VDB
ICSA-18-254-04
ICSA-18-254-04
PUBLISHED
CVSS 9.100000381469727 CRITICAL
Successful exploitation of this vulnerability could allow an unauthenticated remote user to escalate their privileges in the context of the program.
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIMATIC WinCC OA V3.14 and prior: All versions < V3.14-P021 |
Timeline
- Sep 11, 2018 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-254-04.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-18-254-04 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://cert-portal.siemens.com/productcert/txt/SSA-346256.txt url
- https://portal.etm.at/index.php?option=com_content&view=category&id=67&layout=blog&Itemid=80 fix