CVE-2014-2733 : Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via craf

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.

Published 2014-04-19 19:55:08

Updated 2014-04-21 19:31:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2014-2733

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-2733

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2014-2733

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-2733

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Vendor Advisory

CVEs referencing this url
http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01

Siemens SINEMA Vulnerabilities | CISA
US Government Resource

CVEs referencing this url

Products affected by CVE-2014-2733

Siemens » Sinema Server »
Versions up to, including, (<=) 12.0
cpe:2.3:a:siemens:sinema_server:*:-:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-2733

Exploit prediction scoring system (EPSS) score for CVE-2014-2733

CVSS scores for CVE-2014-2733

CWE ids for CVE-2014-2733

References for CVE-2014-2733

Products affected by CVE-2014-2733