|2017-08-31||Other||Siemens||Siemens reported this vulnerability and released an advisory with firmware update information.
# Siemens 7KM PAC Switched Ethernet
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
7KM PAC Switched Ethernet
Siemens reported this vulnerability and released an advisory with firmware update information.
### AFFECTED PRODUCTS
Siemens reports that the vulnerability affects the following 7KM PAC Switched Ethernet PROFINET expansion modules:
7KM PAC Switched Ethernet PROFINET expansion module: All versions prior to V2.1.3
Successful exploitation of this vulnerability could cause a denial-of-service condition in the affected component that may require a manual restart of the main device to recover.
### VULNERABILITY OVERVIEW
UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
A denial-of-service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast.
The affected component requires a manual restart via the main device to recover.
CVE-2017-9945 has been assigned to this vulnerability.
A CVSS v3 base score of 4.3 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Critical Infrastructure Sectors: Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany
Siemens provides firmware Version V2.1.3 for 7KM PAC Switched Ethernet PROFINET expansion modules, which fixes the vulnerability, and recommends users to update to the new fixed version. The new firmware update can be found at the following location:
Siemens recommends users protect network access with appropriate mechanisms such as firewalls, segmentation, and VPNs. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security:
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-771218 at the following location: