CVE-2017-9945 - OpenCVE

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	7km Pac Switched Ethernet Profinet Expansion Module 7km Pac Switched Ethernet Profinet Expansion Module Firmware

Configuration 1 [-]

AND

cpe:2.3:h:siemens:7km_pac_switched_ethernet_profinet_expansion_module:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:7km_pac_switched_ethernet_profinet_expansion_module_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/100562
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2017-08-30T19:00:00

Updated: 2024-08-05T17:25:00.255Z

Reserved: 2017-06-26T00:00:00

Link: CVE-2017-9945

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-08-30T19:29:00.367

Modified: 2017-09-12T20:57:04.330

Link: CVE-2017-9945

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Siemens 7KM PAC Switched Ethernet PROFINET expansion module: All versions < V2.1.3", "vendor": "n/a", "versions": [{"status": "affected", "version": "Siemens 7KM PAC Switched Ethernet PROFINET expansion module: All versions < V2.1.3"}]}], "datePublic": "2017-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover."}], "problemTypes": [{"descriptions": [{"description": "Denial-of-Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-02T09:57:01", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"name": "100562", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100562"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2017-9945", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Siemens 7KM PAC Switched Ethernet PROFINET expansion module: All versions < V2.1.3", "version": {"version_data": [{"version_value": "Siemens 7KM PAC Switched Ethernet PROFINET expansion module: All versions < V2.1.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial-of-Service"}]}]}, "references": {"reference_data": [{"name": "100562", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100562"}, {"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218.pdf", "refsource": "CONFIRM", "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:25:00.255Z"}, "title": "CVE Program Container", "references": [{"name": "100562", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100562"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2017-9945", "datePublished": "2017-08-30T19:00:00", "dateReserved": "2017-06-26T00:00:00", "dateUpdated": "2024-08-05T17:25:00.255Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:7km_pac_switched_ethernet_profinet_expansion_module:-:*:*:*:*:*:*:*", "matchCriteriaId": "A212F763-4EC8-4DEA-A667-86E694C4DD49", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:7km_pac_switched_ethernet_profinet_expansion_module_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "349F42C5-B626-41A1-A35E-628438178816", "versionEndIncluding": "2.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover."}, {"lang": "es", "value": "En el m\u00f3dulo de expansi\u00f3n Siemens 7KM PAC Switched Ethernet PROFINET (todas las versiones anteriores a v2.1.3), se podr\u00eda provocar una denegaci\u00f3n de servicio mediante un paquete PROFINET DCP especialmente manipulado que se env\u00ede como una transmisi\u00f3n Ethernet local (capa 2). El componente afectado requiere un reinicio manual a trav\u00e9s del dispositivo principal que hay que recuperar."}], "id": "CVE-2017-9945", "lastModified": "2017-09-12T20:57:04.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-30T19:29:00.367", "references": [{"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100562"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-771218.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}