Buffer overflow in Siemens Simatic_wincc
CVE-2017-6867
A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 befor…
Vulnerability class: Buffer Overflow
EPSS: 0.006 (70.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Siemens Simatic_wincc — versions 7.3, 7.4
- Siemens Simatic_wincc_runtime — versions 13, 14
- Siemens Simatic_wincc_\(tia_portal\) — versions 13, 14
- N/a Siemens Simatic Wincc — versions Siemens SIMATIC WinCC
Weakness classification (CWE)
References
- productcert@siemens.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- productcert@siemens.com (x_refsource_CONFIRM)
- productcert@siemens.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2017-6867?
- CVE-2017-6867 is a medium-severity vulnerability in Siemens Simatic_wincc, classified under Out-of-bounds Write. CVSS score: 4.9/10. Published 2017-05-11.
- How severe is CVE-2017-6867?
- Medium severity. CVSS v3 base score is 4.9 out of 10.