Improper input validation in Siemens Openpcs 7 V7.1 And Earlier

CVE-2018-4832

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC B…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (63.1th percentile) — read the EPSS interpretation.

Affected products

Siemens Openpcs 7 V7.1 And Earlier — versions All versions
Siemens Openpcs 7 V8.0 — versions All versions
Siemens Openpcs 7 V8.1 — versions All versions < V8.1 Upd5
Siemens Openpcs 7 V8.2 — versions All versions
Siemens Openpcs 7 V9.0 — versions All versions < V9.0 Upd1
Siemens Simatic Batch V7.1 And Earlier — versions All versions
Siemens Simatic Batch V8.0 — versions All versions < V8.0 SP1 Upd21
Siemens Simatic Batch V8.1 — versions All versions < V8.1 SP1 Upd16
Siemens Simatic Batch V8.2 — versions All versions < V8.2 Upd10
Siemens Simatic Batch V9.0 — versions All versions < V9.0 SP1

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf (x_refsource_MISC)
cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf (x_refsource_MISC)
packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-… (x_refsource_MISC)