CVE-2023-28829
published 2023-06-13CVE-2023-28829: A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These
services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_net_pc_software | — | — |
| siemens | simatic_net_pc_software | — | — |
| siemens | simatic_net_pc_software_v14 | — | — |
| siemens | simatic_net_pc_software_v15 | — | — |
| siemens | simatic_pcs_7 | — | — |
| siemens | simatic_pcs_7 | — | — |
| siemens | simatic_pcs_7 | — | — |
| siemens | simatic_pcs_7_v8.2 | — | — |
| siemens | simatic_pcs_7_v9.0 | — | — |
| siemens | simatic_pcs_7_v9.1 | — | — |
| siemens | simatic_wincc | < 8.0 | 8.0 |
| siemens | simatic_wincc | — | — |
| siemens | sinaut_software_st7sc | — | — |