CVE-2014-4684

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
siemenssimatic_pcs7
𝑥
≤ 8.0
siemenssimatic_pcs7
7.1:sp3
siemenssimatic_pcs7
8.0
siemenswincc
𝑥
≤ 7.2
siemenswincc
5.0
siemenswincc
5.0:sp1
siemenswincc
6.0
siemenswincc
6.0:sp2
siemenswincc
6.0:sp3
siemenswincc
6.0:sp4
siemenswincc
7.0
siemenswincc
7.0:sp1
siemenswincc
7.0:sp2
siemenswincc
7.0:sp3
siemenswincc
7.1
siemenswincc
7.1:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf