8.1
CVE-2016-9160
- EPSS 0.49%
- Veröffentlicht 17.12.2016 03:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle productcert@siemens.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Simatic Pcs 7 Version <= 8.0
Siemens ≫ Simatic Wincc Version <= 7.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.627 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:P
|
CWE-111 Direct Use of Unsafe JNI
When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.