Vulnerability Details CVE-2013-0674
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 87.2%
CVSS Severity
CVSS v2 Score 6.8
References
- http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf
- http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf
Products affected by CVE-2013-0674
-
cpe:2.3:a:siemens:simatic_pcs7:7.1
-
cpe:2.3:a:siemens:simatic_pcs7:8.0
-
cpe:2.3:a:siemens:wincc:5.0
-
cpe:2.3:a:siemens:wincc:6.0
-
cpe:2.3:a:siemens:wincc:7.0
-
cpe:2.3:a:siemens:wincc:7.1