CVE-2014-1697
published 2014-02-07CVE-2014-1697: The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.26%
91.5th percentile
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_wincc_open_architecture | <= 3.12 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
cisa_ics·2018-09-06
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-035-01
## OVERVIEW
Researchers Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies have identified multiple vulnerabilities in the Siemens SIMATIC WinCC Open Architecture (OA) application. Siemens has produced updates that mitigate these vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Siemens product is affected:
- SIMATIC WinCC OA all versions prior to 3.12 P002
## IMPACT
Successful exploitation of th
GHSA
GHSA-pjpr-3jp2-8fm3: The integrated web server in Siemens SIMATIC WinCC OA before 3
ghsa_unreviewed·2022-05-17
CVE-2014-1697 [HIGH] GHSA-pjpr-3jp2-8fm3: The integrated web server in Siemens SIMATIC WinCC OA before 3
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01http://osvdb.org/102810http://secunia.com/advisories/56651http://www.securityfocus.com/bid/65351http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90933http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01http://osvdb.org/102810http://secunia.com/advisories/56651http://www.securityfocus.com/bid/65351http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90933
2014-02-07
Published