Siemens has fixed a remotely exploitable input validation vulnerability in some versions of its SIMATIC PCS 7 distributed control system. The remaining affected versions are still unpatched, but Siemens said it is working on a fix for remaining versions. The bug, CVE-2017-14023, is described as improper input validation, which may allow an authenticated remote attacker to crash services by sending specially crafted messages to the DCOM interface. ICS-CERT also published an advisory yesterday about two other flaws in Advantech WebAccess, a browser-based HMI system.
Source: https://threatpost.com/siemens-update-patches-simatic-pcs-7-bug-in-some-versions/128753/