RCE in Siemens Simatic_pcs_7

CVE-2014-8551

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrar…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.058 (90.7th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic_pcs_7 — versions 7.1
Siemens Simatic_pcs7 — versions 7.1, 8.0, 8.1
Siemens Simatic_tiaportal — versions 13.0
Siemens Simatic_wincc — versions 7.0, 7.2, 7.3
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)