N/A

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

N/A

关键功能的认证机制缺失

Siemens SIMATIC WinCC和SIMATIC PCS 7 访问控制错误漏洞

Siemens SIMATIC PCS 7和SIMATIC WinCC都是德国西门子（Siemens）公司的产品。SIMATIC PCS 7是一套过程控制系统。SIMATIC WinCC是一套自动化的数据采集与监控（SCADA）系统。 Siemens SIMATIC PCS 7和SIMATIC WinCC中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。以下产品及版本受到影响：SIMATIC PCS 7 V8.0及之前版本，SIMATIC PCS 7 V8.1及更高版本，

N/A

N/A