VDB

ICSA-20-042-06

ICSA-20-042-06 PUBLISHED CVSS 7.5 HIGH

A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available. Note: The vulnerability is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
SIMATIC WinCC V7.3
SIMATIC WinCC (TIA Portal) V16
OpenPCS 7 V9.0
SIMATIC NET PC Software V16
OpenPCS 7 V8.1
SIMATIC Route Control V8.2
SIMATIC WinCC (TIA Portal) V15.1
OpenPCS 7 V8.2
SIMATIC BATCH V8.1
SIMATIC Route Control V9.0
SIMATIC PCS 7 V8.1
SIMATIC WinCC (TIA Portal) V13
SIMATIC NET PC Software V14
SIMATIC BATCH V8.2
SIMATIC PCS 7 V8.2
SIMATIC NET PC Software V15
SIMATIC BATCH V9.0
SIMATIC Route Control V8.1
SIMATIC PCS 7 V9.0
SIMATIC WinCC (TIA Portal) V14

Timeline

  • Feb 11, 2020 CVE Published
  • Apr 11, 2023 CVE Updated

References

…and 3 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›