CVE-2014-2731 : Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote at

Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.

Published 2014-04-19 19:55:08

Updated 2014-04-21 19:28:09

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2014-2731

Probability of exploitation activity in the next 30 days: 1.50%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-2731

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2014-2731

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Vendor Advisory

CVEs referencing this url
http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01

Siemens SINEMA Vulnerabilities | CISA
US Government Resource

CVEs referencing this url

Products affected by CVE-2014-2731

Siemens » Sinema Server »
Versions up to, including, (<=) 12.0
cpe:2.3:a:siemens:sinema_server:*:-:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-2731

Exploit prediction scoring system (EPSS) score for CVE-2014-2731

CVSS scores for CVE-2014-2731

References for CVE-2014-2731

Products affected by CVE-2014-2731