CVE-2014-2258
published 2014-03-24CVE-2014-2258: Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS…
PriorityP335high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
4.60%
90.5th percentile
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | <= 3.0.2 | — |
| siemens | simatic_s7_cpu_1200_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC S7-1200 Vulnerabilities
cisa_ics·2018-08-23
Siemens SIMATIC S7-1200 Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC S7-1200 Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-14-079-02
## OVERVIEW
Siemens, Ralf Spenneberg of OpenSource Training, Lucian Cojocar of EURECOM, Sascha Zinke from the FU Berlin’s work team SCADACS, and Positive Technologies’ researchers (Alexey Osipov, and Alex Timorin) have identified six vulnerabilities in the Siemens SIMATIC S7-1200 CPU family. Siemens has produced a new product release that mitigates these vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following SIMATIC S7-1200 versions are
GHSA
GHSA-wxf6-627x-8cpq: Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2014-2258 [HIGH] GHSA-wxf6-627x-8cpq: Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdfhttp://ics-cert.us-cert.gov/advisories/ICSA-14-079-02http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
2014-03-24
Published