CVE-2017-2681 MEDIUM

CVE-2017-2681

Vendor Siemens
Product Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Weakness CWE-400
Published May 11, 2017
Last update September 10, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

Key dates

02Disclosure timeline

May 11, 2017 CVE published
September 10, 2024 Record updated