Remote Code Execution in Siemens SIMATIC WinCC OA Web Server
CVE-2014-1697

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Wincc Open Architecture
Vendor: CVE Published:; 7 February 2014

What is CVE-2014-1697?

The web server integrated within Siemens SIMATIC WinCC OA up to version 3.12 P002 is vulnerable to remote code execution. Attackers can exploit this vulnerability by sending specially crafted packets to TCP port 4999, potentially allowing them to execute arbitrary code on the affected system. This poses significant risks to organizations utilizing the software in their operations, highlighting the need for timely updates and robust security practices.

References

http://osvdb.org/102810

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/90933

vdb-entryx_refsource_XF

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2014
Vulnerability Reserved
Jan 29, 2014