CVE Vulnerabilities

CVE-2016-9160

Direct Use of Unsafe JNI

Published: Dec 17, 2016 | Modified: Nov 21, 2024
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

Weakness

When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.

Affected Software

Name Vendor Start Version End Version
Simatic_pcs_7 Siemens * 8.0 (including)
Simatic_wincc Siemens * 7.1 (including)

Potential Mitigations

References