CVE-2017-12069

Name of the Vulnerable Software and Affected Versions OPC Foundation UA .NET Sample Code versions prior to 2017-03-21 Local Discovery Server (LDS) versions prior to 1.03.367 Siemens SIMATIC PCS7 versions 8.1 and earlier Siemens SIMATIC WinCC versions prior to 7.4 SP1 Siemens SIMATIC WinCC Runtime Professional versions prior to 14 SP1 Siemens SIMATIC NET PC Software (affected versions not specified) Siemens SIMATIC IT Production Suite (affected versions not specified)

Description An issue has been identified that allows an attacker to cause the system to access various resources chosen by the attacker by sending specially crafted packets to the OPC Discovery Server at port 4840/tcp.

Recommendations For OPC Foundation UA .NET Sample Code, update to a version released after 2017-03-21. For Local Discovery Server (LDS), update to version 1.03.367 or later. For Siemens SIMATIC PCS7, update to a version later than 8.1. For Siemens SIMATIC WinCC, update to version 7.4 SP1 or later. For Siemens SIMATIC WinCC Runtime Professional, update to version 14 SP1 or later. For Siemens SIMATIC NET PC Software and SIMATIC IT Production Suite, at the moment, there is no information about a newer version that contains a fix for this issue.