CVE-2016-5743

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICAL
EPSS
17.8%
top 4.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Siemens Simatic BatchSiemens Simatic Openpcs 7Siemens Simatic Wincc
Timeline
PublishedJul 22
Latest updateMay 17

Description

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-m243-hgqw-35jc: Siemens SIMATIC WinCC before 72022-05-17
CVEList
CVE-2016-5743: Siemens SIMATIC WinCC before 72016-07-22
CVE-2016-5743 (CRITICAL CVSS 9.8) | Siemens SIMATIC WinCC before 7.3 Up | cvebase.io