Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2014-2909
HistoryApr 25, 2014 - 5:12 a.m.

CVE-2014-2909

2014-04-2505:12:07
CWE-94
[email protected]
web.nvd.nist.gov
1

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

77.7%

JSON

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

Affected configurations

Nvd
Node
siemenssimatic_s7_cpu_1200_firmwareMatch2.0
OR
siemenssimatic_s7_cpu_1200_firmwareMatch3.0
OR
siemenssimatic_s7_cpu_1200_firmwareMatch3.0.2
AND
siemenssimatic_s7_cpu-1211cMatch-
OR
siemenssimatic_s7_cpu_1212cMatch-
OR
siemenssimatic_s7_cpu_1214cMatch-
OR
siemenssimatic_s7_cpu_1215cMatch-
OR
siemenssimatic_s7_cpu_1217cMatch-
VendorProductVersionCPE
siemenssimatic_s7_cpu_1200_firmware2.0cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:2.0:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1200_firmware3.0cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1200_firmware3.0.2cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:3.0.2:*:*:*:*:*:*:*
siemenssimatic_s7_cpu-1211c-cpe:2.3:h:siemens:simatic_s7_cpu-1211c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1212c-cpe:2.3:h:siemens:simatic_s7_cpu_1212c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1214c-cpe:2.3:h:siemens:simatic_s7_cpu_1214c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1215c-cpe:2.3:h:siemens:simatic_s7_cpu_1215c:-:*:*:*:*:*:*:*
siemenssimatic_s7_cpu_1217c-cpe:2.3:h:siemens:simatic_s7_cpu_1217c:-:*:*:*:*:*:*:*

Related

prion 1
nessus 2
cvelist 1
cve 1
ics 1
prion
prion
Crlf injection
2014-04-25 05:12:00
nessus
nessus
Siemens SIMATIC S7-1200 HTTP Response Splitting (CVE-2014-2909)
2022-02-07 00:00:00
Siemens Simatic Improper Control of Generation of Code ('Code Injection')
2019-11-08 00:00:00
cvelist
cvelist
CVE-2014-2909
2014-04-25 01:00:00
cve
cve
CVE-2014-2909
2014-04-25 05:12:07
ics
ics
Siemens SIMATIC S7-1200 CPU Web Vulnerabilities
2018-09-06 12:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

77.7%

JSON
Related for NVD:CVE-2014-2909
prion1nessus2cvelist1cve1ics1