|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-02-22 | |
| Rule Name: | Siemens SIMATIC Wincc Regreader Activex Control Buffer Overflow Vulnerability -3 (CVE-2013-0674) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks include arbitrary code execution and denial of service. | |
| Affected OS: | Windows | |
| Reference: | http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf |
|
| Solutions |
|---|
| Upgrade to version 7.1 to solve the problem. |