Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2014-4683
HistoryJul 24, 2014 - 2:55 p.m.

CVE-2014-4683

2014-07-2414:55:08
CWE-264
mitre
web.nvd.nist.gov
27
siemens
simatic
wincc
webnavigator
server
remote
authenticated
privileges
cve-2014-4683
nvd

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

49.2%

JSON

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.

Affected configurations

Nvd
Node
siemenssimatic_pcs7Range8.0sp1
OR
siemenssimatic_pcs7Match7.1sp3
OR
siemenssimatic_pcs7Match8.0
OR
siemenswinccRange7.2
OR
siemenswinccMatch5.0
OR
siemenswinccMatch5.0sp1
OR
siemenswinccMatch6.0
OR
siemenswinccMatch6.0sp2
OR
siemenswinccMatch6.0sp3
OR
siemenswinccMatch6.0sp4
OR
siemenswinccMatch7.0
OR
siemenswinccMatch7.0sp1
OR
siemenswinccMatch7.0sp2
OR
siemenswinccMatch7.0sp3
OR
siemenswinccMatch7.1
OR
siemenswinccMatch7.1sp1
VendorProductVersionCPE
siemenssimatic_pcs7*cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*
siemenssimatic_pcs77.1cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*
siemenssimatic_pcs78.0cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*
siemenswincc*cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*
siemenswincc5.0cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*
siemenswincc5.0cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*
Rows per page:
1-10 of 161

Related

ptsecurity 1
prion 1
cvelist 1
nvd 1
threatpost 1
ics 1
kaspersky 1
ptsecurity
ptsecurity
PT-2014-13: Privilege Gaining in Siemens SIMATIC WinCC
2012-12-23 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-07-24 14:55:00
cvelist
cvelist
CVE-2014-4683
2014-07-24 14:00:00
nvd
nvd
CVE-2014-4683
2014-07-24 14:55:08
threatpost
threatpost
Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7
2014-10-07 14:49:31
ics
ics
Siemens SIMATIC WinCC Vulnerabilities (Update A)
2018-09-06 12:00:00
kaspersky
kaspersky
KLA10393 LPE & OSI vulnerabilities in Siemens Simatic WinCC
2014-07-23 00:00:00

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

49.2%

JSON
Related for CVE-2014-4683
ptsecurity1prion1cvelist1nvd1threatpost1ics1kaspersky1