CNNVD-202508-1026 Information
CNNVD ID
CNNVD-202508-1026
Related CVE
- CNNVD Published: 2025-08-12
Description (Chinese)
Siemens SIMATIC WinCC等都是德国西门子(Siemens)公司的产品。Siemens SIMATIC WinCC是一套自动化的数据采集与监控(SCADA)系统。Siemens SIMATIC STEP是用于配置和编程 SIMATIC 控制器的综合工程工具。Siemens SIMATIC S7-PLCSIM V17是一款PLC程序仿真软件。 Siemens多款产品存在代码问题漏洞,该漏洞源于输入清理不当,可能导致执行任意代码。以下产品及版本受到影响:SIMATIC PCS V4.1、V5.0、V6.0、SIMATIC S7-PLCSIM V17、SIMATIC STEP 7 V17、V18、V19、V20、SIMATIC WinCC V17、V18、V19、V20、SIMOCODE ES V17、V18、V19、V20、SIMOTION SCOUT TIA V5.4、V5.5、V5.6、V5.7、SINAMICS Startdrive V17、V18、V19、V20、SIRIUS Safety ES V17、V18、V19、V20、SIRIUS Soft Starter ES V17、V18、V19、V20、TIA Portal Cloud V17、V18、V19、V20和TIA Portal Test Suite V20。
Description (English)
Siemens SIMATIC WinCC and others are products of Siemens Germany. Siemens SIMATIC WinCC is an automated data collection and monitoring (SCADA) system. Siemens SIMATIC STEP is an integrated engineering tool for configuration and programming of SIMATIC controllers. Siemens SIMATIC S7-PLCSIM V17 is a PLC simulation software. There is a code gap in multiple Siemens products, which stems from inadequate input clean-up and may lead to the enforcement of any code. The following products and versions were affected: SIMATIC PCS V41.1, V5.0, V6.0, SIMATIC S7-PLCSIM V17, SIMATIC STEP 7 V17, V18, V19, V20, SIMATIC WinCC V17, V18, V19, V20, SIMOCODE ES V17, V18, V19, V19, SIMOTION SCOUT V5.4, V5.5, V5.6, V5.7, SINAMICS Stardive V17, V18, V19, V20, SIRIUS Safety ES V17, V18, V19, V20, V20, V20, SIRIUS Soft Starter ES V17, V18, V19, V20, TIA Volud V17, V18, V19, V20 and TTIA Port V20.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
西门子
Published
2025-08-12
Last Modified
2026-02-24
References
https://cert-portal.siemens.com/productcert/html/ssa-693808.html https://vigilance.fr/vulnerability/Siemens-SIMATIC-privilege-escalation-via-Windows-Named-Pipe-47927
Patch
https://cert-portal.siemens.com/productcert/html/ssa-693808.html
Share on: