KLA10393
LPE & OSI vulnerabilities in Siemens Simatic WinCC
Обновлено: 17/06/2019
Дата обнаружения
23/07/2014
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in Siemens Simatic WinCC. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information. Below is a complete list of vulnerabilities

  1. An unsafe encryption key can be exploited remotely via key extraction;
  2. Weak system-object access control can be exploited locally;
  3. Vectors related to the WebNavigator server and other unspecified vectors can be exploited via specially designed requests.
Пораженные продукты

Siemens Simatic WinCC versions earlier than 7.3

Решение

Update to latest version

Первичный источник обнаружения
Siemens bulletin
Оказываемое влияние
?
OSI 
[?]

PE 
[?]
Связанные продукты
WinCC flexible
CVE-IDS
CVE-2014-46854.6Warning
CVE-2014-46825.0Critical
CVE-2014-46834.9Warning
CVE-2014-46846.0High
CVE-2014-46866.8High