Buffer overflow in Siemens Simatic_pcs7

CVE-2013-0675

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.

Vulnerability class: Buffer Overflow

EPSS: 0.001 (20.2th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_pcs7 — versions 7.1
Siemens Wincc — versions 5.0, 6.0, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Vendor Advisory)
ics-cert@hq.dhs.gov (US Government Resource, x_refsource_MISC)