Vulnerabilities > CVE-2014-1699 - Resource Management Errors vulnerability in Siemens Simatic Wincc Open Architecture
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65347 CVE(CAN) ID: CVE-2014-1699 Siemens SIMATIC WinCC 是监测控制和数据采集SCADA及人机界面HMI系统。 SIEMENS SIMATIC WinCC OA 3.12 P002之前版本存在安全漏洞,远程攻击者通过向端口4999发送畸形的HTTP请求,利用此漏洞即可造成拒绝服务(监控服务中断)。 0 Siemens SIMATIC WinCC Open Architecture < 3.12 P002 January 厂商补丁: Siemens ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.siemens.com/corporate-technology/pool/ http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf |
| id | SSV:61421 |
| last seen | 2017-11-19 |
| modified | 2014-02-12 |
| published | 2014-02-12 |
| reporter | Root |
| title | SIEMENS SIMATIC WinCC Open Architecture拒绝服务漏洞 |
References
- http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01
- http://osvdb.org/102812
- http://secunia.com/advisories/56651
- http://www.securityfocus.com/bid/65347
- http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90936