Remote Code Injection Vulnerability in Siemens SIMATIC S7-1500 CPU PLC
CVE-2014-2247

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic S7-1500 Cpu Firmware
Vendor: CVE Published:; 16 March 2014

Summary

The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices prior to firmware version 1.5.0 is susceptible to a vulnerability that allows remote attackers to inject HTTP headers through various unspecified methods. This flaw poses a significant risk, enabling potential unauthorized operations affecting the device's integrity and functionality. Users are encouraged to update their firmware and follow best security practices to mitigate risks associated with this vulnerability.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-45642...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 16, 2014
Vulnerability Reserved
Feb 28, 2014