Siemens · Simatic S7-300 · CVE-2016-3949
**Name of the Vulnerable Software and Affected Versions**
Siemens SIMATIC S7-300 Profinet-enabled CPU devices versions prior to 3.2.12
Siemens SIMATIC S7-300 Profinet-disabled CPU devices versions prior to 3.3.12
**Description**
The issue allows remote attackers to cause a denial of service, resulting in a defect-mode transition. This can be achieved via crafted packets, specifically (1) ISO-TSAP or (2) Profibus packets.
**Recommendations**
For Siemens SIMATIC S7-300 Profinet-enabled CPU devices versions prior to 3.2.12, update the firmware to version 3.2.12 or later.
For Siemens SIMATIC S7-300 Profinet-disabled CPU devices versions prior to 3.3.12, update the firmware to version 3.3.12 or later.