Lucene search
HistoryJul 24, 2014 - 2:55 p.m.
CVE-2014-4685
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
Affected configurations
Node
siemenssimatic_pcs7Range≤8.0sp1
ORsiemenssimatic_pcs7Match7.1sp3
ORsiemenssimatic_pcs7Match8.0
ORsiemenswinccRange≤7.2
ORsiemenswinccMatch5.0
ORsiemenswinccMatch5.0sp1
ORsiemenswinccMatch6.0
ORsiemenswinccMatch6.0sp2
ORsiemenswinccMatch6.0sp3
ORsiemenswinccMatch6.0sp4
ORsiemenswinccMatch7.0
ORsiemenswinccMatch7.0sp1
ORsiemenswinccMatch7.0sp2
ORsiemenswinccMatch7.0sp3
ORsiemenswinccMatch7.1
ORsiemenswinccMatch7.1sp1
Related
cve
cve
CVE-2014-4685
2014-07-24 14:55:08
ptsecurity
ptsecurity
PT-2014-15: Privilege Gaining in Siemens SIMATIC WinCC
2014-03-19 00:00:00
prion
prion
Improper access control
2014-07-24 14:55:00
cvelist
cvelist
CVE-2014-4685
2014-07-24 14:00:00
threatpost
threatpost
Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7
2014-10-07 14:49:31
ics
ics
Siemens SIMATIC WinCC Vulnerabilities (Update A)
2018-09-06 12:00:00
kaspersky
kaspersky
KLA10393 LPE & OSI vulnerabilities in Siemens Simatic WinCC
2014-07-23 00:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for NVD:CVE-2014-4685