Stack-based buffer overflow in Siemens products - CVE-2017-11496
Published: January 19, 2018
Vulnerability identifier: #VU10111
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-11496
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SIMATIC WinCC Add-On SIPAPER IT MIS
SIMATIC WinCC Add-On SICEMENT IT MIS
SIMATIC WinCC Add-On PM-QUALITY
SIMATIC WinCC Add-On PM-OPEN TCP/IP
SIMATIC WinCC Add-On PM-OPEN PV02
SIMATIC WinCC Add-On PM-OPEN PI
SIMATIC WinCC Add-On PM-OPEN IMPORT
SIMATIC WinCC Add-On PM-OPEN HOST-S
SIMATIC WinCC Add-On PM-OPEN EXPORT
SIMATIC WinCC Add-On PM-MAINT
SIMATIC WinCC Add-On PM-CONTROL
SIMATIC WinCC Add-On PM-ANALYZE
SIMATIC WinCC Add-On PM-AGENT
SIMATIC WinCC Add-On PI CONNECT AUDIT TRAIL
SIMATIC WinCC Add-On PI CONNECT ALARM
SIMATIC WinCC Add-On Historian CONNECT ALARM
SIMATIC WinCC Add-On SIPAPER IT MIS
SIMATIC WinCC Add-On SICEMENT IT MIS
SIMATIC WinCC Add-On PM-QUALITY
SIMATIC WinCC Add-On PM-OPEN TCP/IP
SIMATIC WinCC Add-On PM-OPEN PV02
SIMATIC WinCC Add-On PM-OPEN PI
SIMATIC WinCC Add-On PM-OPEN IMPORT
SIMATIC WinCC Add-On PM-OPEN HOST-S
SIMATIC WinCC Add-On PM-OPEN EXPORT
SIMATIC WinCC Add-On PM-MAINT
SIMATIC WinCC Add-On PM-CONTROL
SIMATIC WinCC Add-On PM-ANALYZE
SIMATIC WinCC Add-On PM-AGENT
SIMATIC WinCC Add-On PI CONNECT AUDIT TRAIL
SIMATIC WinCC Add-On PI CONNECT ALARM
SIMATIC WinCC Add-On Historian CONNECT ALARM
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow. A remote attacker can send malformed ASN1 streams in V2C and similar input files, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to stack-based buffer overflow. A remote attacker can send malformed ASN1 streams in V2C and similar input files, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-11496
Install update from vendor's website.