CVE-2014-8551 — Code Injection in Siemens Simatic Pcs7

CWE-94 — Code Injection3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

5.8%

top 9.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Pcs7 Siemens Simatic PCS 7 Siemens Simatic Tiaportal +1 more

Timeline

PublishedNov 26

Latest updateMay 17

Description

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDsiemens/simatic_wincc7.0, 7.2, 7.3+2

▶NVDsiemens/simatic_tiaportal13.0

▶NVDsiemens/simatic_pcs77.1, 8.0, 8.1+2

▶NVDsiemens/simatic_pcs_77.1

🔴Vulnerability Details

GHSA

GHSA-q6w4-ggqq-w3r4: The WinCC server in Siemens SIMATIC WinCC 7↗2022-05-17

▶

CVEList

CVE-2014-8551: The WinCC server in Siemens SIMATIC WinCC 7↗2014-11-26

▶