Siemens SIMATIC STEP 7 / PCS 7 Insecure Library Loading Vulnerability

Last Update Date: 25 Jul 2012 15:01 Release Date: 25 Jul 2012 4636 Views

RISK: High Risk

High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in Siemens SIMATIC STEP 7 and PCS 7, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into opening a project file located on a remote WebDAV or SMB share.

Impact

  • Remote Code Execution

System / Technologies affected

  • Siemens SIMATIC PCS 7 7.x
  • Siemens SIMATIC STEP 7 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 5.5 SP1 or apply Service Pack.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Google Android DNS Resolver Vulnerability

25 Jul 2012 4428 Views

Next

Invensys Wonderware Products Insecure Library Loading Vulnerability

25 Jul 2012 4406 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY