CVE-2014-1697

EUVD-2014-1771
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
siemenssimatic_wincc_open_architecture
𝑥
≤ 3.12
𝑥
= Vulnerable software versions
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01
http://osvdb.org/102810
http://secunia.com/advisories/56651
http://www.securityfocus.com/bid/65351
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90933
http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01
http://osvdb.org/102810
http://secunia.com/advisories/56651
http://www.securityfocus.com/bid/65351
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90933