Detections
Analytics

Siemens PROFINET DCP Uncontrolled Resource Consumption (CVE-2017-2680)

medium Tenable OT Security Plugin ID 500277

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems.
PROFIBUS interfaces are not affected.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

The attacker must have network access to the local Ethernet segment (Layer 2).

Siemens provides firmware updates fixing these vulnerabilities for the following affected products and recommends users update to the new fixed version:

- Development/Evaluation Kits DK Standard Ethernet Controller: Update to v4.1.1 Patch04
- Development/Evaluation Kits EK-ERTEC 200P PN IO: Update to v4.4.0 Patch01
- Development/Evaluation Kits EK-ERTEC 200 PN IO: Update to v4.2.1 Patch03
- IE/PB-Link: Update to v3.0
- SCALANCE M-800, S615: Update to v04.3
- SCALANCE W700: Update to v6.1.0
- SCALANCE X-300/X408: Update to v4.1.0
- SCALANCE X414: Update to v3.10.2
- SCALANCE X-200: Update to v5.2.2
- SCALANCE X-200IRT: Update to v5.4.0
- SCALANCE XM-400: Update to v6.1
- SCALANCE XR-500: Update to v6.1
- SIMATIC DK-16xx PN IO: Update to v2.7
- SIMATIC ET 200AL: Update to v1.0.2
- SIMATIC ET 200MP IM155-5 PN BA: Update to v4.0.1 or newer
- SIMATIC ET 200MP IM155-5 PN HF: Update to v4.2
- SIMATIC ET 200MP IM155-5 PN ST: Update to v4.1

- SIMATIC ET 200SP: No remediation is currently planned

- SIMATIC ET 200SP IM155-6 PN HF: Update to v4.2.0
- SIMATIC ET 200SP IM155-6 PN HS: Update to v4.0.1
- SIMATIC ET 200SP IM155-6 PN ST: Update to v4.1.0
- SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels: Update to v15.1
- SIMATIC MV400 family: Update to v7.0.6
- SIMATIC NET CM 1542-1: Update to v2.0
- SIMATIC NET CM 1542SP-1: Update to v1.0.15
- SIMATIC NET CP 343-1 Std and SIMATIC NET CP 343-1 Lean: Update to v3.1.3
- SIMATIC NET CP 443-1 Advanced: Update to v3.2.17
- SIMATIC NET CP 443-1 Standard: Update to v3.2.17
- SIMATIC NET CP 1243-1 and SIMATIC NET CP 1243-1 IRC: Update to v3.1
- SIMATIC NET CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1: Update to v1.0.15
- SIMATIC NET CP 1543-1: Update to v2.1
- SIMATIC NET CP 1604, 1616: Update to v2.8.0
- SIMATIC PN/PN Coupler: Update to v4.0
- SIMATIC RF650R, RF680R, RF685R: Update to v3.0
- SIMATIC S7-200 SMART: Contact a Siemens representative or customer support to update to v2.3
- SIMATIC S7-300 CPU family: Update to v3.X.14
- SIMATIC S7-400 H V6 CPU family: Update to v6.0.7
- SIMATIC S7-400 PN/DP V6 CPU family: Update to v6.0.6
- SIMATIC S7-400 PN/DP V7 CPU family: Update to v7.0.2
- SIMATIC S7-410 CPU family: Update to v8.2
- SIMATIC S7-1200 including F: Update to v4.2.1
- SIMATIC S7-1500 including F, T and TF: Update to v2.1
- SIMATIC S7-1500 Software Controller including F: Update to v2.1
- SIMATIC TDC CP51M1: Update to v1.1.8
- SIMATIC TDC CPU555: Update to v1.1.1
- SIMATIC Teleservice Adapters (IE Basic, IE Standard, IE Advanced): migrate to a successor product within the SCALANCE M-800 family. For details refer to the notice of discontinuation.
- SIMATIC WinAC RTX (F) 2010: Update to SIMATIC WinAC RTX 2010 SP3 and apply BIOS and Microsoft Windows updates
- SIMOCODE pro V PN: Update to v2.0.0
- SIMOTION: Update to v4.5 HF1
- SINAMICS DCM w. PN: Update to v1.4 SP1 HF5
- SINAMICS DCP w. PN: Update to v1.2 HF1
- SINAMICS G110M/G120(C/P/D) w. PN: Update to v4.7 SP6 HF3
- SINAMICS G130 and G150 v4.7: Update to v4.7 HF27
- SINAMICS G130 and G150 v4.8: Update to v4.8 HF4
- SINAMICS S110 w. PN: Update to v4.4 SP3 HF5
- SINAMICS S120 v4.7: Update to v4.7 HF27
- SINAMICS S120 v4.8: Update to v4.8 HF4
- SINAMICS S150 v4.7: Update to v4.7 HF27
- SINAMICS S150: v4.8: Update to v4.8 HF4
- SINAMICS v90 w. PN: Update to v1.1
- SINUMERIK 828D v4.5: Update to v4.5 SP6 HF2
- SINUMERIK 828D v4.7: Update to v4.7 SP4 HF1
- SINUMERIK 840D sl v4.5 and prior: Update to v4.5 SP6 HF8
- SINUMERIK 840D sl v4.7: Update to v4.7 SP4 HF1

SINUMERIK software updates listed above can be obtained from a Siemens account manager.

- SIRIUS ACT 3SU1 interface module PROFINET: Update to v1.1.0
- SITOP PSU8600 PROFINET: Update to v1.2.0
- SITOP UPS1600 PROFINET: Update to v2.2.0
- Softnet PROFINET IO for PC-based Windows systems: Update to v14 SP1

Siemens is preparing updates for the remaining affected products and recommends the following mitigations in the meantime:

- Apply cell protection concept.
- Use VPN for protecting network communication between cells.
- Apply defense-in-depth.

As a general security measure Siemens strongly recommends protecting industrial control systems networks with appropriate mechanisms. Siemens strongly recommends verifying the affected products are protected as described in PROFINET Security Guidelines and Siemens Operational Guidelines in order to run the devices in a protected IT environment.

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-293562

See Also

http://www.securityfocus.com/bid/98369

http://www.securitytracker.com/id/1038463

https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02

https://www.cisa.gov/news-events/ics-advisories/icsa-17-129-02

https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf

Plugin Details

Severity: Medium

ID: 500277

Version: 1.15

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2017-2680

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:scalance_m-800_firmware, cpe:/o:siemens:scalance_s615_firmware, cpe:/o:siemens:scalance_w700_firmware, cpe:/o:siemens:scalance_x200_series_firmware, cpe:/o:siemens:scalance_x200_irt_series_firmware, cpe:/o:siemens:scalance_x300_series_firmware, cpe:/o:siemens:scalance_x408_firmware, cpe:/o:siemens:scalance_x414_firmware, cpe:/o:siemens:scalance_xm400_series_firmware, cpe:/o:siemens:scalance_xr500_series_firmware, cpe:/o:siemens:simatic_cp_1243-1_dnp3_firmware, cpe:/o:siemens:simatic_cp_1243-1_firmware, cpe:/o:siemens:simatic_cp_1243-1_iec_firmware, cpe:/o:siemens:simatic_cp_1243-1_irc_firmware, cpe:/o:siemens:simatic_cp_1542sp-1_irc_firmware, cpe:/o:siemens:simatic_cp_1543-1_firmware, cpe:/o:siemens:simatic_cp_1543sp-1_firmware, cpe:/o:siemens:simatic_cp_343-1_adv_firmware, cpe:/o:siemens:simatic_cp_343-1_lean_firmware, cpe:/o:siemens:simatic_cp_343-1_std_firmware, cpe:/o:siemens:simatic_cp_443-1_adv_firmware, cpe:/o:siemens:simatic_cp_443-1_opc-ua_firmware, cpe:/o:siemens:simatic_cp_443-1_std_firmware, cpe:/o:siemens:simatic_et_200al_firmware, cpe:/o:siemens:simatic_et_200ecopn_firmware, cpe:/o:siemens:simatic_et_200m_firmware, cpe:/o:siemens:simatic_et_200pro_firmware, cpe:/o:siemens:simatic_et_200s_firmware, cpe:/o:siemens:simatic_s7-1200_firmware, cpe:/o:siemens:simatic_s7-1500_firmware, cpe:/o:siemens:simatic_s7-200_smart_firmware, cpe:/o:siemens:simatic_s7-300_firmware, cpe:/o:siemens:simatic_s7-400h_v6_firmware, cpe:/o:siemens:simatic_s7-400pn%2fdp_v6_firmware, cpe:/o:siemens:simatic_s7-400pn%2fdp_v7_firmware, cpe:/o:siemens:simatic_tdc_cp51m1_firmware, cpe:/o:siemens:simatic_tdc_cpu555_firmware, cpe:/o:siemens:sitop_psu8600_firmware, cpe:/o:siemens:simatic_cm_1542-1_firmware, cpe:/o:siemens:simatic_cm_1542sp-1_firmware, cpe:/o:siemens:simatic_cp_1616_firmware, cpe:/o:siemens:simatic_cp_1604_firmware, cpe:/o:siemens:simatic_cp_1626_firmware, cpe:/o:siemens:simatic_et200mp_im155-5_pn_ba_firmware, cpe:/o:siemens:simatic_et200mp_im155-5_pn_hf_firmware, cpe:/o:siemens:simatic_et200mp_im155-5_pn_st_firmware, cpe:/o:siemens:simatic_et200sp_im155-6_pn_hf_firmware, cpe:/o:siemens:simatic_et200sp_im155-6_pn_hs_firmware, cpe:/o:siemens:simatic_et200sp_im155-6_pn_st_firmware, cpe:/o:siemens:simatic_et_200sp_firmware, cpe:/o:siemens:simatic_s7-410_firmware, cpe:/o:siemens:simatic_cp_1242-7_gprs_v2_firmware, cpe:/o:siemens:simatic_cp_1243-7_lte_us_firmware, cpe:/o:siemens:simatic_cp_1243-8_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 5/11/2017

Vulnerability Publication Date: 5/11/2017

Reference Information

CVE: CVE-2017-2680

CWE: 400