CNVD-2017-06152

Vulnerability from cnvd - Published: 2017-05-09
VLAI Severity ?
Title
Siemens多个工业产品存在拒绝服务漏洞
Description
SIMATIC WinCC(TIA Portal)、SIMATIC STEP 7、SMART PC Access、SIMATIC Automation Tool等都是德国西门子(Siemens)公司的工业自动化产品。 Siemens多个工业产品存在拒绝服务漏洞。当PROFINET DCP广播数据包发送到本地以太网段(第2层)上的受影响的产品时,攻击者可在某些情况下通过PROFINET DCP网络数据包导致拒绝服务条件。这些服务需要手动重新启动才能恢复。
Severity
Patch Name
Siemens多个工业产品存在拒绝服务漏洞的补丁
Patch Description
SIMATIC WinCC(TIA Portal)、SIMATIC STEP 7、SMART PC Access、SIMATIC Automation Tool等都是德国西门子(Siemens)公司的工业自动化产品。 Siemens多个工业产品存在拒绝服务漏洞。当PROFINET DCP广播数据包发送到本地以太网段(第2层)上的受影响的产品时,攻击者可在某些情况下通过PROFINET DCP网络数据包导致拒绝服务条件。这些服务需要手动重新启动才能恢复。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可联系供应商获得补丁信息: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf

Reference
http://www.siemens.com/cert/en/cert-security-advisories.htm
Impacted products
Name
['Siemens SIMATIC WinCC Flexible 2008', 'Siemens SIMATIC WinCC 0', 'Siemens SIMATIC STEP 7 5.x', 'SIEMENS SIMATIC WinAC RTX 2010 SP2 All', 'SIEMENS SIMATIC WinAC RTX F 2010 SP2 All', 'SIEMENS Security Configuration Tool (SCT) All', 'SIEMENS Primary Setup Tool (PST) All', 'SIEMENS SIMATIC PCS 7', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional <V13 SP2', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional <V14 SP1', 'Siemens SIMATIC STEP 7 (TIA Portal) <V13 SP2', 'Siemens SIMATIC STEP 7 (TIA Portal) <V14 SP1', 'SIEMENS STEP 7 - Micro / WIN SMART', 'SIEMENS SMART PC Access 2.0', 'SIEMENS SIMATIC Automation Tool', 'SIEMENS SIMATIC NET PC-Software', 'SIEMENS SINAUT ST7CC', 'SIEMENS SINUMERIK 808D Programming Tool']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6865"
    }
  },
  "description": "SIMATIC WinCC\uff08TIA Portal\uff09\u3001SIMATIC STEP 7\u3001SMART PC Access\u3001SIMATIC Automation Tool\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u4ea7\u54c1\u3002\r\n\r\nSiemens\u591a\u4e2a\u5de5\u4e1a\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53PROFINET DCP\u5e7f\u64ad\u6570\u636e\u5305\u53d1\u9001\u5230\u672c\u5730\u4ee5\u592a\u7f51\u6bb5\uff08\u7b2c2\u5c42\uff09\u4e0a\u7684\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u901a\u8fc7PROFINET DCP\u7f51\u7edc\u6570\u636e\u5305\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u8fd9\u4e9b\u670d\u52a1\u9700\u8981\u624b\u52a8\u91cd\u65b0\u542f\u52a8\u624d\u80fd\u6062\u590d\u3002",
  "discovererName": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06152",
  "openTime": "2017-05-09",
  "patchDescription": "SIMATIC WinCC\uff08TIA Portal\uff09\u3001SIMATIC STEP 7\u3001SMART PC Access\u3001SIMATIC Automation Tool\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u4ea7\u54c1\u3002\r\n\r\nSiemens\u591a\u4e2a\u5de5\u4e1a\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5f53PROFINET DCP\u5e7f\u64ad\u6570\u636e\u5305\u53d1\u9001\u5230\u672c\u5730\u4ee5\u592a\u7f51\u6bb5\uff08\u7b2c2\u5c42\uff09\u4e0a\u7684\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u901a\u8fc7PROFINET DCP\u7f51\u7edc\u6570\u636e\u5305\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u8fd9\u4e9b\u670d\u52a1\u9700\u8981\u624b\u52a8\u91cd\u65b0\u542f\u52a8\u624d\u80fd\u6062\u590d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens\u591a\u4e2a\u5de5\u4e1a\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC WinCC Flexible 2008",
      "Siemens SIMATIC WinCC 0",
      "Siemens SIMATIC STEP 7 5.x",
      "SIEMENS SIMATIC WinAC RTX 2010 SP2 All",
      "SIEMENS SIMATIC WinAC RTX F 2010 SP2 All",
      "SIEMENS Security Configuration Tool (SCT) All",
      "SIEMENS Primary Setup Tool (PST) All",
      "SIEMENS SIMATIC PCS 7",
      "SIEMENS SIMATIC WinCC (TIA Portal) Professional \u003cV13 SP2",
      "SIEMENS SIMATIC WinCC (TIA Portal) Professional \u003cV14 SP1",
      "Siemens SIMATIC STEP 7 (TIA Portal) \u003cV13 SP2",
      "Siemens SIMATIC STEP 7 (TIA Portal) \u003cV14 SP1",
      "SIEMENS STEP 7 - Micro / WIN SMART",
      "SIEMENS SMART PC Access 2.0",
      "SIEMENS SIMATIC Automation Tool",
      "SIEMENS SIMATIC NET PC-Software",
      "SIEMENS SINAUT ST7CC",
      "SIEMENS SINUMERIK 808D Programming Tool"
    ]
  },
  "referenceLink": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-09",
  "title": "Siemens\u591a\u4e2a\u5de5\u4e1a\u4ea7\u54c1\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.