Wireshark Profinet I/O Parser Denial of Service Vulnerability

Wireshark is a suite of network packet analysis software developed by the Wireshark team. A security vulnerability in the Wireshark Profinet I/O parser allows an attacker to exploit the vulnerability to submit a special request for a denial-of-service attack...

CVE-2017-9945

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module All versions V2.1.3, a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet Layer 2 broadcast. The affected component requires a manual restart via the main device to...

CVE-2017-9945

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module All versions V2.1.3, a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet Layer 2 broadcast. The affected component requires a manual restart via the main device to...

Design/Logic Flaw

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module All versions V2.1.3, a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet Layer 2 broadcast. The affected component requires a manual restart via the main device to...

CVE-2017-9945

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module All versions V2.1.3, a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet Layer 2 broadcast. The affected component requires a manual restart via the main device to...

CVE-2017-9945

Siemens 7KM PAC Switched Ethernet PROFINET expansion module (versions before V2.1.3) is affected by CVE-2017-9945. A Denial-of-Service can be triggered by a specially crafted PROFINET DCP packet sent on Layer 2 broadcast, requiring a manual restart of the main device to recover. Impact is a DoS/N...

CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

Siemens Fixes Session Hijacking Bug in LOGO!, Warns of Man-in-the-Middle Attacks

Administrators who have Siemens’ LOGO! logic module deployed in automation setups are being urged to update its firmware. The German industrial manufacturing giant pushed out an update for its LOGO! 8 BM devices Wednesday morning to fix a vulnerability CVE-2017-12734 that could let an attacker...

CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

UBUNTU-CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

DEBIAN-CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

Out-of-bounds

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

ALPINE-CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

CVE-2017-13766

CVE-2017-13766 affects Wireshark 2.4.0 and 2.2.0–2.2.8, where the Profinet I/O dissector could crash due to an out-of-bounds write. The issue was addressed by adding string validation in plugins/profinet/packet-dcerpc-pn-io.c. This is the confirmed fix path; no exploitation details are provided i...

CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

CVE-2017-13766

In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation...

KLA11095 Denial of service vulnerability in Wireshark

A buffer overflow vulnerability was found in the Profinet I/O dissector in Wireshark. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a...