First published: Thu Jul 24 2014(Updated: )
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SIMATIC PCS 7 | <=8.0 | |
Siemens SIMATIC PCS 7 | =7.1-sp3 | |
Siemens SIMATIC PCS 7 | =8.0 | |
Siemens WinCC | <=7.2 | |
Siemens WinCC | =5.0 | |
Siemens WinCC | =5.0-sp1 | |
Siemens WinCC | =6.0 | |
Siemens WinCC | =6.0-sp2 | |
Siemens WinCC | =6.0-sp3 | |
Siemens WinCC | =6.0-sp4 | |
Siemens WinCC | =7.0 | |
Siemens WinCC | =7.0-sp1 | |
Siemens WinCC | =7.0-sp2 | |
Siemens WinCC | =7.0-sp3 | |
Siemens WinCC | =7.1 | |
Siemens WinCC | =7.1-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-4683 is rated as a high-severity vulnerability due to its potential for privilege escalation by authenticated users.
To mitigate CVE-2014-4683, ensure that you are using Siemens SIMATIC WinCC version 7.3 or later as the software has addressed this vulnerability.
CVE-2014-4683 affects users of Siemens SIMATIC WinCC versions prior to 7.3 and specific versions of PCS7.
CVE-2014-4683 can be exploited through both HTTP and HTTPS requests from remote authenticated users.
Exploitation of CVE-2014-4683 could allow unauthorized privilege escalation, potentially leading to unauthorized access to system functions.