Siemens SIMATIC TIA Portal 13.x < 13 Upd6 Remote Code Execution

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host has a version of Siemens SIMATIC TIA Portal installed
that is 13.x prior to 13 update 6 (1300.6.201.1). It is, therefore,
affected by an unspecified flaw in the WinCC component that allows an
unauthenticated, remote attacker to execute arbitrary code or extract
arbitrary files via specially crafted packets sent to the WinCC
server.

See also :

http://www.nessus.org/u?8eb42084

Solution :

Upgrade to Siemens SIMATIC TIA Portal version 13 Upd6 (1300.6.201.1)
or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SCADA

Nessus Plugin ID: 81299 ()

Bugtraq ID:

CVE ID: CVE-2014-8551
CVE-2014-8552

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now