CVE-2017-6867

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.

Published : 2017-05-11 10:29 Updated : 2018-06-14 01:29

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Siemens Simatic Wincc Runtime 14 cpe:/a:siemens:simatic_wincc_runtime:14::~~professional~~~
Siemens Simatic Wincc 7.3 cpe:/a:siemens:simatic_wincc:7.3
Siemens Simatic Wincc 7.4 cpe:/a:siemens:simatic_wincc:7.4
Siemens Simatic Wincc %28tia Portal%29 13 cpe:/a:siemens:simatic_wincc_%28tia_portal%29:13:sp1:~~professional~~~
Siemens Simatic Wincc Runtime 13 cpe:/a:siemens:simatic_wincc_runtime:13:sp1:~~professional~~~
Siemens Simatic Wincc %28tia Portal%29 14 cpe:/a:siemens:simatic_wincc_%28tia_portal%29:14::~~professional~~~
  1. Siemens (3) Search CVE
    1. Simatic Wincc %28tia Portal%29 (2) Search CVE
      1. 13
      2. 14
    2. Simatic Wincc Runtime (2) Search CVE
      1. 14
      2. 13
    3. Simatic Wincc (2) Search CVE
      1. 7.3
      2. 7.4

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2018-06-14 01:29
2017-05-11 10:29

New CVE