Lucene search

CertccCVE-2012-2598

HistoryJun 08, 2012 - 6:55 p.m.

CVE-2012-2598

2012-06-0818:55:02

CWE-119

certcc

web.nvd.nist.gov

cve-2012-2598

buffer overflow

siemens

wincc 7.0 sp3

web server

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.

Affected configurations

Nvd

Node

siemenswinccMatch7.0sp3

siemenswinccMatch7.0sp3update_1

siemenswinccMatch7.0sp3update_2

VendorProductVersionCPE
siemenswincc7.0cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*
siemenswincc7.0cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*
siemenswincc7.0cpe:2.3:a:siemens:wincc:7.0:sp3:update_2:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	wincc	7.0	cpe:2.3:a:siemens:wincc:7.0:sp3::::::
siemens	wincc	7.0	cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:::::*
siemens	wincc	7.0	cpe:2.3:a:siemens:wincc:7.0:sp3:update_2:::::*

References

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf

www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Related for CVE-2012-2598