Description
A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98368
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf
Vendor Advisory x_refsource_confirm
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf
Scores
CVSS v3
4.9
EPSS
0.0061
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
CWE-787
Status
published
Products (7)
n/a/Siemens SIMATIC WinCC
Siemens SIMATIC WinCC
siemens/simatic_wincc
7.3
siemens/simatic_wincc
7.4
siemens/simatic_wincc_\(tia_portal\)
13 sp1
siemens/simatic_wincc_\(tia_portal\)
14
siemens/simatic_wincc_runtime
13 sp1
siemens/simatic_wincc_runtime
14
Published
May 11, 2017
Tracked Since
Feb 18, 2026