Release date: 2013-03-21
Updated on: 2013-03-24
Affected Systems:
Siemens WINCC <1, 7.2
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-0674
Siemens SIMATIC WinCC is a SCADA and HMI system for monitoring control and data collection.
A buffer overflow vulnerability exists in the RegReader ActiveX Control of Siemens WinCC 7.2 and earlier versions used in SIMATIC PCS7. This vulnerability allows remote attackers to execute arbitrary code using long parameters.
<* Source: Siemens
Link: http://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2013-0674
Http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-7
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
Siemens has released a Security Bulletin (SSA-714398) and patches for this:
SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1
Link:
Http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf