This script is Copyright (C) 2017 Tenable Network Security, Inc.
An application installed on the remote host is affected by multiple
denial of service vulnerabilities.
The version of Siemens SIMATIC WinCC (TIA Portal) installed on the
remote host is 13.x prior to 13 service pack 2 (1300.200.1001.1) or
14.x prior to 14 service pack 1 (1400.100.1201.1). It is, therefore,
affected by multiple denial of service vulnerabilities :
- A denial of service vulnerability exists due to improper
handling of PROFINET DCP broadcast packets. A remote
attacker can exploit this, via a specially crafted
packet, to cause a denial of service condition.
- A denial of service vulnerability exists in the DCOM
interface due to improper handling of specially crafted
messages. An authenticated, remote attacker who is a
member of the 'administrators' group can exploit this,
via a specially crafted message, to cause a denial of
service condition. (CVE-2017-6867)
See also :
Upgrade to Siemens SIMATIC WinCC (TIA Portal) version 13 SP2
(1300.200.1001.1) / 14 SP1 (1400.100.1201.1) or later..
Risk factor :
Medium / CVSS Base Score : 6.8