Vulnerability Description
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Wincc Open Architecture | <= 3.12 |
References
- http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01US Government Resource
- http://osvdb.org/102810
- http://secunia.com/advisories/56651
- http://www.securityfocus.com/bid/65351
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90933
- http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01US Government Resource
- http://osvdb.org/102810
- http://secunia.com/advisories/56651
- http://www.securityfocus.com/bid/65351
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90933
FAQ
What is CVE-2014-1697?
CVE-2014-1697 is a vulnerability with a CVSS score of 7.5 (HIGH). The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
How severe is CVE-2014-1697?
CVE-2014-1697 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1697?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Wincc Open Architecture.