PT-2013-1037 · Siemens · Simatic Wincc

Aleksandr Tlyapov

Published

2013-03-19

Updated

2014-07-25

CVE-2014-4685

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC WinCC versions prior to 7.3

Description The issue allows a local user to gain limited elevated privileges of the operating system user by leveraging weak system-object access control. This could potentially be exploited to gain increased access to system resources.

Recommendations For Siemens SIMATIC WinCC versions prior to 7.3, update to version 7.3 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2014-00408

CVE-2014-4685

Affected Products

Simatic Wincc

PT-2013-1037 · Siemens · Simatic Wincc

CVE-2014-4685

Weakness Enumeration

Related Identifiers

Affected Products

References · 9