CVE-2013-0674

EUVD-2013-0685
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
siemenssimatic_pcs7
𝑥
≤ 8.0
siemenssimatic_pcs7
7.1:sp3
siemenswincc
𝑥
≤ 7.1
siemenswincc
5.0
siemenswincc
5.0:sp1
siemenswincc
6.0
siemenswincc
6.0:sp2
siemenswincc
6.0:sp3
siemenswincc
6.0:sp4
siemenswincc
7.0
siemenswincc
7.0:sp1
siemenswincc
7.0:sp2
siemenswincc
7.0:sp3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf