Directory Traversal Vulnerability in Siemens SIMATIC WinCC OA
CVE-2014-1698

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Wincc Open Architecture
Vendor: CVE Published:; 7 February 2014

Summary

A directory traversal vulnerability exists in Siemens SIMATIC WinCC OA prior to version 3.12 P002, permitting remote attackers to exploit the flaw by sending specially crafted packets to TCP port 4999. This allows unauthorized access to arbitrary files on the system, posing a significant risk to sensitive data and operational integrity. Users are encouraged to upgrade to the latest version to mitigate this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90935

vdb-entryx_refsource_XF

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

http://secunia.com/advisories/56651

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 7, 2014
Vulnerability Reserved
Jan 29, 2014