PT-2016-6668 · Siemens · Simatic Wincc+3
Published
2016-07-22
·
Updated
2016-11-28
·
CVE-2016-5743
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Siemens SIMATIC WinCC versions prior to 7.3 Update 10
Siemens SIMATIC WinCC versions prior to 7.4 Update 1
Siemens SIMATIC BATCH versions prior to 8.1 SP1 Update 9
Siemens SIMATIC OpenPCS 7 versions prior to 8.1 Update 3
Siemens SIMATIC OpenPCS 7 versions prior to 8.2 Update 1
Siemens SIMATIC WinCC Runtime Professional versions prior to 13 SP1 Update 9
Description
The issue allows remote attackers to execute arbitrary code via crafted packets.
Recommendations
For Siemens SIMATIC WinCC versions prior to 7.3 Update 10, update to version 7.3 Update 10 or later.
For Siemens SIMATIC WinCC versions prior to 7.4 Update 1, update to version 7.4 Update 1 or later.
For Siemens SIMATIC BATCH versions prior to 8.1 SP1 Update 9, update to version 8.1 SP1 Update 9 or later.
For Siemens SIMATIC OpenPCS 7 versions prior to 8.1 Update 3, update to version 8.1 Update 3 or later.
For Siemens SIMATIC OpenPCS 7 versions prior to 8.2 Update 1, update to version 8.2 Update 1 or later.
For Siemens SIMATIC WinCC Runtime Professional versions prior to 13 SP1 Update 9, update to version 13 SP1 Update 9 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Batch
Simatic Openpcs 7
Simatic Wincc
Simatic Wincc Runtime Professional