RESEARCHER Sergey Temnikov and Vladimir Dashchenko of the Kaspersky Lab Critical Infrastructure Defense Team reported this vulnerability directly to Siemens. A CVSS v3 base score of 4.9 has been calculated the CVSS vector string is (). An authenticated, remote attacker who is a member of the “administrators” group could crash services by sending specially crafted messages to the DCOM interface.
IMPACT Successful exploitation of this vulnerability under certain circumstances may allow the attacker to cause the affected service to crash, resulting in a denial-of-service condition. SIMATIC WinCC (TIA Portal) Professional: Ĭorob Driver Software.V13: All versions prior to V13 SP2, and.V7.3: All versions prior to V7.3 Update 11, and.Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC WinCC Runtime Professional Vulnerability: Denial of Service AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of SIMATIC WinCC, SIMATIC WinCC (TIA Portal), and SIMATIC WinCC Runtime Professional: The new features of Update 7 include: For.ĬVSS v3 4.9 ATTENTION: Remotely exploitable/low skill level to exploit.
Has announced the release of Update 7 for the TIA Portal Step 7 V13 SP1 and WinCC V13 SP1.