Strix
26.1K

CVE-2017-12741

HIGHCVSS 8.7/10EPSS 3.31%

Last modified

CVE-2017-12741 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.. EPSS estimates a 3.31% chance of exploitation in the next 30 days.

Description

Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0
8.7/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
3.31%

87.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SiemensSimatic S7-200 Firmware< 2.03.01
SiemensSimatic S7-400pn V6 Firmware< 6.0.6
SiemensSimatic S7-400h V6 Firmware< 6.0.8
SiemensSimatic S7-400pn\/Dp V7 FirmwareAll versions
SiemensSimatic S7-410 V8 FirmwareAll versions
SiemensSimatic S7-300 FirmwareAll versions
SiemensSimatic S7-1200 FirmwareAll versions
SiemensSimatic S7-1500 Firmware< 2.0
SiemensSimatic S7-1500 Controller Firmware2.0
SiemensSimatic Winac Rtx F 2010 FirmwareAll versions
SiemensSimatic Et 200al FirmwareAll versions
SiemensSimatic Et 200ecopn FirmwareAll versions
SiemensSimatic Et 200m FirmwareAll versions
SiemensSimatic Et 200mp FirmwareAll versions
SiemensSimatic Et 200pro FirmwareAll versions
SiemensSimatic Et 200s FirmwareAll versions
SiemensSimatic Et 200sp FirmwareAll versions
SiemensDk Standard Ethernet Controller FirmwareAll versions
SiemensEk-Ertec 200p Firmware< 4.5
SiemensEk-Ertec 200pn Io FirmwareAll versions
SiemensSimotion D Firmware<= 5.1
SiemensSimotion C Firmware<= 5.1
SiemensSimotion P Firmware<= 5.1
SiemensSinamics Dcm FirmwareAll versions
SiemensSinamics Dcp FirmwareAll versions
SiemensSinamics G110m\/G120pn Firmware<= 4.7
SiemensSinamics G130 FirmwareAll versions
SiemensSinamics G150 FirmwareAll versions
SiemensSinamics S110pn FirmwareAll versions
SiemensSinamics S120 FirmwareAll versions
SiemensSinamics S150 V4.7 FirmwareAll versions
SiemensSinamics S150 V4.8 FirmwareAll versions
SiemensSinamics V90pn FirmwareAll versions
SiemensSinumerik 840d Sl FirmwareAll versions
SiemensSimatic Compact Field Unit FirmwareAll versions
SiemensSimatic Pn\/Pn Coupler FirmwareAll versions
SiemensSimocode Pro V Profinet FirmwareAll versions
SiemensSirius Soft Starter 3rw44pn FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-12741?
Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.
How severe is CVE-2017-12741?
CVE-2017-12741 has a CVSS score of 8.7/10 (HIGH severity). The EPSS model estimates a 3.31% probability of exploitation in the next 30 days.
How do I fix CVE-2017-12741?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-12741?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST