cvelist/2017/6xxx/CVE-2017-6865.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "productcert@siemens.com",
      "DATE_PUBLIC" : "2017-05-08T00:00:00",
      "ID" : "CVE-2017-6865",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "SIEMENS SIMATIC WinCC (TIA Portal) V13 and V14, SIMATIC STEP 7 (TIA Portal) V13 and V14, SIMATIC STEP 7 V5.X, STEP 7 - Micro/WIN SMART, SMART PC Access V2.0, SIMATIC Automation Tool, SIMATIC WinCC, SIMATIC PCS 7, SIMATIC NET PC-Software, Primary Setup Tool (PST), Security Configuration Tool (SCT), SINEMA Server, SINAUT ST7CC, SIMATIC WinAC RTX 2010 SP2, SIMATIC WinAC RTX F 2010 SP2, SINUMERIK 808D Programming Tool, SIMATIC WinCC flexible 2008",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "SIEMENS SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 V5.X (All versions before V5.6), STEP 7 - Micro/WIN SMART (All versions before V2.3), SMART PC Access V2.0, SIMATIC Automation Tool (All versions before V3.0), SIMATIC WinCC (All versions before V7.4 SP1 Upd1), SIMATIC PCS 7 (All versions), SIMATIC NET PC-Software (All versions), Primary Setup Tool (PST) (All versions before V4.2 HF1), Security Configuration Tool (SCT) (All versions bevore V5.0), SINEMA Server (All versions before V14), SINAUT ST7CC (All versions), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SINUMERIK 808D Programming Tool (All versions before V4.7 SP4 HF2), SIMATIC WinCC flexible 2008 (All versions)"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Siemens AG"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 V5.X (All versions before V5.6), STEP 7 - Micro/WIN SMART (All versions before V2.3), SMART PC Access V2.0, SIMATIC Automation Tool (All versions before V3.0), SIMATIC WinCC (All versions before V7.4 SP1 Upd1), SIMATIC PCS 7 (All versions), SIMATIC NET PC-Software (All versions), Primary Setup Tool (PST) (All versions before V4.2HF1), Security Configuration Tool (SCT) (All versions before V5.0), SINEMA Server (All versions before V14), SINAUT ST7CC (All versions), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SINUMERIK 808D Programming Tool (All versions before V4.7 SP4 HF2), SIMATIC WinCC flexible 2008 (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "CWE-20: Improper Input Validation"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf"
         },
         {
            "url" : "http://www.securityfocus.com/bid/98366"
         }
      ]
   }
}