Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2014-4685
HistoryJul 24, 2014 - 2:55 p.m.

CVE-2014-4685

2014-07-2414:55:08
CWE-264
[email protected]
web.nvd.nist.gov
7

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

5.1%

JSON

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.

Affected configurations

Nvd
Node
siemenssimatic_pcs7Range8.0sp1
OR
siemenssimatic_pcs7Match7.1sp3
OR
siemenssimatic_pcs7Match8.0
OR
siemenswinccRange7.2
OR
siemenswinccMatch5.0
OR
siemenswinccMatch5.0sp1
OR
siemenswinccMatch6.0
OR
siemenswinccMatch6.0sp2
OR
siemenswinccMatch6.0sp3
OR
siemenswinccMatch6.0sp4
OR
siemenswinccMatch7.0
OR
siemenswinccMatch7.0sp1
OR
siemenswinccMatch7.0sp2
OR
siemenswinccMatch7.0sp3
OR
siemenswinccMatch7.1
OR
siemenswinccMatch7.1sp1
VendorProductVersionCPE
siemenssimatic_pcs7*cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*
siemenssimatic_pcs77.1cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*
siemenssimatic_pcs78.0cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*
siemenswincc*cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*
siemenswincc5.0cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*
siemenswincc5.0cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*
siemenswincc6.0cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*
Rows per page:
1-10 of 161

Related

ptsecurity 1
prion 1
cve 1
cvelist 1
threatpost 1
ics 1
kaspersky 1
ptsecurity
ptsecurity
PT-2014-15: Privilege Gaining in Siemens SIMATIC WinCC
2014-03-19 00:00:00
prion
prion
Improper access control
2014-07-24 14:55:00
cve
cve
CVE-2014-4685
2014-07-24 14:55:08
cvelist
cvelist
CVE-2014-4685
2014-07-24 14:00:00
threatpost
threatpost
Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7
2014-10-07 14:49:31
ics
ics
Siemens SIMATIC WinCC Vulnerabilities (Update A)
2018-09-06 12:00:00
kaspersky
kaspersky
KLA10393 LPE & OSI vulnerabilities in Siemens Simatic WinCC
2014-07-23 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

5.1%

JSON
Related for NVD:CVE-2014-4685
ptsecurity1prion1cve1cvelist1threatpost1ics1kaspersky1