CVE-2017-6865

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 75.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens AG Primary Setup Tool (pst)Siemens AG Security Configuration Tool (sct)Siemens AG Simatic Automation Tool +22 more

Timeline

PublishedMay 11

Latest updateMay 14

Description

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 …

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages25 packages

▶NVDsiemens/simatic_wincc_\(tia_portal\)13.0, 14.0+1

▶CVEListV5siemens_ag/simatic_wincc_flexible_2008All versions < flexible 2008 SP5

▶CVEListV5siemens_ag/simatic_wincc_(tia_portal)_v13All versions < V13 SP2

▶CVEListV5siemens_ag/simatic_wincc_(tia_portal)_v14All versions < V14 SP1

▶NVDsiemens/simatic_step_7_\(tia_portal\)13.0, 14.0, 5.0+2

🔴Vulnerability Details

GHSA

GHSA-8jhv-ch7h-fqpj: A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4↗2022-05-14

▶

CVEList

CVE-2017-6865: A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4↗2017-05-11

▶