Siemens SIMATIC WinCC And PCS 7 Multiple Security Vulnerabilities
Siemens SIMATIC WinCC And PCS 7 are prone to the following security vulnerabilities:
1. Multiple information-disclosure vulnerabilities
2. A directory-traversal vulnerability
3. Multiple buffer-overflow vulnerabilities
An attacker can exploit these issues to gain access to sensitive information, arbitrary system files, and execute arbitrary code in the context of the application (typically Internet Explorer) that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service conditions.
Versions prior to Siemens SIMATIC WinCC 7.2 and Siemens SIMATIC PCS 7 8.0 SP1 are vulnerable.