CVE-2014-1697

Published: Feb 7, 2014Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.

Affected (1)

Products: Siemens: Simatic Wincc Open Architecture

Siemens

1 product

Simatic Wincc Open Architecture

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Wincc Open Architecture	Up to 3.12

References (12)

http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01

Source: cve@mitre.org

US Government Resource

http://osvdb.org/102810

Source: cve@mitre.org

http://secunia.com/advisories/56651

Source: cve@mitre.org

http://www.securityfocus.com/bid/65351

Source: cve@mitre.org

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/90933

Source: cve@mitre.org

http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01