CVE-2017-12235

CVE Database · CVE-2017-12235

CVE-2017-12235

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

6.94%

Published

Sep 28, 2017

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20

Affected Products (31)

cisco · iosvulnerable

cisco · industrial_ethernet_2000_16ptc-g-e_switch

cisco · industrial_ethernet_2000_16ptc-g-l_switch

cisco · industrial_ethernet_2000_16ptc-g-nx_switch

cisco · industrial_ethernet_2000_16t67-b_switch

cisco · industrial_ethernet_2000_16t67p-g-e_switch

cisco · industrial_ethernet_2000_16tc-g-e_switch