CVE-2017-14023
moderate-risk
Published 2017-11-06
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.
Do I need to act?
~
2.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10
Medium
NETWORK
/ LOW complexity
Affected Products (3)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/101680
Third Party Advisory
http://www.securitytracker.com/id/1039729
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-306-01
Third Party Advisory
http://www.securityfocus.com/bid/101680
Third Party Advisory
http://www.securitytracker.com/id/1039729
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-306-01
35
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
6/34 · Minimal
Exposure
9/34 · Low