![]() Siemens SIMATIC NET PC Software V14: Currently, no fix is available.Siemens OpenPCS 7 V9.1: Currently, no fix is available. ![]() Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk: Michael Heinzl reported this vulnerability to Siemens. CRITICAL INFRASTRUCTURE SECTORS: Multiple.A CVSS v3 base score of 7.8 has been assigned the CVSS vector string is ( CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). This could allow a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).ĬVE-2022-44725 has been assigned to this vulnerability. OPC Foundation Local Discovery Server (LDS) in affected products uses a hard-coded file path to a configuration file. TeleControl Server Basic V3: All versions.SIMATIC WinCC Unified PC Runtime: All versions prior to V18.0 UPD 1 SR 1.SIMATIC WinCC Runtime Professional: All versions.SIMATIC WinCC: All versions prior to V8.0.SIMATIC Process Historian OPC UA Server: All versions.SIMATIC NET PC Software V18: All versions.SIMATIC NET PC Software V17: All versions.SIMATIC NET PC Software V16: All versions.SIMATIC NET PC Software V15: All versions.SIMATIC NET PC Software V14: All versions.The following software from Siemens is affected: Successful exploitation of this vulnerability could allow an attacker to create a malicious file loaded by OPC Foundation Local Discovery Server (running as a high-privilege user). Vulnerability: Improper Input Validation.Equipment: OPC Foundation Local Discovery Server.For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). ![]() As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |