CVE-2014-2909
published 2014-04-25CVE-2014-2909: CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP…
PriorityP431medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EPSS
2.42%
82.1th percentile
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | — | — |
| siemens | simatic_s7_cpu_1200_firmware | — | — |
| siemens | simatic_s7_cpu_1200_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Siemens SIMATIC S7 Cpu 1200 3.0.2 code injection (ssa-892012)
vuldb·2026-05-12·CVSS 5.8
CVE-2014-2909 [MEDIUM] Siemens SIMATIC S7 Cpu 1200 3.0.2 code injection (ssa-892012)
A vulnerability marked as critical has been reported in Siemens SIMATIC S7 Cpu 1200 3.0.2. This vulnerability affects unknown code. The manipulation leads to code injection.
This vulnerability is traded as CVE-2014-2909. It is possible to initiate the attack remotely. There is no exploit available.
GHSA
GHSA-53rw-gv4m-q3jg: CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2
ghsa_unreviewed·2022-05-13
CVE-2014-2909 [MEDIUM] CWE-94 GHSA-53rw-gv4m-q3jg: CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
CISA ICS
Siemens SIMATIC S7-1200 CPU Web Vulnerabilities
cisa_ics·2018-09-06·CVSS 4.3
[MEDIUM] Siemens SIMATIC S7-1200 CPU Web Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC S7-1200 CPU Web Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-114-02
## OVERVIEW
Siemens ProductCERT and Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training have reported two vulnerabilities in the Siemens SIMATIC S7-1200 CPU family. Siemens has produced a new product release that mitigates these vulnerabilities.
## AFFECTED PRODUCTS
The following Siemens SIMATIC S7-1200 CPU versions are affected:
- SIMATIC S7-1200 CPU family Versions: V2.X and V3.X.
## IMPACT
Attackers could use these vulnerabilities to perfor
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdfhttp://ics-cert.us-cert.gov/advisories/ICSA-14-114-02http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf
2014-04-25
Published