Denial of Service vulnerability in PROFINET IO Device
Reporter
-
Hilscher Ticket
Affects
Hilscher PROFINET IO Device prior V3.14.0.7
Not affected
-
Impact
Denial-Of-Service
CVSS
7.5
Severity
HIGH
Last modified
Vulnerability Description
Short Decription
A Denial of Service vulnerability in Hilscher PROFINET IO Device V3 based solutions may lead to unexpected loss of cyclic communication or interruption of acyclic communication.
Detailed Description
When handling Read Implicit Request services, depending on the content of the request, the Hilscher PROFINET IO Device V3 protocol stack does not properly limit available resources. This may lead to shortage of resources which in the end may lead to described ímpact.
There is no workaround. However, using cell protection mechanisms and ensuring that no untrusted entity is connected to the network may reduce the risk of occurrence.
Disclaimer
The security advisory and information contained herein, are provided on an "as is" basis and do not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. The information in this advisory should not be construed as a commitment by Hilscher. In no event shall Hilscher be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, nor shall Hilscher be liable for incidental or consequential damages arising from use of any software or hardware described in this advisory. Hilscher provides no warranty, express or implied, for the information contained in this document, and assumes no responsibility for the information contained in this document or for any errors that may appear in this document. Your use of the advisory and information contained herein, or materials linked from the advisory, is at your own risk. Information in this advisory and any related communications is based on our knowledge at the time of publication and is subject to change without notice. Hilscher reserves the right to change or update advisories at any time.