Id:
CVE-2017-14023
Comment
:
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.
CVSSv2 Score:
4
Access vector:
|
NETWORK
|
Access complexity:
|
LOW
|
Authentication:
|
SINGLE
|
Confidentiality impact:
|
NONE
|
Integrity impact:
|
NONE
|
Availability impact:
|
PARTIAL
|
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3 Score:
4.9
Attack vector:
|
NETWORK
|
Attack complexity:
|
LOW
|
Privileges required:
|
HIGH
|
User interaction:
|
NONE
|
Scope:
|
UNCHANGED
|
Confidentiality impact:
|
NONE
|
Integrity impact:
|
NONE
|
Availability impact:
|
HIGH
|
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References: