Description
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf
Scores
EPSS
0.0005
EPSS Percentile
16.9%
Details
CWE
CWE-264
Status
published
Products (8)
siemens/simatic_pcs7
7.1 sp3
siemens/simatic_pcs7
8.0
siemens/simatic_pcs7
< 8.0
siemens/wincc
5.0 (2 CPE variants)
siemens/wincc
6.0 (4 CPE variants)
siemens/wincc
7.0 (4 CPE variants)
siemens/wincc
7.1 (2 CPE variants)
siemens/wincc
< 7.2
Published
Jul 24, 2014
Tracked Since
Feb 18, 2026