CVE-2018-13799

Name of the Vulnerable Software and Affected Versions SIMATIC WinCC OA versions prior to V3.14-P021

Description A vulnerability has been identified that could allow an unauthenticated remote user to escalate privileges in the context of SIMATIC WinCC OA. This issue is related to improper access control to a data point of the affected product. The vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA server. Successful exploitation requires no user privileges and no user interaction, potentially allowing an attacker to compromise the integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication, no public exploitation of this vulnerability was known.

Recommendations For SIMATIC WinCC OA versions prior to V3.14-P021, update to version V3.14-P021 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 5678 to minimize the risk of exploitation.