A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocolnbsp;(PN-DCP) for Cisconbsp;IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of servicenbsp;(DoS) condition.
The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device.

An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device.

A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet
This advisory is part of the September 27, 2017, release of the Cisconbsp;IOS and IOSnbsp;XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities.

For a complete list of the advisories and links to them, see Cisco Event Response: September 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2017-12235

Leave a Reply