Detections
Analytics
Siemens TIA Portal 13 Arbitrary Code Execution
critical Nessus Network Monitor Plugin ID 720203
Synopsis
Siemens TIA Portal allows remote attackers to execute arbitrary code via crafted packets.Description
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-134508.pdf
Plugin Details
Severity: Critical
ID: 720203
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Patch Publication Date: 11/21/2014
Vulnerability Publication Date: 11/21/2014
Reference Information
CVE: CVE-2014-8551