Siemens Simatic Wincc 7 Obtain Information Vulnerability
15 Sep. 2016
Summary
Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.
Credit:
The original article can be found at: http://www.securitytracker.com/id/1036441
The information has been provided by Sergey Temnikov and Vladimir Dashchenko.
Two vulnerabilities were reported in Siemens SIMATIC WinCC. A remote user can execute arbitrary code on the target system. A remote user can obtain files on the target system.
A remote user can send specially crafted data to obtain arbitrary files on the target system