PT-2014-1179 · Siemens · Simatic S7-1200 Cpu

Published

2014-04-24

Updated

2020-02-10

CVE-2014-2909

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC S7-1200 CPU devices versions 2.x through 3.x

Description The issue concerns a CRLF injection vulnerability in the integrated web server of the affected devices. This vulnerability allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. It enables an attacker to embed an HTML header in the device's web server.

Recommendations For versions 2.x through 3.x, update the software to a version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the integrated web server to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-113CWE-94

Related Identifiers

BDU:2014-00325

CVE-2014-2909

Affected Products

Simatic S7-1200 Cpu

PT-2014-1179 · Siemens · Simatic S7-1200 Cpu

CVE-2014-2909

Weakness Enumeration

Related Identifiers

Affected Products

References · 7