CVE-2016-5743

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
siemenssimatic_batch
𝑥
≤ 7.1
siemenssimatic_wincc
𝑥
≤ 7.3
siemenssimatic_wincc
𝑥
≤ 7.4
siemenssimatic_openpcs_7
𝑥
≤ 8.1
siemenssimatic_openpcs_7
𝑥
≤ 8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92112
http://www.securitytracker.com/id/1036441
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01
http://www.securityfocus.com/bid/92112
http://www.securitytracker.com/id/1036441
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01