Vulnerabilities > CVE-2014-2731 - Remote Code Execution vulnerability in Siemens Sinema Server 12.0

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

siemens

critical

NVD

Published: 2014-04-19

Updated: 2014-04-21

Summary

Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinema Server 12.0	1

Seebug

bulletinFamily	exploit
description	CVE ID:CVE-2014-2731 SINEMA Server是西门子工业网络管理软件能够快速诊断工业以太网、工业交换机SCALANCE、PROFINET和CP443-1、CP343-1、ET200(PN)等网络设备的通讯状态。 SINEMA Server存在未明安全漏洞，允许远程攻击者利用漏洞执行任意代码。 0 SINEMA Server 12 SINEMA Server 12 SP1版本已修复该漏洞，建议用户下载使用： http://www.siemens.com/
id	SSV:62224
last seen	2017-11-19
modified	2014-04-18
published	2014-04-18
reporter	Root
title	Siemens SINEMA Server未明远程代码执行漏洞

Summary

Vulnerable Configurations

Seebug

References