CVE-2014-2732

Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.

Published: Apr 19, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2732
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
siemens / sinema_server	-	12.0.x

http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01
http://www.securityfocus.com/bid/66965
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Vulnerability Database

289,697

CVE-2014-2732