CVE-2017-2680

Name: CVE-2017-2680
Creator: NVD / NIST
Published: 2017-05-11T01:29:05.4+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10EPSS 1.15%

Last modified Jun 17, 2026

CVE-2017-2680 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. EPSS estimates a 1.15% chance of exploitation in the next 30 days.

Description

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0

7.1/10

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

1.15%

62.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Simatic Cp 343-1 Std Firmware	< 3.1.3
Siemens	Simatic Cp 343-1 Lean Firmware	< 3.1.3
Siemens	Simatic Cp 343-1 Adv Firmware	All versions
Siemens	Simatic Cp 443-1 Std Firmware	< 3.2.17
Siemens	Simatic Cp 443-1 Adv Firmware	< 3.2.17
Siemens	Simatic Cp 443-1 Opc-Ua Firmware	All versions
Siemens	Simatic Cp 1243-1 Firmware	< 2.1.82
Siemens	Simatic Cm 1542-1 Firmware	< 2.0
Siemens	Simatic Cp 1542sp-1 Firmware	< 1.0.15
Siemens	Simatic Cp 1542sp-1 Irc Firmware	< 1.0.15
Siemens	Simatic Cp 1543sp-1 Firmware	< 1.0.15
Siemens	Simatic Cp 1543-1 Firmware	< 2.1
Siemens	Simatic Rf650r Firmware	< 3.0
Siemens	Simatic Rf680r Firmware	< 3.0
Siemens	Simatic Rf685r Firmware	< 3.0
Siemens	Simatic Cp 1616 Firmware	< 2.7
Siemens	Simatic Cp 1604 Firmware	< 2.7
Siemens	Simatic Dk-1616 Pn Io Firmware	< 2.7
Siemens	Scalance X200 Firmware	< 5.2.2
Siemens	Scalance X200 Irt Firmware	< 5.4.0
Siemens	Scalance X300 Firmware	< 4.1.0
Siemens	Scalance X408 Firmware	< 4.1.0
Siemens	Scalance X414 Firmware	< 3.10.2
Siemens	Scalance Xm400 Firmware	< 6.1
Siemens	Scalance Xr500 Firmware	< 6.1
Siemens	Scalance W700 Firmware	< 6.1
Siemens	Scalance M-800 Firmware	< 4.03
Siemens	Scalance S615 Firmware	< 4.03
Siemens	Softnet Profinet Io Firmware	< 14
Siemens	Softnet Profinet Io Firmware	14
Siemens	Ie\/Pb-Link Firmware	< 3.0
Siemens	Ie\/As-I Link Pn Io Firmware	All versions
Siemens	Simatic Teleservice Adapter Ie Standard Firmware	All versions
Siemens	Simatic Teleservice Adapter Ie Basic Firmware	All versions
Siemens	Simatic Teleservice Adapter Ie Advanced Firmware	All versions
Siemens	Sitop Psu8600 Firmware	< 1.2.0
Siemens	Ups1600 Profinet Firmware	< 2.2.0
Siemens	Simatic Et 200al Firmware	< 1.0.2
Siemens	Simatic Et 200ecopn Firmware	All versions
Siemens	Simatic Et 200m Firmware	All versions
Siemens	Simatic Et 200mp Firmware	< 4.0.1
Siemens	Simatic Et 200pro Firmware	All versions
Siemens	Simatic Et 200s Firmware	All versions
Siemens	Simatic Et 200sp Firmware	< 4.1.0
Siemens	Pn\/Pn Coupler Firmware	< 4.0
Siemens	Dk Standard Ethernet Controller Firmware	< 4.1.1
Siemens	Dk Standard Ethernet Controller Firmware	4.1.1
Siemens	Ek-Ertec 200p Pn Io Firmware	< 4.4.0
Siemens	Ek-Ertec 200p Pn Io Firmware	4.4.0
Siemens	Ek-Ertec 200 Pn Io Firmware	< 4.2.1

Showing 50 of 115 affected configurations. See NVD for the full list.

References

http://www.securityfocus.com/bid/98369Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038463Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/html/ssa-284673.html
https://cert-portal.siemens.com/productcert/html/ssa-293562.html
https://cert-portal.siemens.com/productcert/html/ssa-546832.html
https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdfVendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02Third Party Advisory, US Government Resource
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdfBroken Link
http://www.securityfocus.com/bid/98369Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1038463Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/html/ssa-284673.html
https://cert-portal.siemens.com/productcert/html/ssa-293562.html
https://cert-portal.siemens.com/productcert/html/ssa-546832.html
https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdfVendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-023-02Third Party Advisory, US Government Resource
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdfBroken Link

Timeline

Published: May 11, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-2680?

How severe is CVE-2017-2680?

CVE-2017-2680 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 1.15% probability of exploitation in the next 30 days.

How do I fix CVE-2017-2680?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-2680?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST