Siemens SIMATIC STEP 7 / PCS 7 Insecure Library Loading Vulnerability
Last Update Date:
25 Jul 2012 15:01
Release Date:
25 Jul 2012
5357
Views
RISK: High Risk
TYPE: Servers - Other Servers
A vulnerability has been identified in Siemens SIMATIC STEP 7 and PCS 7, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into opening a project file located on a remote WebDAV or SMB share.
Impact
- Remote Code Execution
System / Technologies affected
- Siemens SIMATIC PCS 7 7.x
- Siemens SIMATIC STEP 7 5.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 5.5 SP1 or apply Service Pack.
Vulnerability Identifier
Source
Related Link
Share with