Release date:
Updated on:
Affected Systems:
Siemens SIMATIC WinCC Open Architecture <3.12 P002 January
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65351
CVE (CAN) ID: CVE-2014-1697
Siemens SIMATIC WinCC is a SCADA and HMI system for monitoring control and data collection.
The integration Web server of siemens simatic WinCC OA 3.12 P002 and earlier versions has a security vulnerability in implementation. This vulnerability allows remote attackers to send specially crafted data packets to TCP port 4999 and execute arbitrary code.
<* Source: Gleb Gritsai
Link: http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.siemens.com/corporate-technology/pool/
Http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf