CVE-2016-5743

Published Jul 22, 2016

Last updated 8 years ago

CVSS critical 9.8

Overview

Description: Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_batch:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "640FFC01-A0B7-466F-AE23-4BAEAADA4D7C",
            "versionEndIncluding": "7.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "441E574D-1A66-4D8B-A0C5-4CC03E1D89D1",
            "versionEndIncluding": "7.3"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA2E9785-246F-496B-9139-02E2F4003352",
            "versionEndIncluding": "7.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:sp1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9B434F8E-7E14-4D76-AC55-A15EF8EC10FB",
            "versionEndIncluding": "8.1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_openpcs_7:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E38B1737-F40A-4278-8687-6928AE03B0C0",
            "versionEndIncluding": "8.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:sp1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9B434F8E-7E14-4D76-AC55-A15EF8EC10FB",
            "versionEndIncluding": "8.1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_openpcs_7:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A18AA81-7FC3-4977-AFC9-77920845C8B8",
            "versionEndIncluding": "8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8B62697B-2F75-44EA-A1F8-14BF9D1F99CC",
            "versionEndIncluding": "8.2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:sp1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F133189-C3AB-4FFD-9B5C-F181CFE50671",
            "versionEndIncluding": "13"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References