CVE-2017-2681

medium

Published 2017-05-11 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2

6.1

VIR risk

6.5

Description

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

Predictions

Exploit likelihood

65%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: productcert@siemens.com — https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf

Application impact

Vendor	Product	Versions	Fixed
siemens	simatic_s7-1500_software_controller	`{"endExcluding":"2.1"}`	`2.1`

References

http://www.securityfocus.com/bid/98369
http://www.securitytracker.com/id/1038463
https://cert-portal.siemens.com/productcert/html/ssa-293562.html
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf
http://www.securityfocus.com/bid/98369
http://www.securitytracker.com/id/1038463
https://cert-portal.siemens.com/productcert/html/ssa-293562.html
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf

CWEs

CWE-400

Verify integrity in audit chain (admin only). AS-IS.