10

CVE-2016-5743

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.

Data is provided by the National Vulnerability Database (NVD)
SiemensSimatic Batch Version <= 7.1
   SiemensSimatic Pcs 7 Updatesp1 Version <= 8.1
SiemensSimatic Wincc Version <= 7.3
   SiemensSimatic Pcs 7 Updatesp1 Version <= 8.1
SiemensSimatic Wincc Version <= 7.4
   SiemensSimatic Pcs 7 Updatesp1 Version <= 8.1
SiemensSimatic Openpcs 7 Version <= 8.1
   SiemensSimatic Pcs 7 Updatesp1 Version <= 8.1
SiemensSimatic Openpcs 7 Version <= 8.2
   SiemensSimatic Pcs 7 Version <= 8.2
   SiemensSimatic Wincc Runtime Professional Updatesp1 Version <= 13
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 17.78% 0.949
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/92112
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036441
Third Party Advisory
VDB Entry