Buffer overflow in Siemens Simatic_pcs7

CVE-2013-0674

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.

Vulnerability class: Buffer Overflow

EPSS: 0.027 (86.2th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_pcs7 — versions 7.1
Siemens Wincc — versions 5.0, 6.0, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Vendor Advisory)
ics-cert@hq.dhs.gov (US Government Resource, x_refsource_MISC)