Local Privilege Escalation Vulnerability in Siemens SIMATIC WinCC
CVE-2014-4685

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc; Simatic Pcs7
Vendor: CVE Published:; 24 July 2014

What is CVE-2014-4685?

The vulnerability in Siemens SIMATIC WinCC allows local users to exploit weak system-object access control, which may lead to unauthorized privilege escalation. This issue affects versions prior to 7.3 and poses a significant risk in environments where this software is deployed, permitting attackers to manipulate system functions and gain elevated access rights.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2014
Vulnerability Reserved
Jun 28, 2014