First published: Thu Mar 21 2013(Updated: )
The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SIMATIC PCS 7 | <=8.0 | |
Siemens SIMATIC PCS 7 | =7.1-sp3 | |
Siemens WinCC | <=7.1 | |
Siemens WinCC | =5.0 | |
Siemens WinCC | =5.0-sp1 | |
Siemens WinCC | =6.0 | |
Siemens WinCC | =6.0-sp2 | |
Siemens WinCC | =6.0-sp3 | |
Siemens WinCC | =6.0-sp4 | |
Siemens WinCC | =7.0 | |
Siemens WinCC | =7.0-sp1 | |
Siemens WinCC | =7.0-sp2 | |
Siemens WinCC | =7.0-sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2013-0677 is considered high as it allows remote attackers to obtain sensitive information or cause a denial of service.
To fix CVE-2013-0677, ensure that you are using an updated version of Siemens WinCC or SIMATIC PCS7, specifically version 7.2 or later.
CVE-2013-0677 affects Siemens WinCC versions up to and including 7.1 and SIMATIC PCS7 versions up to 8.0 SP1.
Yes, CVE-2013-0677 can be exploited remotely by attackers through specially crafted project files.
CVE-2013-0677 may allow attackers to gain access to sensitive information stored within the affected Siemens software.