Vulnerability Details CVE-2016-9160
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.3%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.8
References
- http://www.securityfocus.com/bid/94825
- http://www.securitytracker.com/id/1037435
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04
- http://www.securityfocus.com/bid/94825
- http://www.securitytracker.com/id/1037435
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04
Products affected by CVE-2016-9160
-
cpe:2.3:a:siemens:simatic_pcs_7:-
-
cpe:2.3:a:siemens:simatic_pcs_7:6.0
-
cpe:2.3:a:siemens:simatic_pcs_7:6.1
-
cpe:2.3:a:siemens:simatic_pcs_7:7.0
-
cpe:2.3:a:siemens:simatic_pcs_7:7.1
-
cpe:2.3:a:siemens:simatic_pcs_7:8.0
-
cpe:2.3:a:siemens:simatic_wincc:-
-
cpe:2.3:a:siemens:simatic_wincc:6.2
-
cpe:2.3:a:siemens:simatic_wincc:7.0
-
cpe:2.3:a:siemens:simatic_wincc:7.1