Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10393
LPE & OSI vulnerabilities in Siemens Simatic WinCC
Updated: 01/24/2020
Detect date
?
 07/23/2014
Severity
?
 High
Description

Multiple serious vulnerabilities have been found in Siemens Simatic WinCC. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information. Below is a complete list of vulnerabilities

  1. An unsafe encryption key can be exploited remotely via key extraction;
  2. Weak system-object access control can be exploited locally;
  3. Vectors related to the WebNavigator server and other unspecified vectors can be exploited via specially designed requests.
Affected products

Siemens Simatic WinCC versions earlier than 7.3
Solution

Update to latest version
Original advisories

Siemens bulletin
Impacts
?
OSI 
[?]

PE 
[?]
Related products
 WinCC flexible
CVE-IDS
?
CVE-2014-46854.6Warning
CVE-2014-46825.0Critical
CVE-2014-46834.9Warning
CVE-2014-46846.0High
CVE-2014-46866.8High
© 2020 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up