fkie_nvd - fkie_cve-2014-4682

fkie_cve-2014-4682

Vulnerability from fkie_nvd

Published

2014-07-24 14:55

Modified

2025-04-12 10:46

Severity ?

Summary

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.

References

▶	URL	Tags
	cve@mitre.org	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	simatic_pcs7	*
siemens	simatic_pcs7	7.1
siemens	simatic_pcs7	8.0
siemens	wincc	*
siemens	wincc	5.0
siemens	wincc	5.0
siemens	wincc	6.0
siemens	wincc	6.0
siemens	wincc	6.0
siemens	wincc	6.0
siemens	wincc	7.0
siemens	wincc	7.0
siemens	wincc	7.0
siemens	wincc	7.0
siemens	wincc	7.1
siemens	wincc	7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
              "versionEndIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
              "versionEndIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request."
    },
    {
      "lang": "es",
      "value": "El servidor WebNavigator en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud HTTP."
    }
  ],
  "id": "CVE-2014-4682",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-07-24T14:55:08.020",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-4682 (GCVE-0-2014-4682)

Vulnerability from cvelistv5

Published

2014-07-24 14:00

Modified

2024-08-06 11:27

Severity ?

CWE

Summary

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.

References

►

URL

Tags

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf

x_refsource_CONFIRM