WinCC stores Windows user credentials (user names and passwords) in a database. Authenticated users can log into this database, break the existing obfuscation and extract passwords. Furthermore, the database permissions allowed unprivileged users to gain access to sensitive data. A third vulnerability was found in the WinCC web server, where authenticated users could browse the file system via URL manipulation and extract sensitive information. A fourth vulnerability was found in the ActiveX component "RegReader", which is vulnerable to a buffer overflow and possible remote code execution. Manipulated project files can trigger a fifth vulnerability, which can allow an attacker to take over the WinCC PC. Furthermore a communication component called CCEServer is vulnerable to a remote buffer overflow that can be triggered over the network.
871db31131d047fe9c609554c28f03dc8cf0ca905160d6f028d4e6fe6945be60
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed