Vulnerabilites related to siemens - simatic_s7_cpu-1211c
CVE-2014-2252 (GCVE-0-2014-2252)
Vulnerability from cvelistv5
Published
2014-03-22 01:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2252",
"datePublished": "2014-03-22T01:00:00",
"dateReserved": "2014-02-28T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2256 (GCVE-0-2014-2256)
Vulnerability from cvelistv5
Published
2014-03-22 01:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2256",
"datePublished": "2014-03-22T01:00:00",
"dateReserved": "2014-02-28T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2250 (GCVE-0-2014-2250)
Vulnerability from cvelistv5
Published
2014-03-22 01:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2250",
"datePublished": "2014-03-22T01:00:00",
"dateReserved": "2014-02-28T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2258 (GCVE-0-2014-2258)
Vulnerability from cvelistv5
Published
2014-03-22 01:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2258",
"datePublished": "2014-03-22T01:00:00",
"dateReserved": "2014-02-28T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2908 (GCVE-0-2014-2908)
Vulnerability from cvelistv5
Published
2014-04-25 01:00
Modified
2024-08-06 10:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"name": "44687",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44687/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"name": "44687",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44687/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"name": "44687",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44687/"
},
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2908",
"datePublished": "2014-04-25T01:00:00",
"dateReserved": "2014-04-18T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2254 (GCVE-0-2014-2254)
Vulnerability from cvelistv5
Published
2014-03-22 01:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2254",
"datePublished": "2014-03-22T01:00:00",
"dateReserved": "2014-02-28T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2909 (GCVE-0-2014-2909)
Vulnerability from cvelistv5
Published
2014-04-25 01:00
Modified
2024-08-06 10:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2909",
"datePublished": "2014-04-25T01:00:00",
"dateReserved": "2014-04-18T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-03-24 14:20
Modified
2025-04-12 10:46
Severity ?
Summary
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | * | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0 | |
| siemens | simatic_s7_cpu-1211c | - | |
| siemens | simatic_s7_cpu_1212c | - | |
| siemens | simatic_s7_cpu_1214c | - | |
| siemens | simatic_s7_cpu_1215c | - | |
| siemens | simatic_s7_cpu_1217c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCF4722-1850-48CD-9BCA-6EBD9EFF8147",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7A9D3-33C0-465B-914D-3D1FF1BE8272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8E0D6-D9DE-4F2A-A0D3-84A9EEB8EAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A11F4A-4DA2-4EDC-A51F-69DA422C320F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB6306C-2F6E-49A3-BFAE-BA6962501697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC6AAEF-22EE-449B-83A8-9BE0B84199EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F69756-6304-489F-A287-65D0A9E81943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251."
},
{
"lang": "es",
"value": "El generador de n\u00fameros aleatorios en dispositivos de Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 no tiene suficiente entrop\u00eda, lo que facilita a atacantes remotos anular mecanismos de protecci\u00f3n criptogr\u00e1fica y secuestrar sesiones a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2014-2251."
}
],
"id": "CVE-2014-2250",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T14:20:39.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-25 05:12
Modified
2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | 2.0 | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0 | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0.2 | |
| siemens | simatic_s7_cpu-1211c | - | |
| siemens | simatic_s7_cpu_1212c | - | |
| siemens | simatic_s7_cpu_1214c | - | |
| siemens | simatic_s7_cpu_1215c | - | |
| siemens | simatic_s7_cpu_1217c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B49DC13F-9C46-4918-8717-D042B809FF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7A9D3-33C0-465B-914D-3D1FF1BE8272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4278D8-9EED-4E44-BC18-07987D9255E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8E0D6-D9DE-4F2A-A0D3-84A9EEB8EAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A11F4A-4DA2-4EDC-A51F-69DA422C320F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB6306C-2F6E-49A3-BFAE-BA6962501697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC6AAEF-22EE-449B-83A8-9BE0B84199EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F69756-6304-489F-A287-65D0A9E81943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2909",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T05:12:07.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 14:20
Modified
2025-04-12 10:46
Severity ?
Summary
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | * | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0 | |
| siemens | simatic_s7_cpu-1211c | - | |
| siemens | simatic_s7_cpu_1212c | - | |
| siemens | simatic_s7_cpu_1214c | - | |
| siemens | simatic_s7_cpu_1215c | - | |
| siemens | simatic_s7_cpu_1217c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCF4722-1850-48CD-9BCA-6EBD9EFF8147",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7A9D3-33C0-465B-914D-3D1FF1BE8272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8E0D6-D9DE-4F2A-A0D3-84A9EEB8EAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A11F4A-4DA2-4EDC-A51F-69DA422C320F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB6306C-2F6E-49A3-BFAE-BA6962501697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC6AAEF-22EE-449B-83A8-9BE0B84199EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F69756-6304-489F-A287-65D0A9E81943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257."
},
{
"lang": "es",
"value": "Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (transici\u00f3n de modo defecto) a trav\u00e9s de paquetes ISO-TSAP manipulados, una vulnerabilidad diferente a CVE-2014-2257."
}
],
"id": "CVE-2014-2256",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T14:20:39.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-25 05:12
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | 2.0 | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0 | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0.2 | |
| siemens | simatic_s7_cpu-1211c | - | |
| siemens | simatic_s7_cpu_1212c | - | |
| siemens | simatic_s7_cpu_1214c | - | |
| siemens | simatic_s7_cpu_1215c | - | |
| siemens | simatic_s7_cpu_1217c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B49DC13F-9C46-4918-8717-D042B809FF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7A9D3-33C0-465B-914D-3D1FF1BE8272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4278D8-9EED-4E44-BC18-07987D9255E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8E0D6-D9DE-4F2A-A0D3-84A9EEB8EAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A11F4A-4DA2-4EDC-A51F-69DA422C320F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB6306C-2F6E-49A3-BFAE-BA6962501697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC6AAEF-22EE-449B-83A8-9BE0B84199EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F69756-6304-489F-A287-65D0A9E81943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-2908",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T05:12:07.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/44687/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/44687/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 14:20
Modified
2025-04-12 10:46
Severity ?
Summary
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | * | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0 | |
| siemens | simatic_s7_cpu-1211c | - | |
| siemens | simatic_s7_cpu_1212c | - | |
| siemens | simatic_s7_cpu_1214c | - | |
| siemens | simatic_s7_cpu_1215c | - | |
| siemens | simatic_s7_cpu_1217c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCF4722-1850-48CD-9BCA-6EBD9EFF8147",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7A9D3-33C0-465B-914D-3D1FF1BE8272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8E0D6-D9DE-4F2A-A0D3-84A9EEB8EAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A11F4A-4DA2-4EDC-A51F-69DA422C320F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB6306C-2F6E-49A3-BFAE-BA6962501697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC6AAEF-22EE-449B-83A8-9BE0B84199EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F69756-6304-489F-A287-65D0A9E81943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253."
},
{
"lang": "es",
"value": "Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (transici\u00f3n de modo defecto) a trav\u00e9s de paquetes PROFINET manipulados, una vulnerabilidad diferente a CVE-2014-2253."
}
],
"id": "CVE-2014-2252",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T14:20:39.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 14:20
Modified
2025-04-12 10:46
Severity ?
Summary
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | * | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0 | |
| siemens | simatic_s7_cpu-1211c | - | |
| siemens | simatic_s7_cpu_1212c | - | |
| siemens | simatic_s7_cpu_1214c | - | |
| siemens | simatic_s7_cpu_1215c | - | |
| siemens | simatic_s7_cpu_1217c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCF4722-1850-48CD-9BCA-6EBD9EFF8147",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7A9D3-33C0-465B-914D-3D1FF1BE8272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8E0D6-D9DE-4F2A-A0D3-84A9EEB8EAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A11F4A-4DA2-4EDC-A51F-69DA422C320F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB6306C-2F6E-49A3-BFAE-BA6962501697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC6AAEF-22EE-449B-83A8-9BE0B84199EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F69756-6304-489F-A287-65D0A9E81943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255."
},
{
"lang": "es",
"value": "Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (transici\u00f3n de modo defecto) a trav\u00e9s de paquetes HTTP manipulados, una vulnerabilidad diferente a CVE-2014-2255."
}
],
"id": "CVE-2014-2254",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T14:20:39.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-24 14:20
Modified
2025-04-12 10:46
Severity ?
Summary
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_s7_cpu_1200_firmware | * | |
| siemens | simatic_s7_cpu_1200_firmware | 3.0 | |
| siemens | simatic_s7_cpu-1211c | - | |
| siemens | simatic_s7_cpu_1212c | - | |
| siemens | simatic_s7_cpu_1214c | - | |
| siemens | simatic_s7_cpu_1215c | - | |
| siemens | simatic_s7_cpu_1217c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BCF4722-1850-48CD-9BCA-6EBD9EFF8147",
"versionEndIncluding": "3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7A9D3-33C0-465B-914D-3D1FF1BE8272",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8E0D6-D9DE-4F2A-A0D3-84A9EEB8EAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A11F4A-4DA2-4EDC-A51F-69DA422C320F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EB6306C-2F6E-49A3-BFAE-BA6962501697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC6AAEF-22EE-449B-83A8-9BE0B84199EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36F69756-6304-489F-A287-65D0A9E81943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259."
},
{
"lang": "es",
"value": "Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (transici\u00f3n de modo defecto) a trav\u00e9s de paquetes HTTPS manipulados, una vulnerabilidad diferente a CVE-2014-2259."
}
],
"id": "CVE-2014-2258",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-24T14:20:39.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}