CVE-2014-2909
SIMATIC S7-1200 CPU Firmware 2.x-3.x - HTTP Header Injection via CRLF
Title source: llmDescription
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
References (3)
Core 3
Core References
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02
Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf
Scores
EPSS
0.0084
EPSS Percentile
74.9%
Details
CWE
CWE-94
Status
published
Products (8)
siemens/simatic_s7_cpu-1211c
siemens/simatic_s7_cpu_1200_firmware
2.0
siemens/simatic_s7_cpu_1200_firmware
3.0
siemens/simatic_s7_cpu_1200_firmware
3.0.2
siemens/simatic_s7_cpu_1212c
siemens/simatic_s7_cpu_1214c
siemens/simatic_s7_cpu_1215c
siemens/simatic_s7_cpu_1217c
Published
Apr 25, 2014
Tracked Since
Feb 18, 2026