Vigil@nce - SIMATIC: denial of service via PROFINET DCP
May 2018 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious PROFINET DCP packets to SIMATIC, in order to trigger a denial of service.
Impacted products: SIMATIC.
Creation date: 21/03/2018.
DESCRIPTION OF THE VULNERABILITY
The SIMATIC product has a service to manage received PROFINET DCP packets.
However, when malicious PROFINET DCP packets are received, a fatal error occurs.
An attacker can therefore send malicious PROFINET DCP packets to SIMATIC, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN