Release DateDec 22, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a Buffer Overflow vulnerability in Siemens SIMATIC WinCC Flexible Runtime.The vulnerability is caused because the vulnerable application fails to perform adequate bounds checking on user-supplied data. A remote attacker can exploit this vulnerability by sending a malicious request. Successful attacks may allow the attacker to execute arbitrary code in the security context of the affected application. |
Affected ProductsSiemens SIMATIC WinCC flexible Runtime 2008 SP2 update 13 and prior. |
Recommended ActionsCurrently we are not aware of any vendor-supplied patches.Restrict access to trusted hosts only. |
Coverage IPS
VCM |
Reference/shttps://portal.telussecuritylabs.com/threat/TSL20111201-01 |
