Overview
- Description
- A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.
- Source
- productcert@siemens.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78F045C4-8DC2-4FA8-833D-B430EA26F2A0",
"versionEndIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71370ADD-85DC-407A-99F3-8F5386EBFBCE",
"versionEndIncluding": "7.1"
}
],
"operator": "OR"
}
]
}
]