Release date: 2013-03-21
Updated on: 2013-03-22
Affected Systems:
Siemens WINCC <1, 7.2
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-0675
Siemens SIMATIC WinCC is a SCADA and HMI system for monitoring control and data collection.
A buffer overflow vulnerability exists in the CCEServer of Siemens WinCC 7.2 and earlier versions used in SIMATIC PCS7. This vulnerability allows remote attackers to cause denial-of-service through specially crafted packets and may execute arbitrary code.
<* Source: Siemens
Link: http://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2013-0675
Http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-7
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
Siemens has released a Security Bulletin (SSA-714398) and patches for this:
SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1
Link: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf