CVE-2017-6867
Summary
| CVE | CVE-2017-6867 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-11 10:29:00 UTC |
| Updated | 2018-06-14 01:29:00 UTC |
| Description | A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Siemens | Simatic Wincc | 7.3 | All | All | All |
| Application | Siemens | Simatic Wincc | 7.4 | All | All | All |
| Application | Siemens | Simatic Wincc | 7.3 | All | All | All |
| Application | Siemens | Simatic Wincc | 7.4 | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 13 | sp1 | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 14 | All | All | All |
| Application | Siemens | Simatic Wincc Runtime | 13 | sp1 | All | All |
| Application | Siemens | Simatic Wincc Runtime | 14 | All | All | All |
| Application | Siemens | Simatic Wincc Runtime | 13 | sp1 | All | All |
| Application | Siemens | Simatic Wincc Runtime | 14 | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 13 | sp1 | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 14 | All | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 13 | sp1 | All | All |
| Application | Siemens | Simatic Wincc Tia Portal | 14 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf | CONFIRM | cert-portal.siemens.com | |
| Siemens | CONFIRM | www.siemens.com | Vendor Advisory |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.