Details of VAR-201403-0315

ID

VAR-201403-0315

CVE

CVE-2014-2254

TITLE

Siemens SIMATIC S7-1200 CPU PLC Service disruption on devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-001771

DESCRIPTION

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255. The SIMATIC S7-1200 is a programmable controller for simple but highly precise automation tasks. Siemens SIMATIC S7-1200 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SIMATIC S7-1200 4.0 are vulnerable. Siemens SIMATIC S7-1200 CPU PLC is a programmable logic controller (PLC) used in small and medium-sized automation systems developed by Siemens in Germany

Trust: 2.88

sources: NVD: CVE-2014-2254 // JVNDB: JVNDB-2014-001771 // CNVD: CNVD-2014-01912 // BID: 66349 // IVD: 214bded4-2352-11e6-abef-000c29c66e3d // IVD: c2d58544-1ee2-11e6-abef-000c29c66e3d // VULHUB: VHN-70193

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 214bded4-2352-11e6-abef-000c29c66e3d // IVD: c2d58544-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01912

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7 cpu 1200	scope:	eq	version:	3.0	Trust: 1.6
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.x	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1200	scope:	lte	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1215c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1217c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1212c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu-1211c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1214c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu	scope:	lt	version:	4.0	Trust: 0.8
vendor:	siemens	model:	simatic s7 cpu 1200	scope:	eq	version:	3.0.2	Trust: 0.6

sources: IVD: 214bded4-2352-11e6-abef-000c29c66e3d // IVD: c2d58544-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01912 // JVNDB: JVNDB-2014-001771 // CNNVD: CNNVD-201403-417 // NVD: CVE-2014-2254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2254
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2254
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01912
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-417
value:	HIGH
Trust: 0.6
IVD:	214bded4-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	c2d58544-1ee2-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-70193
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2254
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01912
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	214bded4-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	c2d58544-1ee2-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70193
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 214bded4-2352-11e6-abef-000c29c66e3d // IVD: c2d58544-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01912 // VULHUB: VHN-70193 // JVNDB: JVNDB-2014-001771 // CNNVD: CNNVD-201403-417 // NVD: CVE-2014-2254

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-70193 // JVNDB: JVNDB-2014-001771 // NVD: CVE-2014-2254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-417

TYPE

Resource management error

Trust: 1.0

sources: IVD: 214bded4-2352-11e6-abef-000c29c66e3d // IVD: c2d58544-1ee2-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201403-417

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001771

PATCH

title:	SSA-654382	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC S7-1200 Denial of Service Vulnerability (CNVD-2014-01912)	url:	https://www.cnvd.org.cn/patchInfo/show/72675	Trust: 0.6

sources: CNVD: CNVD-2014-01912 // JVNDB: JVNDB-2014-001771

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2254	Trust: 3.8
db:	ICS CERT	id:	ICSA-14-079-02	Trust: 2.5
db:	SIEMENS	id:	SSA-654382	Trust: 1.7
db:	CNNVD	id:	CNNVD-201403-417	Trust: 1.1
db:	CNVD	id:	CNVD-2014-01912	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001771	Trust: 0.8
db:	SECUNIA	id:	57441	Trust: 0.6
db:	BID	id:	66349	Trust: 0.4
db:	IVD	id:	214BDED4-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	C2D58544-1EE2-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70193	Trust: 0.1

sources: IVD: 214bded4-2352-11e6-abef-000c29c66e3d // IVD: c2d58544-1ee2-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01912 // VULHUB: VHN-70193 // BID: 66349 // JVNDB: JVNDB-2014-001771 // CNNVD: CNNVD-201403-417 // NVD: CVE-2014-2254

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-079-02	Trust: 2.5
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2254	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2254	Trust: 0.8
url:	http://secunia.com/advisories/57441/	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2014-01912 // VULHUB: VHN-70193 // BID: 66349 // JVNDB: JVNDB-2014-001771 // CNNVD: CNNVD-201403-417 // NVD: CVE-2014-2254

CREDITS

Lucian Cojocar and Jonas Zaddach of EURECOM

Trust: 0.3

sources: BID: 66349

SOURCES

db:	IVD	id:	214bded4-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	c2d58544-1ee2-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-01912
db:	VULHUB	id:	VHN-70193
db:	BID	id:	66349
db:	JVNDB	id:	JVNDB-2014-001771
db:	CNNVD	id:	CNNVD-201403-417
db:	NVD	id:	CVE-2014-2254

LAST UPDATE DATE

2025-04-13T23:14:52.727000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01912	date:	2016-03-15T00:00:00
db:	VULHUB	id:	VHN-70193	date:	2020-02-10T00:00:00
db:	BID	id:	66349	date:	2014-04-02T01:16:00
db:	JVNDB	id:	JVNDB-2014-001771	date:	2014-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201403-417	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2014-2254	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	214bded4-2352-11e6-abef-000c29c66e3d	date:	2014-03-24T00:00:00
db:	IVD	id:	c2d58544-1ee2-11e6-abef-000c29c66e3d	date:	2014-03-24T00:00:00
db:	CNVD	id:	CNVD-2014-01912	date:	2014-03-24T00:00:00
db:	VULHUB	id:	VHN-70193	date:	2014-03-24T00:00:00
db:	BID	id:	66349	date:	2014-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-001771	date:	2014-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201403-417	date:	2014-03-25T00:00:00
db:	NVD	id:	CVE-2014-2254	date:	2014-03-24T14:20:39.590