CVE-2014-4686

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*

History

21 Nov 2024, 02:10

Type Values Removed Values Added
References () http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf - Vendor Advisory () http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf - Vendor Advisory

Information

Published : 2014-07-24 14:55

Updated : 2024-11-21 02:10


NVD link : CVE-2014-4686

Mitre link : CVE-2014-4686

CVE.ORG link : CVE-2014-4686


JSON object : View

Products Affected

siemens

  • wincc
  • simatic_pcs7