CVE-2014-8552

CWE-200 — Information Exposure3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.1%

top 69.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic Pcs7 Siemens Simatic PCS 7 Siemens Simatic Tiaportal +1 more

Timeline

PublishedNov 26

Latest updateMay 17

Description

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDsiemens/simatic_wincc7.0, 7.2, 7.3+2

▶NVDsiemens/simatic_tiaportal13.0

▶NVDsiemens/simatic_pcs77.1, 8.0, 8.1+2

▶NVDsiemens/simatic_pcs_77.1

🔴Vulnerability Details

GHSA

GHSA-g5w3-xjq2-g2w5: The WinCC server in Siemens SIMATIC WinCC 7↗2022-05-17

▶

CVEList

CVE-2014-8552: The WinCC server in Siemens SIMATIC WinCC 7↗2014-11-26

▶