Vulnetix
Try Vulnetix Request Demo
SSA-773256 PUBLISHED CVSS 7.300000190734863 HIGH

A Socket.IO vulnerability affects multiple Siemens industrial products. This vulnerability consists of a specially crafted Socket.IO packet that triggers an uncaught exception on the Socket.IO server killing the Node.js process allowing a remote attacker to cause Denial-of-Service condition in the affected products. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS v3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

VendorProductVersions
SIMATIC PCS neo V4.1
SIMATIC WinCC Runtime Professional V19
SIMATIC WinCC V8.0
SIMATIC PCS neo V5.0
SIMATIC WinCC Runtime Professional V17
Data Flow Monitoring Industrial Edge Device User Interface (DFM IED UI)
LiveTwin Industrial Edge app (6AV2170-0BL00-0AA0)
SIMATIC WinCC V7.5
SIMATIC WinCC Runtime Professional V18
SIMATIC WinCC V7.4
TIA Administrator
AI Model Deployer

Timeline

References

Open in Interactive Console →