First published: Sat Dec 17 2016(Updated: )
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simatic PCS 7 Telecontrol Firmware | <=8.0 | |
Siemens WinCC | <=7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-9160 is rated as high severity due to the potential for remote code execution and application memory leaks.
To fix CVE-2016-9160, upgrade to SIEMENS SIMATIC WinCC V7.2 or SIEMENS SIMATIC PCS 7 V8.0 SP1 or later.
CVE-2016-9160 affects all versions of SIEMENS SIMATIC WinCC prior to V7.2 and all versions of SIEMENS SIMATIC PCS 7 prior to V8.0 SP1.
Yes, CVE-2016-9160 can be exploited remotely if a user is tricked into clicking on a malicious link.
The impact of CVE-2016-9160 can include application crashes and potentially leaking sensitive parts of application memory.