SIMATIC DCOMOPC Vulnerability No Auth/Enc in WinCC<8, PCS7, NET PC
CVE-2023-28829 Published on June 13, 2023
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
Weakness Type
Use of Obsolete Function
The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.
Products Associated with CVE-2023-28829
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-28829 are published in these products:
Affected Versions
Siemens SIMATIC NET PC Software V14:- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V8.0 is affected.
- Version All versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.