Vulnerability Details CVE-2016-5743
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://www.securityfocus.com/bid/92112
- http://www.securitytracker.com/id/1036441
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01
- http://www.securityfocus.com/bid/92112
- http://www.securitytracker.com/id/1036441
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-16-208-01
Products affected by CVE-2016-5743
-
cpe:2.3:a:siemens:simatic_batch:7.1
-
cpe:2.3:a:siemens:simatic_openpcs_7:8.1
-
cpe:2.3:a:siemens:simatic_openpcs_7:8.2
-
cpe:2.3:a:siemens:simatic_pcs_7:-
-
cpe:2.3:a:siemens:simatic_pcs_7:6.0
-
cpe:2.3:a:siemens:simatic_pcs_7:6.1
-
cpe:2.3:a:siemens:simatic_pcs_7:7.0
-
cpe:2.3:a:siemens:simatic_pcs_7:7.1
-
cpe:2.3:a:siemens:simatic_pcs_7:8.0
-
cpe:2.3:a:siemens:simatic_pcs_7:8.1
-
cpe:2.3:a:siemens:simatic_pcs_7:8.2
-
cpe:2.3:a:siemens:simatic_wincc:-
-
cpe:2.3:a:siemens:simatic_wincc:6.2
-
cpe:2.3:a:siemens:simatic_wincc:7.0
-
cpe:2.3:a:siemens:simatic_wincc:7.1
-
cpe:2.3:a:siemens:simatic_wincc:7.2
-
cpe:2.3:a:siemens:simatic_wincc:7.3
-
cpe:2.3:a:siemens:simatic_wincc:7.4
-
cpe:2.3:a:siemens:simatic_wincc_runtime_professional:13