Vulnerability in SIMATIC WinCC OA V3.14 and prior – Sep 2018

SIMATIC WinCC Open Architecture enables handling with bigger amounts of data with even smaller hardware solutions. However WinCC OA v3.14 found critical vulnerability. Do you think below detail is the root causes? A remote attackers execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. So we must Protecting C Programs from Attacks via Invalid Pointer.

Vulnerability record in SIMATIC WinCC OA V3.14 (see below):

https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.