CVE-2014-4684 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2014-4684

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.

Published: Jul 24, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4684
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
siemens / wincc	7.1-sp1	7.1-sp1.x
siemens / simatic_pcs7	8.0	8.0.x
siemens / wincc	6.0-sp2	6.0-sp2.x
siemens / wincc	6.0-sp4	6.0-sp4.x
siemens / simatic_pcs7	7.1-sp3	7.1-sp3.x
siemens / wincc	7.1	7.1.x
siemens / wincc	7.0-sp2	7.0-sp2.x
siemens / simatic_pcs7	-	8.0.x
siemens / wincc	5.0	5.0.x
siemens / wincc	7.0-sp3	7.0-sp3.x
siemens / wincc	6.0	6.0.x
siemens / wincc	6.0-sp3	6.0-sp3.x
siemens / wincc	-	7.2.x
siemens / wincc	7.0	7.0.x
siemens / wincc	5.0-sp1	5.0-sp1.x
siemens / wincc	7.0-sp1	7.0-sp1.x

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf