CVE-2014-2254

2014-03-2414:20:39

CWE-399

[email protected]

web.nvd.nist.gov

siemens

simatic s7-1200

cpu

plc

firmware

denial of service

http

vulnerability

6.6 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

81.5%

JSON

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.

Affected configurations

NVD

Node

siemenssimatic_s7_cpu_1200_firmwareRange≤3.0.2

siemenssimatic_s7_cpu_1200_firmwareMatch3.0

AND

siemenssimatic_s7_cpu-1211cMatch-

siemenssimatic_s7_cpu_1212cMatch-

siemenssimatic_s7_cpu_1214cMatch-

siemenssimatic_s7_cpu_1215cMatch-

siemenssimatic_s7_cpu_1217cMatch-

CPENameOperatorVersion
siemens:simatic_s7_cpu_1200_firmwaresiemens simatic s7 cpu 1200 firmwarele3.0.2
siemens:simatic_s7_cpu_1200_firmwaresiemens simatic s7 cpu 1200 firmwareeq3.0
siemens:simatic_s7_cpu-1211csiemens simatic s7 cpu-1211ceq-
siemens:simatic_s7_cpu_1212csiemens simatic s7 cpu 1212ceq-
siemens:simatic_s7_cpu_1214csiemens simatic s7 cpu 1214ceq-
siemens:simatic_s7_cpu_1215csiemens simatic s7 cpu 1215ceq-
siemens:simatic_s7_cpu_1217csiemens simatic s7 cpu 1217ceq-

CPE	Name	Operator	Version
siemens:simatic_s7_cpu_1200_firmware	siemens simatic s7 cpu 1200 firmware	le	3.0.2
siemens:simatic_s7_cpu_1200_firmware	siemens simatic s7 cpu 1200 firmware	eq	3.0
siemens:simatic_s7_cpu-1211c	siemens simatic s7 cpu-1211c	eq	-
siemens:simatic_s7_cpu_1212c	siemens simatic s7 cpu 1212c	eq	-
siemens:simatic_s7_cpu_1214c	siemens simatic s7 cpu 1214c	eq	-
siemens:simatic_s7_cpu_1215c	siemens simatic s7 cpu 1215c	eq	-
siemens:simatic_s7_cpu_1217c	siemens simatic s7 cpu 1217c	eq	-