Wednesday, July 23, 2014

Siemens SIMATIC WinCC 7.3: Vulnerabilities/Fixes

New version of WinCC/new features/new advisories/new vulnerabilities. Kudos Gleb Gritsai, Dmitry Nagibin and Alexander Tlyapov .

CVE-2014-4682/HTTP/sensitive data (session) leakage
CVE-2014-4683/HTTP/remote privileges escalation (useful with CVE-2014-4682 and CVE-2013-3958)
CVE-2014-4685/Local/lot of funny stuff with Windows IPC objects
CVE-2014-4686/RPC/hardcoded key in authentication sequence/our new favorite slide

Details in SSA-214365.

1 comment: