Lucene search

[email protected]NVD:CVE-2014-4684

HistoryJul 24, 2014 - 2:55 p.m.

CVE-2014-4684

2014-07-2414:55:08

CWE-264

[email protected]

web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.

Affected configurations

NVD

Node

siemenssimatic_pcs7Range≤8.0sp1

siemenssimatic_pcs7Match7.1sp3

siemenssimatic_pcs7Match8.0

siemenswinccRange≤7.2

siemenswinccMatch5.0

siemenswinccMatch5.0sp1

siemenswinccMatch6.0

siemenswinccMatch6.0sp2

siemenswinccMatch6.0sp3

siemenswinccMatch6.0sp4

siemenswinccMatch7.0

siemenswinccMatch7.0sp1

siemenswinccMatch7.0sp2

siemenswinccMatch7.0sp3

siemenswinccMatch7.1

siemenswinccMatch7.1sp1

References

www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.4%

JSON

Related for NVD:CVE-2014-4684

cve1 ptsecurity1 prion1 cvelist1 threatpost1 ics1 kaspersky1