Release date:
Updated on:
Affected Systems:
Siemens SINEMA Server <12 SP1
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-2731
Siemens SINEMA Server is a SIMATIC network manager that can monitor, quickly, and accurately diagnose wired and wireless industrial Ethernet networks.
Multiple security vulnerabilities exist in Siemens SINEMA Server versions earlier than 12 SP1. Remote attackers can exploit this vulnerability to execute arbitrary code by sending specially crafted HTTP requests to ports 4999 or 80.
<* Source: Siemens
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.automation.siemens.com/WW/llisapi.dll? Func = cslib. csinfo & lang = de & objid = 74758725 & caller = view
Announcement:
Http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf
This article permanently updates the link address: