Release date:
Updated on:
Affected Systems:
Siemens SIMATIC S7-1200 3.x
Siemens SIMATIC S7-1200 2.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-2909
The SIMATIC S7-1200 is a programmable controller that enables simple but highly precise automation tasks.
The integration Web server on Siemens SIMATIC S7-1200 CPU device 2.x and 3.x has the CRLF Injection Vulnerability. Remote attackers can exploit this vulnerability to inject arbitrary HTTP headers.
<* Source: Ralf w.neberg
Henderson Rik Schwartke
Maik Br ü ggann
Link: http://secunia.com/community/advisories/58173
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf