CVE-2016-9160

HIGH

SIEMENS SIMATIC WinCC <V7.2 - Memory Corruption

Title source: llm

Description

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037435

Various Sources x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94825

Scores

CVSS v3 8.1

EPSS 0.0049

EPSS Percentile 65.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE

CWE-111 CWE-254

Status published

Products (3)

n/a/SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions <

siemens/simatic_pcs_7 < 8.0

siemens/simatic_wincc < 7.1

Published Dec 17, 2016

Tracked Since Feb 18, 2026