CVE-2014-4682

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC WinCC versions prior to 7.3

Description The issue is related to an error that occurs when processing a specially crafted HTTP packet, allowing an unauthenticated attacker to gain access to confidential information by sending a specially crafted HTTP request to ports 80/tcp and 443/tcp. This can be achieved through the WebNavigator server, which allows remote attackers to obtain sensitive information via an HTTP request.

Recommendations For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to ports 80/tcp and 443/tcp to minimize the risk of exploitation.