Siemens SIMATIC WinCC (TIA Portal) 13 < 13 SP2 / 14 < 14 SP1 Multiple DoS

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by multiple
denial of service vulnerabilities.

Description :

The version of Siemens SIMATIC WinCC (TIA Portal) installed on the
remote host is 13.x prior to 13 service pack 2 (1300.200.1001.1) or
14.x prior to 14 service pack 1 (1400.100.1201.1). It is, therefore,
affected by multiple denial of service vulnerabilities :

- A denial of service vulnerability exists due to improper
handling of PROFINET DCP broadcast packets. A remote
attacker can exploit this, via a specially crafted
packet, to cause a denial of service condition.
(CVE-2017-6865)

- A denial of service vulnerability exists in the DCOM
interface due to improper handling of specially crafted
messages. An authenticated, remote attacker who is a
member of the 'administrators' group can exploit this,
via a specially crafted message, to cause a denial of
service condition. (CVE-2017-6867)

See also :

http://www.nessus.org/u?1a8e32f3
http://www.nessus.org/u?12334a4a
https://ics-cert.us-cert.gov/advisories/ICSA-17-129-01
https://ics-cert.us-cert.gov/advisories/ICSA-17-129-03

Solution :

Upgrade to Siemens SIMATIC WinCC (TIA Portal) version 13 SP2
(1300.200.1001.1) / 14 SP1 (1400.100.1201.1) or later..

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)

Family: SCADA

Nessus Plugin ID: 100299 ()

Bugtraq ID: 98366
98368

CVE ID: CVE-2017-6865
CVE-2017-6867

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now