CVE-2015-2177

HIGH

SIMATIC S7-300 CPU Firmware - Denial of Service via Crafted Packets on TCP Port 102 or Profibus

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2177. PoCs published by t4rkd3vilz.

AI-analyzed exploit summary This exploit sends a malformed HTTP GET request with an oversized buffer (2220 bytes) to trigger a denial-of-service condition in Siemens SIMATIC S7-300 CPU devices. The vulnerability is exploited via a simple socket connection to port 80.

Description

Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.

Exploits (1)

exploitdb WORKING POC
by t4rkd3vilz · pythondoslinux
https://www.exploit-db.com/exploits/44802

This exploit sends a malformed HTTP GET request with an oversized buffer (2220 bytes) to trigger a denial-of-service condition in Siemens SIMATIC S7-300 CPU devices. The vulnerability is exploited via a simple socket connection to port 80.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Siemens SIMATIC S7-300 CPU family (all versions)
No auth needed
Prerequisites: Network access to the target device · Target device must be running a vulnerable version of SIMATIC S7-300 CPU
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032040
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44802/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72973

Scores

CVSS v3 7.5
EPSS 0.3444
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-20
Status published
Products (2)
siemens/simatic_s7-300_cpu
siemens/simatic_s7-300_cpu_firmware
Published Mar 07, 2015
Tracked Since Feb 18, 2026