CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
38.5%
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | simatic_pcs_firmware | * | cpe:2.3:o:siemens:simatic_pcs_firmware:*:*:*:*:*:*:*:* |
siemens | simatic_pcs_firmware | 9.0 | cpe:2.3:o:siemens:simatic_pcs_firmware:9.0:-:*:*:*:*:*:* |
siemens | simatic_pcs_firmware | 9.0 | cpe:2.3:o:siemens:simatic_pcs_firmware:9.0:sp1:*:*:*:*:*:* |
siemens | simatic_pcs_firmware | 9.0 | cpe:2.3:o:siemens:simatic_pcs_firmware:9.0:sp2:*:*:*:*:*:* |
siemens | simatic_pcs | - | cpe:2.3:h:siemens:simatic_pcs:-:*:*:*:*:*:*:* |
siemens | simatic_pdm_firmware | * | cpe:2.3:o:siemens:simatic_pdm_firmware:*:*:*:*:*:*:*:* |
siemens | simatic_pdm | - | cpe:2.3:h:siemens:simatic_pdm:-:*:*:*:*:*:*:* |
siemens | simatic_step_7_firmware | * | cpe:2.3:o:siemens:simatic_step_7_firmware:*:*:*:*:*:*:*:* |
siemens | simatic_step_7 | - | cpe:2.3:h:siemens:simatic_step_7:-:*:*:*:*:*:*:* |
siemens | sinamics_starter_firmware | * | cpe:2.3:o:siemens:sinamics_starter_firmware:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
38.5%