CVE-2014-1699
published 2014-02-07CVE-2014-1699: Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.14%
79.8th percentile
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_wincc_open_architecture | <= 3.12 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: binder: fix use-after-free in binderfs_evict_inode()
vendor_redhat·2025-07-04·CVSS 7.8
CVE-2025-38176 [HIGH] kernel: binder: fix use-after-free in binderfs_evict_inode()
kernel: binder: fix use-after-free in binderfs_evict_inode()
In the Linux kernel, the following vulnerability has been resolved:
binder: fix use-after-free in binderfs_evict_inode()
Running 'stress-ng --binderfs 16 --timeout 300' under KASAN-enabled
kernel, I've noticed the following:
BUG: KASAN: slab-use-after-free in binderfs_evict_inode+0x1de/0x2d0
Write of size 8 at addr ffff88807379bc08 by task stress-ng-binde/1699
CPU: 0 UID: 0 PID: 1699 Comm: stress-ng-binde Not tainted 6.14.0-rc7-g586de92313fc-dirty #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
Call Trace:
dump_stack_lvl+0x1c2/0x2a0
? __pfx_dump_stack_lvl+0x10/0x10
? __pfx__printk+0x10/0x10
? __pfx_lock_release+0x10/0x10
? __virt_addr_valid+0x18c/0x540
? __virt_addr_valid+0x469/0x540
pri
CISA ICS
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
cisa_ics·2018-09-06
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC WinCC OA Multiple Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-035-01
## OVERVIEW
Researchers Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies have identified multiple vulnerabilities in the Siemens SIMATIC WinCC Open Architecture (OA) application. Siemens has produced updates that mitigate these vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Siemens product is affected:
- SIMATIC WinCC OA all versions prior to 3.12 P002
## IMPACT
Successful exploitation of th
GHSA
GHSA-5h6v-x3m8-7h55: Siemens SIMATIC WinCC OA before 3
ghsa_unreviewed·2022-05-17
CVE-2014-1699 [MEDIUM] GHSA-5h6v-x3m8-7h55: Siemens SIMATIC WinCC OA before 3
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01http://osvdb.org/102812http://secunia.com/advisories/56651http://www.securityfocus.com/bid/65347http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90936http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01http://osvdb.org/102812http://secunia.com/advisories/56651http://www.securityfocus.com/bid/65347http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90936
2014-02-07
Published