FKIE_CVE-2014-5415

Vulnerability from fkie_nvd - Published: 2016-10-05 10:59 - Updated: 2025-11-05 00:15
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
References
ics-cert@hq.dhs.govhttp://www.securityfocus.com/bid/93349
ics-cert@hq.dhs.govhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf
ics-cert@hq.dhs.govhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf
ics-cert@hq.dhs.govhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf
ics-cert@hq.dhs.govhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93349
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
beckhoff embedded_pc_images -
beckhoff twincat -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:beckhoff:embedded_pc_images:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27BB7F09-2369-4C2A-9CDB-6469E59EF7E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0324B77D-8923-4C9B-8F06-535FBC758AF7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."
    },
    {
      "lang": "es",
      "value": "Im\u00e1genes Beckhoff Embedded PC en versiones anteriores a 22-10-2014 y componentes Automation Device Specification (ADS) TwinCAT podr\u00edan permitir a atacantes remotos obtener acceso a trav\u00e9s de (1) Windows CE Remote Configuration Tool, (2) servicio CE Remote Display o (3) servicio TELNET."
    }
  ],
  "id": "CVE-2014-5415",
  "lastModified": "2025-11-05T00:15:33.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 9.4,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2016-10-05T10:59:01.280",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securityfocus.com/bid/93349"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-749"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.