CVE-2014-8552

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:simatic_pcs_7:7.1:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs7:7.1:sp4:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs7:8.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs7:8.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_pcs7:8.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_tiaportal:13.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_tiaportal:13.0:3:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_tiaportal:13.0:5:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.0:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.0:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.2:1:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.2:2:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.2:3:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.2:4:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.2:5:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.2:6:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.2:7:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.2:8:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_wincc:7.3:1:*:*:*:*:*:*

History

21 Nov 2024, 02:19

Type Values Removed Values Added
References () http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf - Vendor Advisory () http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf - Vendor Advisory

Information

Published : 2014-11-26 11:59

Updated : 2024-11-21 02:19


NVD link : CVE-2014-8552

Mitre link : CVE-2014-8552

CVE.ORG link : CVE-2014-8552


JSON object : View

Products Affected

siemens

  • simatic_tiaportal
  • simatic_pcs7
  • simatic_pcs_7
  • simatic_wincc
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor