CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-4686

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.9%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2014-4686

Siemens » Simatic Pcs7 » Version: 7.1

cpe:2.3:a:siemens:simatic_pcs7:7.1
Siemens » Simatic Pcs7 » Version: 8.0

cpe:2.3:a:siemens:simatic_pcs7:8.0
Siemens » Wincc » Version: 5.0

cpe:2.3:a:siemens:wincc:5.0
Siemens » Wincc » Version: 6.0

cpe:2.3:a:siemens:wincc:6.0
Siemens » Wincc » Version: 7.0

cpe:2.3:a:siemens:wincc:7.0
Siemens » Wincc » Version: 7.1

cpe:2.3:a:siemens:wincc:7.1
Siemens » Wincc » Version: 7.2

cpe:2.3:a:siemens:wincc:7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-4686

Products

Pricing

Contact Us