Siemens SIMATIC WinCC and PCS7 Database Server Remote Privilege Escalation Vulnerability
BID:68880
Info
Siemens SIMATIC WinCC and PCS7 Database Server Remote Privilege Escalation Vulnerability
| Bugtraq ID: | 68880 |
| Class: | Design Error |
| CVE: |
CVE-2014-4684 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 23 2014 12:00AM |
| Updated: | Oct 08 2014 06:59AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Siemens SIMATIC WinCC 6.2 |
| Not Vulnerable: | |
Discussion
Siemens SIMATIC WinCC and PCS7 Database Server Remote Privilege Escalation Vulnerability
SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability.
Remote attackers can exploit this issue to gain elevated privileges and perform unauthorized actions.
SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability.
Remote attackers can exploit this issue to gain elevated privileges and perform unauthorized actions.
Exploit / POC
Siemens SIMATIC WinCC and PCS7 Database Server Remote Privilege Escalation Vulnerability
Attackers can use standard, readily available tools to exploit this issue.
Attackers can use standard, readily available tools to exploit this issue.
Solution / Fix
Siemens SIMATIC WinCC and PCS7 Database Server Remote Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Siemens SIMATIC WinCC and PCS7 Database Server Remote Privilege Escalation Vulnerability
References:
References:
- SIMATIC WinCC Homepage (Siemens)