Medium severity4.9NVD Advisory· Published May 11, 2017· Updated May 13, 2026

CVE-2017-6867

Description

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.

Affected products

Siemens Foundation/Simatic Wincc2 versions
cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*
Siemens Foundation/Simatic Wincc \(tia Portal\)2 versions
cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):13:sp1:*:*:professional:*:*:*+ 1 more
- cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):13:sp1:*:*:professional:*:*:*
- cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):14:*:*:*:professional:*:*:*
Siemens Foundation/Simatic Wincc Runtime2 versions
cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*+ 1 more
- cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*
- cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/98368nvdThird Party AdvisoryVDB Entry
www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdfnvdVendor Advisory
cert-portal.siemens.com/productcert/pdf/ssa-523365.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.319
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000