CVE-2014-1698

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC WinCC OA versions prior to 3.12 P002 January

Description The issue allows remote attackers to bypass the file system of the server in the context of the current user without authentication by sending specially crafted TCP packets. This is a directory traversal vulnerability that can be exploited to read arbitrary files via crafted packets to TCP port 4999.

Recommendations For versions prior to 3.12 P002 January, update to version 3.12 P002 January or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 4999 to minimize the risk of exploitation.