Details of VAR-201404-0443

ID

VAR-201404-0443

CVE

CVE-2014-2909

TITLE

Siemens SIMATIC S7-1200 CPU Device integration Web On the server CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002263

DESCRIPTION

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. Since some unknown input is not properly filtered before being used to display the HTTP header, the attacker can use the HTTP header of the vulnerability to send the response to the user. Siemens SIMATIC S7-1200 is prone to an HTTP-response-splitting vulnerability because it fails to properly sanitize user-supplied input. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. SIMATIC S7-1200 2.x and 3.x versions are vulnerable. Siemens SIMATIC S7-1200 is a programmable logic controller (PLC) used in small and medium-sized automation systems of Siemens, Germany

Trust: 3.06

sources: NVD: CVE-2014-2909 // JVNDB: JVNDB-2014-002263 // CNVD: CNVD-2014-02657 // BID: 67061 // IVD: 9adb594e-1edb-11e6-abef-000c29c66e3d // IVD: 7d7d5300-463f-11e9-89f7-000c29342cb1 // IVD: 0bedc55c-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-70848

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 9adb594e-1edb-11e6-abef-000c29c66e3d // IVD: 7d7d5300-463f-11e9-89f7-000c29342cb1 // IVD: 0bedc55c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02657

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7 cpu 1200	scope:	eq	version:	2.0	Trust: 1.6
vendor:	siemens	model:	simatic s7 cpu 1200	scope:	eq	version:	3.0	Trust: 1.6
vendor:	siemens	model:	simatic s7 cpu 1200	scope:	eq	version:	3.0.2	Trust: 1.6
vendor:	siemens	model:	simatic s7 cpu 1215c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1217c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1212c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu-1211c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7 cpu 1214c	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu	scope:	eq	version:	2.x	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 cpu	scope:	eq	version:	3.x	Trust: 0.8
vendor:	simatic s7 cpu 1200	model:	-	scope:	eq	version:	2.0	Trust: 0.6
vendor:	simatic s7 cpu 1200	model:	-	scope:	eq	version:	3.0	Trust: 0.6
vendor:	simatic s7 cpu 1200	model:	-	scope:	eq	version:	3.0.2	Trust: 0.6
vendor:	simatic s7 cpu 1211c	model:	-	scope:	eq	version:	-	Trust: 0.6
vendor:	simatic s7 cpu 1212c	model:	-	scope:	eq	version:	-	Trust: 0.6
vendor:	simatic s7 cpu 1214c	model:	-	scope:	eq	version:	-	Trust: 0.6
vendor:	simatic s7 cpu 1215c	model:	-	scope:	eq	version:	-	Trust: 0.6
vendor:	simatic s7 cpu 1217c	model:	-	scope:	eq	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.x	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.x	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.0.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	3.0	Trust: 0.3
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	siemens	model:	simatic s7-1200	scope:	ne	version:	4.0	Trust: 0.3

sources: IVD: 9adb594e-1edb-11e6-abef-000c29c66e3d // IVD: 7d7d5300-463f-11e9-89f7-000c29342cb1 // IVD: 0bedc55c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02657 // BID: 67061 // JVNDB: JVNDB-2014-002263 // CNNVD: CNNVD-201404-506 // NVD: CVE-2014-2909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2909
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2909
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02657
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-506
value:	MEDIUM
Trust: 0.6
IVD:	9adb594e-1edb-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	7d7d5300-463f-11e9-89f7-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	0bedc55c-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-70848
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2909
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-02657
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	9adb594e-1edb-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d7d5300-463f-11e9-89f7-000c29342cb1
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	0bedc55c-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70848
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 9adb594e-1edb-11e6-abef-000c29c66e3d // IVD: 7d7d5300-463f-11e9-89f7-000c29342cb1 // IVD: 0bedc55c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02657 // VULHUB: VHN-70848 // JVNDB: JVNDB-2014-002263 // CNNVD: CNNVD-201404-506 // NVD: CVE-2014-2909

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-70848 // JVNDB: JVNDB-2014-002263 // NVD: CVE-2014-2909

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-506

TYPE

Code injection

Trust: 1.2

sources: IVD: 9adb594e-1edb-11e6-abef-000c29c66e3d // IVD: 7d7d5300-463f-11e9-89f7-000c29342cb1 // IVD: 0bedc55c-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-506

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002263

PATCH

title:	SSA-892012	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf	Trust: 0.8
title:	Siemens SIMATIC S7-1200 HTTP Header Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/45196	Trust: 0.6

sources: CNVD: CNVD-2014-02657 // JVNDB: JVNDB-2014-002263

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2909	Trust: 4.0
db:	ICS CERT	id:	ICSA-14-114-02	Trust: 2.8
db:	SIEMENS	id:	SSA-892012	Trust: 2.0
db:	CNNVD	id:	CNNVD-201404-506	Trust: 1.3
db:	CNVD	id:	CNVD-2014-02657	Trust: 1.2
db:	BID	id:	67061	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002263	Trust: 0.8
db:	SECUNIA	id:	58173	Trust: 0.6
db:	OSVDB	id:	106256	Trust: 0.6
db:	IVD	id:	9ADB594E-1EDB-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D7D5300-463F-11E9-89F7-000C29342CB1	Trust: 0.2
db:	IVD	id:	0BEDC55C-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70848	Trust: 0.1

sources: IVD: 9adb594e-1edb-11e6-abef-000c29c66e3d // IVD: 7d7d5300-463f-11e9-89f7-000c29342cb1 // IVD: 0bedc55c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02657 // VULHUB: VHN-70848 // BID: 67061 // JVNDB: JVNDB-2014-002263 // CNNVD: CNNVD-201404-506 // NVD: CVE-2014-2909

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-114-02	Trust: 2.8
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2909	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2909	Trust: 0.8
url:	http://secunia.com/advisories/58173/	Trust: 0.6
url:	http://osvdb.com/show/osvdb/106256	Trust: 0.6
url:	http://support.automation.siemens.com/ww/view/en/86567043	Trust: 0.3
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2014-02657 // VULHUB: VHN-70848 // BID: 67061 // JVNDB: JVNDB-2014-002263 // CNNVD: CNNVD-201404-506 // NVD: CVE-2014-2909

CREDITS

Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training

Trust: 0.3

sources: BID: 67061

SOURCES

db:	IVD	id:	9adb594e-1edb-11e6-abef-000c29c66e3d
db:	IVD	id:	7d7d5300-463f-11e9-89f7-000c29342cb1
db:	IVD	id:	0bedc55c-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-02657
db:	VULHUB	id:	VHN-70848
db:	BID	id:	67061
db:	JVNDB	id:	JVNDB-2014-002263
db:	CNNVD	id:	CNNVD-201404-506
db:	NVD	id:	CVE-2014-2909

LAST UPDATE DATE

2025-04-13T23:26:55.174000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02657	date:	2014-04-28T00:00:00
db:	VULHUB	id:	VHN-70848	date:	2020-02-10T00:00:00
db:	BID	id:	67061	date:	2014-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-002263	date:	2014-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201404-506	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2014-2909	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	9adb594e-1edb-11e6-abef-000c29c66e3d	date:	2014-04-28T00:00:00
db:	IVD	id:	7d7d5300-463f-11e9-89f7-000c29342cb1	date:	2014-04-28T00:00:00
db:	IVD	id:	0bedc55c-2352-11e6-abef-000c29c66e3d	date:	2014-04-28T00:00:00
db:	CNVD	id:	CNVD-2014-02657	date:	2014-04-28T00:00:00
db:	VULHUB	id:	VHN-70848	date:	2014-04-25T00:00:00
db:	BID	id:	67061	date:	2014-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2014-002263	date:	2014-04-28T00:00:00
db:	CNNVD	id:	CNNVD-201404-506	date:	2014-04-28T00:00:00
db:	NVD	id:	CVE-2014-2909	date:	2014-04-25T05:12:07.863