First published: Mon Nov 06 2017(Updated: )
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SIMATIC PCS7 | =8.1 | |
Siemens Simatic WinCC | =7.3-update13 | |
Siemens SIMATIC PCS7 | =8.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-14023 is medium with a severity value of 4.9.
The affected software for CVE-2017-14023 includes Siemens SIMATIC PCS 7 V8.1, Siemens Simatic WinCC V7.3 with Update 13, and Siemens SIMATIC PCS 7 V8.2.
An authenticated remote attacker who is a member of the administrators group can exploit CVE-2017-14023.
Yes, the following references are available: http://www.securityfocus.com/bid/101680, http://www.securitytracker.com/id/1039729, and https://ics-cert.us-cert.gov/advisories/ICSA-17-306-01.
The Common Weakness Enumeration (CWE) of CVE-2017-14023 is CWE-20.