CVE-2014-4684

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC WinCC versions prior to 7.3

Description The issue allows remote authenticated users to gain privileges via a request to the TCP port 1433. It is related to errors that occur when processing a specially crafted command on the database server. This can be exploited by authorized users to elevate their privileges in the database.

Recommendations For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 1433 to minimize the risk of exploitation.