Vulnerability Description
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Simatic Pcs 7 | 7.1 |
| Siemens | Simatic Pcs7 | 7.1 |
| Siemens | Simatic Tiaportal | 13.0 |
| Siemens | Simatic Wincc | 7.0 |
Related Weaknesses (CWE)
References
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviVendor Advisory
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_adviVendor Advisory
FAQ
What is CVE-2014-8552?
CVE-2014-8552 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allo...
How severe is CVE-2014-8552?
CVE-2014-8552 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8552?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Pcs 7, Siemens Simatic Pcs7, Siemens Simatic Tiaportal, Siemens Simatic Wincc.