CVE-2017-12235

Name of the Vulnerable Software and Affected Versions Cisco IOS Software versions 12.2 through 15.6

Description A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) exists due to improper parsing of ingress PN-DCP Identify Request packets. This could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device.

Recommendations For Cisco IOS Software versions 12.2 through 15.6, update to a fixed software version to address this vulnerability. As a temporary workaround, consider restricting access to the PROFINET protocol to minimize the risk of exploitation. Avoid using the PN-DCP Identify Request packet in the affected API endpoint until the issue is resolved.