Siemens SIMATIC WinCC (TIA Portal) < 14 SP1 XXE Vulnerability
Medium Nessus Plugin ID 102991
SynopsisAn application installed on the remote host is affected by multiple denial of service vulnerabilities.
DescriptionThe version of Siemens SIMATIC WinCC (TIA Portal) installed on the remote host is prior to 14 service pack 1 (1400.100.1201.1). It is, therefore, affected by an XML External Entity Injection Vulnerability. A flaw in the OPC discovery server, that is triggered during the handling of a specially crafted packet, may allow a remote attacker to gain access to certain resources or consume excessive resources.
SolutionUpgrade to Siemens SIMATIC WinCC (TIA Portal) version 14 SP1 (1400.100.1201.1) or later.