![]() ![]() Memory Corruption: client side exploit that allows arbitrary code execution.The following vulnerabilities have been identified. Vulnerability Characterization Vulnerability Overview WinCC is used in many industries including: food and beverage, water and wastewater, oil and gas, and chemical. WinCC can be configured as a stand-alone SCADA system or as the human-machine interface component of a larger SIMATIC system. The Siemens SIMATIC WinCC is a software package used to develop network-based plant visualization systems. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. Successful exploitation of this vulnerability results in a memory corruption, which could be used to execute arbitrary code. WinCC flexible 2005 (has been phased-out).WinCC flexible 2004 (has been phased-out). ![]() Siemens reports that this vulnerability affects the following versions of WinCC: The researchers have validated that this update successfully mitigates these vulnerabilities. ICS-CERT has coordinated with the researchers and Siemens to assist with releasing an update that successfully mitigates these vulnerabilities. Specially crafted files can cause memory corruption or pointer issues, which can cause the system to crash. ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning exploitable crashes in the Siemens SIMATIC WinCC SCADA product. This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT Advisory ICSA-11-175-02P was originally released to the US-CERT Portal on June 24, 2011. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |