Lucene search

IcscertCVE-2013-0675

HistoryMar 21, 2013 - 3:55 p.m.

CVE-2013-0675

2013-03-2115:55:01

CWE-119

icscert

web.nvd.nist.gov

buffer overflow

cceserver

siemens wincc

denial of service

remote attackers

nvd

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

AI Score

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.

Affected configurations

Nvd

Node

siemenssimatic_pcs7Range≤8.0

siemenssimatic_pcs7Match7.1sp3

siemenswinccRange≤7.1

siemenswinccMatch5.0

siemenswinccMatch5.0sp1

siemenswinccMatch6.0

siemenswinccMatch6.0sp2

siemenswinccMatch6.0sp3

siemenswinccMatch6.0sp4

siemenswinccMatch7.0

siemenswinccMatch7.0sp1

siemenswinccMatch7.0sp2

siemenswinccMatch7.0sp3

VendorProductVersionCPE
siemenssimatic_pcs7*cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*
siemenssimatic_pcs77.1cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*
siemenswincc*cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*
siemenswincc5.0cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*
siemenswincc5.0cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*
siemenswincc7.0cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_pcs7	*	cpe:2.3:a:siemens:simatic_pcs7::::::::
siemens	simatic_pcs7	7.1	cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3::::::
siemens	wincc	*	cpe:2.3:a:siemens:wincc::::::::
siemens	wincc	5.0	cpe:2.3:a:siemens:wincc:5.0:::::::*
siemens	wincc	5.0	cpe:2.3:a:siemens:wincc:5.0:sp1::::::
siemens	wincc	6.0	cpe:2.3:a:siemens:wincc:6.0:::::::*
siemens	wincc	6.0	cpe:2.3:a:siemens:wincc:6.0:sp2::::::
siemens	wincc	6.0	cpe:2.3:a:siemens:wincc:6.0:sp3::::::
siemens	wincc	6.0	cpe:2.3:a:siemens:wincc:6.0:sp4::::::
siemens	wincc	7.0	cpe:2.3:a:siemens:wincc:7.0:::::::*

Rows per page:

1-10 of 131

References

ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf

www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

AI Score

Confidence

High

EPSS

0.002

Percentile

58.1%

JSON

Related for CVE-2013-0675