CRLF Injection Vulnerability in Siemens SIMATIC S7-1200 CPUs
CVE-2014-2909

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic S7 Cpu 1200 Firmware; Simatic S7 Cpu-1211c; Simatic S7 Cpu 1212c; Simatic S7 Cpu 1214c
Vendor: CVE Published:; 25 April 2014

Summary

The CRLF injection vulnerability in the integrated web server of Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x enables remote attackers to craft and inject arbitrary HTTP headers. This exploitation can lead to various attacks, potentially compromising the integrity and confidentiality of the affected systems. It's crucial for users of these devices to apply recommended patches and follow security best practices to mitigate the risks associated with this vulnerability.

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02

x_refsource_MISC

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-89201...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 25, 2014
Vulnerability Reserved
Apr 18, 2014