‫ Siemens SIMATIC WinCC / PCS 7 Multiple Vulnerabilities

IRCAD2013032597
ID: IRCAD2013032597
Release Date: 2013-03-18
Criticality level: Highly critical
 
Software:
RegReader ActiveX Control
Siemens SIMATIC PCS 7 7.x
Siemens SIMATIC WinCC 7.x
 
Description:
A security issue and multiple vulnerabilities have been reported in Siemens SIMATIC WinCC and PCS 7, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose certain sensitive data, cause a DoS (Denial of Service), and potentially compromise a user's system.
1) The application does not properly restrict users access to the embedded MS SQL database, which can be exploited to e.g. gain knowledge of otherwise restricted password fields.
2) Input passed via unspecified URL parameters is not properly sanitised before being used to read files. This can be exploited to disclose contents of arbitrary files via directory traversal sequences.
3) An unspecified error in the RegReader ActiveX control can be exploited to cause a buffer overflow.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
4) An error when parsing project files can be exploited to e.g. disclose certain sensitive data or cause a DoS (Denial of Service) by tricking a user into opening a specially crafted project file.
5) An error when handling certain network packets in the WinCC central communications component (CCEServer) can be exploited to cause a buffer overflow and trigger a DoS condition.
The security issue and the vulnerabilities are reported in the following products:
* Siemens SIMATIC WinCC versions prior to 7.2.
* Siemens SIMATIC PCS 7 versions prior to 8.0 SP1.
 
Solution
Apply updates.
 
References:
 
Secunia:
 
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 30 اسفند 1391

امتیاز

امتیاز شما
تعداد امتیازها:0