U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2017-2681

Change History

CVE Modified by Siemens AG 1/18/2018 9:29:02 PM

Action Type Old Value New Value
Changed Description
Siemens SIMATIC S7-300 incl. F and T (All versions before V3.X.14), S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), S7-400-H V6 (All versions before V6.0.7), S7-400 PN/DP V7 Incl. F (All versions), S7-410 (All versions before V8.2), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP (Layer 2 - Ethernet) packet sent to an affected product.
A vulnerability has been identified in Development/Evaluation Kit DK Standard Ethernet Controller, Development/Evaluation Kit EK-ERTEC 200 PN IO, Development/Evaluation Kit EK-ERTEC 200P PN IO, IE/AS-i Link PN IO, IE/PB-Link, SCALANCE M-800, S615, SCALANCE W700, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-300/X408, SCALANCE X414, SCALANCE XM400, SCALANCE XR500, SIMATIC WinAC RTX 2010 incl. F, SIMATIC CP 1243-1, SIMATIC CP 1243-1 DNP3, SIMATIC CP 1243-1 IEC, SIMATIC CP 1243-1 IRC, SIMATIC CP 1542-1, SIMATIC CP 1542SP-1, SIMATIC CP 1542SP-1 IRC, SIMATIC CP 1543-1, SIMATIC CP 1543SP-1, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Adv, SIMATIC CP 343-1 Lean, SIMATIC CP 343-1 Std, SIMATIC CP 443-1 Adv, SIMATIC CP 443-1 OPC-UA, SIMATIC CP 443-1 Std, SIMATIC DK-16xx PN IO, SIMATIC ET 200AL, SIMATIC ET 200M, SIMATIC ET 200MP, SIMATIC ET 200S, SIMATIC ET 200SP, SIMATIC ET 200ecoPN, SIMATIC ET 200pro, SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC RF650R, SIMATIC RF680R, SIMATIC RF685R, SIMATIC S7-1200 incl. F, SIMATIC S7-1500 Software Controller incl. F, SIMATIC S7-1500 incl. F, T, and TF, SIMATIC S7-200 SMART, SIMATIC S7-300 incl. F and T, SIMATIC S7-400 PN/DP V6 Incl. F, SIMATIC S7-400 PN/DP V7 Incl. F, SIMATIC S7-400-H V6, SIMATIC S7-410, SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced, SIMOCODE pro V PROFINET, SIMOTION, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 828D V4.5 and prior, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.5 and prior, SINUMERIK 840D sl V4.7, SIRIUS ACT 3SU1 interface module PROFINET, SIRIUS Motor Starter M200D PROFINET, SIRIUS Soft Starter 3RW44 PN, SITOP PSU8600 PROFINET, SITOP UPS1600 PROFINET, Softnet PROFINET IO for PC-based Windows systems. Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a Denial-of-Service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices.