High severity8.1NVD Advisory· Published Dec 17, 2016· Updated May 6, 2026

CVE-2016-9160

Description

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

Affected products

Siemens Foundation/Simatic Pcs7
cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*
Range: <=8.0
Siemens Foundation/Simatic Wincc
cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*
Range: <=7.1
N/a/Siemens Simatic Wincc (all Versions < Simatic Wincc V7.2) And Siemens Simatic Pcs 7 (all Versions < Simatic Pcs 7 V8.0 Sp1)v5
Range: SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000