The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Siemens
RCE
Simatic Wincc Open Architecture
NVD
CVSS 2.0
7.5
EPSS
4.5%