Release date:
Updated on:
Affected Systems:
Siemens SINEMA Server <12 SP1
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-2733
Siemens SINEMA Server is a SIMATIC network manager that can monitor, quickly, and accurately diagnose wired and wireless industrial Ethernet networks.
A security vulnerability exists in the implementation of Siemens SINEMA Server 12 SP1. Remote attackers can exploit this vulnerability to cause Web interface faults by sending specially crafted HTTP requests to ports 4999 or 80, this causes a denial of service.
<* Source: Siemens
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.automation.siemens.com/WW/llisapi.dll? Func = cslib. csinfo & lang = de & objid = 74758725 & caller = view
Announcement:
Http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf
This article permanently updates the link address: