CVE-2016-9160

CWE-111 CWE-2543 documents3 sources

Severity

8.1HIGH

EPSS

0.5%

top 34.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic PCS 7 Siemens Simatic Wincc

Timeline

PublishedDec 17

Latest updateMay 17

Description

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶CVEListV5siemens_simatic_wincc_(all_versions_<_simatic_wincc_v7.2)_and_siemens_simatic_pcs_7_(all_versions_<_simatic_pcs_7_v8.0_sp1)SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1)

▶NVDsiemens/simatic_wincc7.1

▶NVDsiemens/simatic_pcs_78.0

🔴Vulnerability Details

GHSA

GHSA-chxw-x27v-grr7: A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7↗2022-05-17

▶

CVEList

CVE-2016-9160: A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7↗2016-12-17

▶