Siemens SIMATIC WinCC Information Leakage Vulnerability (CVE-2016-5744)
Siemens SIMATIC WinCC Information Leakage Vulnerability (CVE-2016-5744)
Release date:
Updated on:
Affected Systems:
Siemens SIMATIC WinCC <7.0 SP3
Siemens SIMATIC windows CC 7.2
Description:
CVE (CAN) ID: CVE-2016-5744
Siemens SIMATIC WinCC is a SCADA and HMI system for monitoring control and data collection.
Siemens SIMATIC WinCC <7.0 SP3 and 7.2 have a security vulnerability. Remote attackers can exploit this vulnerability to read WinCC workstation files by constructing data packets.
<* Source: Sergey Temnikov
Link: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf
*>
Suggestion:
Vendor patch:
Siemens
-------
Siemens has released a Security Bulletin (SSA-378531) and patches for this:
SSA-378531: Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC Runtime Professional
Link: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf
This article permanently updates the link address: