Vulnerability Description
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Pcs7 | 8.1 |
| Siemens | Simatic Wincc | 7.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101680Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039729Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-306-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/101680Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039729Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-306-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-14023?
CVE-2017-14023 is a vulnerability with a CVSS score of 4.9 (MEDIUM). An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been id...
How severe is CVE-2017-14023?
CVE-2017-14023 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14023?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Pcs7, Siemens Simatic Wincc.