Vulnerabilities > CVE-2016-9160 - 7PK - Security Features vulnerability in Siemens Simatic PCS 7 and Simatic Wincc

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

siemens

CWE-254

NVD

Published: 2016-12-17

Updated: 2017-07-27

Summary

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic PCS 7 - Siemens Simatic PCS 7 6.0 Siemens Simatic PCS 7 6.1 Siemens Simatic PCS 7 7.0 Siemens Simatic PCS 7 7.1 Siemens Simatic PCS 7 8.0 Siemens Simatic Wincc - Siemens Simatic Wincc 6.2 Siemens Simatic Wincc 7.0 Siemens Simatic Wincc 7.1	12

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References