CVE-2017-14023 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-14023 PUBLISHED CVSS 4 MEDIUM

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.

EPSS 2.77% · 85.9th percentile

Risk Scores

CVSS v2.0

4

EPSS Score

2.77%

85.9th percentile

Affected Products

Vendor	Product	Versions
siemens	simatic_wincc	7.3
n/a	Siemens SIMATIC PCS 7	Siemens SIMATIC PCS 7
siemens	simatic_pcs7	8.1, 8.2

Timeline

Aug 31, 2017 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Mar 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-306-01 url
1039729 vdb
101680 vdb
https://nvd.nist.gov/vuln/detail/CVE-2017-14023 advisory

Open in Interactive Console →