Intrusion Prevention

Siemens.SIMATIC.WinCC.Flexible.Runtime.Stack.Buffer.Overflow

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in Siemens SIMATIC WinCC Flexible Runtime.
The vulnerability is caused because the vulnerable application fails to perform adequate bounds checking on user-supplied data. A remote attacker can exploit this vulnerability by sending a malicious request. Successful attacks may allow the attacker to execute arbitrary code in the security context of the affected application.

Affected Products

Siemens SIMATIC WinCC flexible Runtime 2008 SP2 update 13 and prior.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor-supplied patches.
Restrict access to trusted hosts only.