New vulnerabilities/fixes in Siemens WinCC 7.0 SP3 Update 1
CVE-2013-0678/
MISSING ENCRYPTION OF SENSITIVE DATA
CVE-2013-0676
IMPROPER AUTHORIZATION
CVE-2013-0677 XXE OOB in project files
CVE-2013-0677 XXE OOB in project files
CVE-2013-0679
RELATIVE PATH TRAVERSAL
CVE-2013-0674,
CVE-2013-0675 BUFFER OVERFLOW
+ lot of good stuff for WinCC Flexible in
TIA Portal V11.
Thanks to Gleb
Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, Ilya Karpov,
Alexey Osipov, Sergey Gordeychik, Dmitry Nagibin and Siemens CERT/Product team.
SSA-212483
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf
SSA-714398
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf
ICSA-13-079-02
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Enjoy!
PS. Exploits for WinCC? No way! This is Out Of Band.
No comments:
Post a Comment