![]() Siemens reported this vulnerability to CISA. The CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L ).ĬRITICAL INFRASTRUCTURE SECTORS: Multiple A CVSS v3 base score of 3.9 has been calculated. These services were designed on top of the Windows ActiveX and DCOM mechanisms, and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.ĬVE-2023-28829 has been assigned to this vulnerability. SIMATIC WinCC: All versions prior to V8.0īefore SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. SIMATIC NET PC Software V15: All versions SIMATIC NET PC Software V14: All versions The following products from Siemens are affected: Successful exploitation of this vulnerability could allow an attacker to obtain unauthorized access to product control and data. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).ĪTTENTION: Exploitable from an adjacent network
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |