Description
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102810
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90933
Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56651
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65351
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01
Scores
EPSS
0.0451
EPSS Percentile
89.3%
Details
Status
published
Products (1)
siemens/simatic_wincc_open_architecture
< 3.12
Published
Feb 07, 2014
Tracked Since
Feb 18, 2026