CVE-2014-2249 — MEDIUM (5.8)

Q: How severe is CVE-2014-2249?

CVE-2014-2249 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2249?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic S7-1500 Cpu Firmware.

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Siemens	Simatic S7-1500 Cpu Firmware	<= 1.1.2

Related Weaknesses (CWE)

CWE-352

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02US Government Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviPatchVendor Advisory
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advi
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02US Government Resource
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviPatchVendor Advisory
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advi
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf

FAQ

What is CVE-2014-2249?

CVE-2014-2249 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attacke...

How severe is CVE-2014-2249?

CVE-2014-2249 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2249?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic S7-1500 Cpu Firmware.