This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
Current Description
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 (All versions < V4.3), SCALANCE S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200 (All Versions < V3.0), SCALANCE XC-200 (All Versions < V3.0), SCALANCE XF-200BA (All Versions < V3.0), SCALANCE XM-400 (All Versions < V6.0), SCALANCE XP-200 (All Versions < V3.0), SCALANCE XR-300WG (All Versions < V3.0), SCALANCE XR-500 (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 (All Versions < V7.0.6), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 (All versions < V3), SIMOTION C (All versions < V4.5), SIMOTION D (incl. SIPLUS variants) (All versions < V4.5), SIMOTION P (All versions < V4.5), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.
NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.
Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. The CNA has not provided a score within the CVE List.
NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.
Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. The CNA has not provided a score within the CVE List.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to nvd@nist.gov.
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-20
Modified Analysis9/28/2020 8:13:50 PM
Action
Type
Old Value
New Value
Changed
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*
AND
OR
*cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 5.3
OR
cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*
Changed
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*
AND
OR
*cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.0
OR
cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*
Changed
CPE Configuration
OR
*cpe:2.3:a:siemens:dk_standard_ethernet_controller:*:*:*:*:*:*:*:*
*cpe:2.3:a:siemens:profinet_driver:*:*:*:*:*:*:*:* versions up to (excluding) 2.1
*cpe:2.3:a:siemens:simatic_ipc_support:-:*:*:*:*:*:*:*
OR
*cpe:2.3:a:siemens:dk_standard_ethernet_controller:*:*:*:*:*:*:*:*
*cpe:2.3:a:siemens:profinet_driver:*:*:*:*:*:*:*:* versions up to (excluding) 2.1
*cpe:2.3:a:siemens:simatic_ipc_support:*:*:*:*:*:*:*:*
Removed
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_x-200irt_pro_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_x-200irt_pro:-:*:*:*:*:*:*:*
Removed
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*
Changed
Reference Type
https://www.us-cert.gov/ics/advisories/icsa-20-042-04 No Types Assigned
https://www.us-cert.gov/ics/advisories/icsa-20-042-04 Third Party Advisory, US Government Resource
AND
OR
*cpe:2.3:o:siemens:ek-ertec_200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.5
OR
cpe:2.3:h:siemens:ek-ertec_200:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.6
OR
cpe:2.3:h:siemens:ek-ertec_200p:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:im_154-3_pn_hf_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:im_154-3_pn_hf:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:im_154-4_pn_hf_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:im_154-4_pn_hf:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.3
OR
cpe:2.3:h:siemens:ruggedcom_rm1224:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.3
OR
cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.3
OR
cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:* versions up to (including) 6.0.1
OR
cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_x-200irt_pro_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_x-200irt_pro:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_x-400_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0
OR
cpe:2.3:h:siemens:scalance_x-400:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.0
OR
cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.0
OR
cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xf-200_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.0
OR
cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0
OR
cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.0
OR
cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.0
OR
cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0
OR
cpe:2.3:h:siemens:scalance_xr524:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0
OR
cpe:2.3:h:siemens:scalance_xr526:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0
OR
cpe:2.3:h:siemens:scalance_xr528:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.0
OR
cpe:2.3:h:siemens:scalance_xr552:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_1604_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.8
OR
cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_1616_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.8
OR
cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_343-1_advanced_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_cp_343-1_advanced:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_343-1_erpc_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_cp_343-1_erpc:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_cp_443-1_advanced:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_cp_443-1_opc_ua:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200al_im_157-1_pn_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_et200al_im_157-1_pn:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200ecopn_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_et200ecopn:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200m_im153-4_pn_io_hf_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_et200m_im153-4_pn_io_hf:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200m_im153-4_pn_io_st_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_et200m_im153-4_pn_io_st:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200mp_im155-5_pn_hf_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.2.0
OR
cpe:2.3:h:siemens:simatic_et200mp_im155-5_pn_hf:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200mp_im155-5_pn_st_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.0
OR
cpe:2.3:h:siemens:simatic_et200mp_im155-5_pn_st:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200pro_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_et200pro:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200s_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_et200s:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn_basic_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_et200sp_im155-6_pn_basic:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn_hf_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.3.1
OR
cpe:2.3:h:siemens:simatic_et200sp_im155-6_pn_hf:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn_st_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.1.0
OR
cpe:2.3:h:siemens:simatic_et200sp_im155-6_pn_st:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_mv420_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_mv420:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_mv440_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_mv440:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_pn\/pn_coupler_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_pn\/pn_coupler:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_rf180c_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_rf180c:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_rf182c_firmware:*:*:*:*:*:*:*:*
OR
cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:simatic_rf600_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 3.0
OR
cpe:2.3:h:siemens:simatic_rf600:-:*:*:*:*:*:*:*
Added
CPE Configuration
AND
OR
*cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.3
OR
cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*
Added
CPE Configuration
OR
*cpe:2.3:a:siemens:dk_standard_ethernet_controller:*:*:*:*:*:*:*:*
*cpe:2.3:a:siemens:profinet_driver:*:*:*:*:*:*:*:* versions up to (excluding) 2.1
*cpe:2.3:a:siemens:simatic_ipc_support:-:*:*:*:*:*:*:*
Added
CVSS V2
NIST (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Added
CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added
CWE
NIST CWE-400
Changed
Reference Type
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf No Types Assigned
