CVE-2017-6867

Sažetak

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.

Reference

http://www.securityfocus.com/bid/98368
https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

14-06-2018 - 01:29

Objavljeno

11-05-2017 - 10:29