CVE-2017-14023

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.

Published: Nov 6, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-14023
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
siemens / simatic_wincc	7.3-update13	7.3-update13.x
siemens / simatic_pcs7	8.1	8.1.x
siemens / simatic_pcs7	8.2	8.2.x

http://www.securityfocus.com/bid/101680
http://www.securitytracker.com/id/1039729
https://ics-cert.us-cert.gov/advisories/ICSA-17-306-01

Vulnerability Database

289,697

CVE-2017-14023