Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
References
Link | Resource |
---|---|
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/92112 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036441 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01 |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2016-07-22 08:59
Updated : 2016-11-28 12:29
NVD link : CVE-2016-5743
Mitre link : CVE-2016-5743
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
siemens
- simatic_openpcs_7
- simatic_pcs_7
- simatic_wincc_runtime_professional
- simatic_batch
- simatic_wincc