CVE-2017-2681

Name of the Vulnerable Software and Affected Versions: Siemens PROFINET DCP versions (affected versions not specified) SIMATIC HMI Multi Panels and HMI Mobile Panels (affected versions not specified) S7-300/S7-400 devices (affected versions not specified)

Description: The issue is related to insufficient input validation, which can be exploited by sending specially crafted PROFINET DCP packets on a local Ethernet segment to cause a denial of service condition. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

Recommendations: For SIMATIC HMI Multi Panels and HMI Mobile Panels, restrict access to the local Ethernet segment to minimize the risk of exploitation. For S7-300/S7-400 devices, consider implementing network segmentation to limit the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.