens.
The attacker must have network access to the local Ethernet segment (Layer 2).
Siemens provides firmware updates fixing these vulnerabilities for the following affected products and recommends users update to the new fixed version:
--------- Begin Update V Part 1 of 1 ---------
--------- End Update V Part 1 of 1 ---------
SINUMERIK software updates listed above can be obtained from a Siemens account manager.
Siemens is preparing updates for the remaining affected products and recommends the following mitigations in the meantime:
As a general security measure Siemens strongly recommends protecting industrial control systems networks with appropriate mechanisms. Siemens strongly recommends verifying the affected products are protected as described in PROFINET Security Guidelines and Siemens Operational Guidelines in order to run the devices in a protected IT environment.
For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-293562
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2680
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2681
www.siemens.com/cert/en/cert-security-advisories.htm
cert-portal.siemens.com/operational-guidelines-industrial-security.pdf
cwe.mitre.org/data/definitions/400.html
cwe.mitre.org/data/definitions/400.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
support.industry.siemens.com/cs/de/de/view/78648144
support.industry.siemens.com/cs/de/en/view/109474320
support.industry.siemens.com/cs/de/en/view/109474550/
support.industry.siemens.com/cs/de/en/view/109474874
support.industry.siemens.com/cs/de/en/view/109740193
support.industry.siemens.com/cs/de/en/view/109749637
support.industry.siemens.com/cs/de/en/view/92522512
support.industry.siemens.com/cs/document/109746210
support.industry.siemens.com/cs/document/109753683
support.industry.siemens.com/cs/us/en/view/109761576
support.industry.siemens.com/cs/us/en/view/93012181
support.industry.siemens.com/cs/ww/de/ps/13752/dl
support.industry.siemens.com/cs/ww/en/view/102295547
support.industry.siemens.com/cs/ww/en/view/103433117
support.industry.siemens.com/cs/ww/en/view/103433117
support.industry.siemens.com/cs/ww/en/view/109474935
support.industry.siemens.com/cs/ww/en/view/109476571
support.industry.siemens.com/cs/ww/en/view/109478459
support.industry.siemens.com/cs/ww/en/view/109478528
support.industry.siemens.com/cs/ww/en/view/109479281
support.industry.siemens.com/cs/ww/en/view/109482659
support.industry.siemens.com/cs/ww/en/view/109740119
support.industry.siemens.com/cs/ww/en/view/109741461
support.industry.siemens.com/cs/ww/en/view/109742040
support.industry.siemens.com/cs/ww/en/view/109742040
support.industry.siemens.com/cs/ww/en/view/109742328
support.industry.siemens.com/cs/ww/en/view/109743740
support.industry.siemens.com/cs/ww/en/view/109744504
support.industry.siemens.com/cs/ww/en/view/109744924
support.industry.siemens.com/cs/ww/en/view/109745387
support.industry.siemens.com/cs/ww/en/view/109745388
support.industry.siemens.com/cs/ww/en/view/109747253
support.industry.siemens.com/cs/ww/en/view/109747276
support.industry.siemens.com/cs/ww/en/view/109747482
support.industry.siemens.com/cs/ww/en/view/109749255
support.industry.siemens.com/cs/ww/en/view/109749255
support.industry.siemens.com/cs/ww/en/view/109749989
support.industry.siemens.com/cs/ww/en/view/109750012/
support.industry.siemens.com/cs/ww/en/view/109752018
support.industry.siemens.com/cs/ww/en/view/109752685
support.industry.siemens.com/cs/ww/en/view/109753720/
support.industry.siemens.com/cs/ww/en/view/109754281
support.industry.siemens.com/cs/ww/en/view/109755151/
support.industry.siemens.com/cs/ww/en/view/109755160/
support.industry.siemens.com/cs/ww/en/view/109755950
support.industry.siemens.com/cs/ww/en/view/109756088
support.industry.siemens.com/cs/ww/en/view/109757489
support.industry.siemens.com/cs/ww/en/view/109760470/
support.industry.siemens.com/cs/ww/en/view/109760470/
support.industry.siemens.com/cs/ww/en/view/109761424/
support.industry.siemens.com/cs/ww/en/view/109761425/
support.industry.siemens.com/cs/ww/en/view/109762689/
support.industry.siemens.com/cs/ww/en/view/109762689/
support.industry.siemens.com/cs/ww/en/view/109765109
support.industry.siemens.com/cs/ww/en/view/109781070
support.industry.siemens.com/cs/ww/en/view/109793481/
support.industry.siemens.com/cs/ww/en/view/109795369/
support.industry.siemens.com/cs/ww/en/view/27049282
support.industry.siemens.com/cs/ww/en/view/44029688
support.industry.siemens.com/cs/ww/en/view/78647504
support.industry.siemens.com/cs/ww/en/view/79207181
support.industry.siemens.com/cs/ww/en/view/85624387
twitter.com/CISAgov
twitter.com/intent/tweet?text=Siemens%20PROFINET%20DCP%20%28Update%20V%29+https://www.cisa.gov/news-events/ics-advisories/icsa-17-129-02
w3.siemens.com/aspa_app/
www.cisa.gov/uscert/ics
www.cisa.gov/uscert/ics
www.cisa.gov/uscert/ics/recommended-practices
www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-17-129-02&title=Siemens%20PROFINET%20DCP%20%28Update%20V%29
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-17-129-02
www.oig.dhs.gov/
www.profibus.com/download/profinet-security-guideline/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-17-129-02
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Siemens%20PROFINET%20DCP%20%28Update%20V%29&body=www.cisa.gov/news-events/ics-advisories/icsa-17-129-02
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.3%