CVE-2014-2909

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC S7-1200 CPU devices versions 2.x through 3.x

Description The issue concerns a CRLF injection vulnerability in the integrated web server of the affected devices. This vulnerability allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. It enables an attacker to embed an HTML header in the device's web server.

Recommendations For versions 2.x through 3.x, update the software to a version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the integrated web server to minimize the risk of exploitation.