Kaspersky LabKLA10393KLA10393 LPE & OSI vulnerabilities in Siemens Simatic WinCC
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%
Multiple serious vulnerabilities have been found in Siemens Simatic WinCC. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information. Below is a complete list of vulnerabilities
- An unsafe encryption key can be exploited remotely via key extraction;
- Weak system-object access control can be exploited locally;
- Vectors related to the WebNavigator server and other unspecified vectors can be exploited via specially designed requests.
Original advisories
Related products
CVE list
CVE-2014-4685 warning
CVE-2014-4682 critical
CVE-2014-4683 warning
CVE-2014-4684 high
CVE-2014-4686 high
Solution
Update to latest version
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Siemens Simatic WinCC versions earlier than 7.3
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%