CVE-2017-6867

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC WinCC versions 7.3 before Upd 11 Siemens SIMATIC WinCC versions 7.4 before SP1 Siemens SIMATIC WinCC Runtime Professional versions 13 before SP2 Siemens SIMATIC WinCC Runtime Professional versions 14 before SP1 Siemens SIMATIC WinCC (TIA Portal) Professional versions 13 before SP2 Siemens SIMATIC WinCC (TIA Portal) Professional versions 14 before SP1

Description A vulnerability was discovered that could allow an authenticated, remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.

Recommendations For Siemens SIMATIC WinCC versions 7.3 before Upd 11, update to Upd 11 or later. For Siemens SIMATIC WinCC versions 7.4 before SP1, update to SP1 or later. For Siemens SIMATIC WinCC Runtime Professional versions 13 before SP2, update to SP2 or later. For Siemens SIMATIC WinCC Runtime Professional versions 14 before SP1, update to SP1 or later. For Siemens SIMATIC WinCC (TIA Portal) Professional versions 13 before SP2, update to SP2 or later. For Siemens SIMATIC WinCC (TIA Portal) Professional versions 14 before SP1, update to SP1 or later.