CVE-2014-4685 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2014-4685

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.

Published: Jul 24, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4685
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
siemens / wincc	7.1-sp1	7.1-sp1.x
siemens / simatic_pcs7	8.0	8.0.x
siemens / wincc	6.0-sp2	6.0-sp2.x
siemens / wincc	6.0-sp4	6.0-sp4.x
siemens / simatic_pcs7	7.1-sp3	7.1-sp3.x
siemens / wincc	7.1	7.1.x
siemens / wincc	7.0-sp2	7.0-sp2.x
siemens / simatic_pcs7	-	8.0.x
siemens / wincc	5.0	5.0.x
siemens / wincc	7.0-sp3	7.0-sp3.x
siemens / wincc	6.0	6.0.x
siemens / wincc	6.0-sp3	6.0-sp3.x
siemens / wincc	-	7.2.x
siemens / wincc	7.0	7.0.x
siemens / wincc	5.0-sp1	5.0-sp1.x
siemens / wincc	7.0-sp1	7.0-sp1.x

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf