CVE-2018-4832

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 37.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic NET PC Siemens Simatic NET PC Software Siemens Simatic Wincc +33 more

Timeline

PublishedApr 24

Latest updateMay 13

Description

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages37 packages

▶CVEListV5siemens/simatic_route_control_v7.1_and_earlierAll versions

▶NVDsiemens/simatic_wincc_runtime_professional< 13+2

▶CVEListV5siemens/simatic_wincc_v7.2_and_earlierAll versions < WinCC 7.2 Upd 15

▶CVEListV5siemens/simatic_wincc_runtime_professional_v13All versions < V13 SP2 Upd2

▶CVEListV5siemens/simatic_wincc_runtime_professional_v14All versions < V14 SP1 Upd5

🔴Vulnerability Details

GHSA

GHSA-gx8w-56ch-h8w4: A vulnerability has been identified in OpenPCS 7 V7↗2022-05-13

▶

CVEList

CVE-2018-4832: A vulnerability has been identified in OpenPCS 7 V7↗2018-04-24

▶