CVE-2015-2177

Published: Mar 7, 2015Modified: Jun 2, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.

Affected (2)

Products: Siemens: Simatic S7 300 Cpu Firmware, Simatic S7 300 Cpu

Siemens

2 products

Simatic S7 300 Cpu Firmware

Simatic S7 300 Cpu

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic S7 300 Cpu Firmware	All versions
Siemens Simatic S7 300 Cpu	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://www.securityfocus.com/bid/72973

Source: cve@mitre.org

http://www.securitytracker.com/id/1032040

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-987029.pdf

Source: cve@mitre.org

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf

Source: cve@mitre.org

https://ics-cert.us-cert.gov/advisories/ICSA-15-064-04

Source: cve@mitre.org

https://www.exploit-db.com/exploits/44802/

Source: cve@mitre.org

http://www.securityfocus.com/bid/72973