An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code prior to 2017-03-21 and Local Discovery Server (LDS) prior to 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and previous versions), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
siemens wincc |
||
siemens simatic pcs7 |
||
ocpfoundation ua .net |
||
ocpfoundation local discovery server |