Lucene search
HistoryApr 25, 2014 - 5:12 a.m.
CVE-2014-2909
cve-2014-2909
crlf injection
siemens
simatic s7-1200
web server
vulnerability
nvd
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
7 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.7%
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
Affected configurations
Node
siemenssimatic_s7_cpu_1200_firmwareMatch2.0
ORsiemenssimatic_s7_cpu_1200_firmwareMatch3.0
ORsiemenssimatic_s7_cpu_1200_firmwareMatch3.0.2
siemenssimatic_s7_cpu-1211cMatch-
ORsiemenssimatic_s7_cpu_1212cMatch-
ORsiemenssimatic_s7_cpu_1214cMatch-
ORsiemenssimatic_s7_cpu_1215cMatch-
ORsiemenssimatic_s7_cpu_1217cMatch-
Related
prion
prion
Crlf injection
2014-04-25 05:12:00
nessus
nessus
Siemens Simatic Improper Control of Generation of Code ('Code Injection')
2019-11-08 00:00:00
Siemens SIMATIC S7-1200 HTTP Response Splitting (CVE-2014-2909)
2022-02-07 00:00:00
cvelist
cvelist
CVE-2014-2909
2014-04-25 01:00:00
nvd
nvd
CVE-2014-2909
2014-04-25 05:12:07
ics
ics
Siemens SIMATIC S7-1200 CPU Web Vulnerabilities
2018-09-06 12:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
7 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.7%
Related for CVE-2014-2909