#VU10112 Stack-based buffer overflow in Siemens products - CVE-2017-11497
Published: January 19, 2018
Vulnerability identifier: #VU10112
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-11497
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SIMATIC WinCC Add-On SIPAPER IT MIS
SIMATIC WinCC Add-On SICEMENT IT MIS
SIMATIC WinCC Add-On PM-QUALITY
SIMATIC WinCC Add-On PM-OPEN TCP/IP
SIMATIC WinCC Add-On PM-OPEN PV02
SIMATIC WinCC Add-On PM-OPEN PI
SIMATIC WinCC Add-On PM-OPEN IMPORT
SIMATIC WinCC Add-On PM-OPEN HOST-S
SIMATIC WinCC Add-On PM-OPEN EXPORT
SIMATIC WinCC Add-On PM-MAINT
SIMATIC WinCC Add-On PM-CONTROL
SIMATIC WinCC Add-On PM-ANALYZE
SIMATIC WinCC Add-On PM-AGENT
SIMATIC WinCC Add-On PI CONNECT AUDIT TRAIL
SIMATIC WinCC Add-On PI CONNECT ALARM
SIMATIC WinCC Add-On Historian CONNECT ALARM
SIMATIC WinCC Add-On SIPAPER IT MIS
SIMATIC WinCC Add-On SICEMENT IT MIS
SIMATIC WinCC Add-On PM-QUALITY
SIMATIC WinCC Add-On PM-OPEN TCP/IP
SIMATIC WinCC Add-On PM-OPEN PV02
SIMATIC WinCC Add-On PM-OPEN PI
SIMATIC WinCC Add-On PM-OPEN IMPORT
SIMATIC WinCC Add-On PM-OPEN HOST-S
SIMATIC WinCC Add-On PM-OPEN EXPORT
SIMATIC WinCC Add-On PM-MAINT
SIMATIC WinCC Add-On PM-CONTROL
SIMATIC WinCC Add-On PM-ANALYZE
SIMATIC WinCC Add-On PM-AGENT
SIMATIC WinCC Add-On PI CONNECT AUDIT TRAIL
SIMATIC WinCC Add-On PI CONNECT ALARM
SIMATIC WinCC Add-On Historian CONNECT ALARM
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow. A remote attacker can send language packs containing malformed filenames, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to stack-based buffer overflow. A remote attacker can send language packs containing malformed filenames, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.