CVE-2016-9160

EPSS 0.49%
Published 17.12.2016 03:59:00
Last modified 12.04.2025 10:46:40
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic Pcs 7 Version <= 8.0

Siemens ≫ Simatic Wincc Version <= 7.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.49%	0.627

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

CWE-111 Direct Use of Unsafe JNI

When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.

http://www.securityfocus.com/bid/94825

http://www.securitytracker.com/id/1037435

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf

https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04

https://nvd.nist.gov/vuln/detail/CVE-2016-9160

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9160

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9160

EUVD