CVE-2017-14023

EPSS 2.77%
Published 06.11.2017 22:29:00
Last modified 20.04.2025 01:37:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simatic Pcs7 Version8.1 Update-

Siemens ≫ Simatic Wincc Version7.3 Updateupdate13

Siemens ≫ Simatic Pcs7 Version8.2 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.77%	0.852

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/101680

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039729

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-306-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2017-14023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14023

EUVD