CVE-2017-6867
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
11/05/2017
Last modified:
20/04/2025
Description
A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.
Impact
Base Score 3.x
4.90
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):13:sp1:*:*:professional:*:*:* | ||
| cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):14:*:*:*:professional:*:*:* | ||
| cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:* | ||
| cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/98368
- https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf
- http://www.securityfocus.com/bid/98368
- https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf