Buffer Overflow in Siemens WinCC ActiveX Control
CVE-2013-0674

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Pcs7; Wincc
Vendor: CVE Published:; 21 March 2013

Summary

A buffer overflow exists in the RegReader ActiveX control within Siemens WinCC prior to version 7.2, which is utilized in SIMATIC PCS7 prior to version 8.0 SP1. This vulnerability allows remote attackers to exploit the flaw through specially crafted long parameters, potentially executing arbitrary code on the target system. The vulnerability affects various Siemens products and may compromise system integrity.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 21, 2013