Cyber Resilience

CVE-2017-0143

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 17 March 2017

Published
17 March 2017
Modified
22 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9402 99.9th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-0143 is a high-severity an unspecified weakness vulnerability in Siemens Acuson P300 Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-7 (Boundary Protection).

Deeper analysis

The vulnerability CVE-2017-0143 resides in the SMBv1 server implementation across multiple Microsoft Windows releases, specifically Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. It is triggered by specially crafted network packets that result in remote code execution and is distinct from the related issues tracked as CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

An unauthenticated remote attacker with network connectivity to an affected SMBv1 endpoint can send malicious packets to execute arbitrary code, obtaining the same privileges as the SMB service and thereby enabling full system compromise.

Public references such as the Siemens SSA-701903 advisory and entries on SecurityFocus and SecurityTracker outline vendor guidance and patch availability for the affected platforms, while PacketStorm disclosures describe neutralization techniques for associated DOUBLEPULSAR payloads.

The listed references further document publicly available exploit code and payload execution artifacts tied to this SMBv1 flaw.

EU & UK References

Vulnerability details

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016…

more

allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
server message block
1.0
philips
intellispace portal
7.0, 8.0
siemens
acuson p300 firmware
13.02, 13.03, 13.20, 13.21
siemens
acuson p500 firmware
va10, vb10
siemens
acuson sc2000 firmware
5.0a · 4.0 — 4.0e
siemens
acuson x700 firmware
1.0, 1.1
siemens
syngo sc2000 firmware
5.0a · 4.0 — 4.0e
siemens
tissue preparation system firmware
all versions
siemens
versant kpcr molecular system firmware
all versions
siemens
versant kpcr sample prep firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Disabling SMBv1 (an unnecessary and legacy protocol) directly removes the vulnerable server component that accepts crafted packets for RCE.

prevent

Applying the vendor patches for CVE-2017-0143 eliminates the SMBv1 flaw before an unauthenticated attacker can send exploit packets.

prevent

Boundary protection (e.g., firewalls or network segmentation) blocks external SMB traffic to affected hosts, preventing remote unauthenticated access to the vulnerable endpoint.

References