CVE-2017-12069 Information
Share on:Description
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier) SIMATIC WinCC (All versions V7.4 SP1) SIMATIC WinCC Runtime Professional (All versions V14 SP1) SIMATIC NET PC Software and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp an attacker might cause the system to access various resources chosen by the attacker.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Reference
http://www.securityfocus.com/bid/100559 http://www.securitytracker.com/id/1039510 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
HIGH
Base Severity
8.2