Skip to main content

Siemens SIMATIC STEP 7 / PCS 7 Insecure Library Loading Vulnerability

Last Update Date: 25 Jul 2012 15:01 Release Date: 25 Jul 2012 5357 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in Siemens SIMATIC STEP 7 and PCS 7, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into opening a project file located on a remote WebDAV or SMB share.


Impact

  • Remote Code Execution

System / Technologies affected

  • Siemens SIMATIC PCS 7 7.x
  • Siemens SIMATIC STEP 7 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 5.5 SP1 or apply Service Pack.

Vulnerability Identifier


Source


Related Link