CVE-2014-5415

{"id": "CVE-2014-5415", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2016-10-05T10:59:01.280", "references": [{"url": "http://www.securityfocus.com/bid/93349", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/93349", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-749"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."}, {"lang": "es", "value": "Im\u00e1genes Beckhoff Embedded PC en versiones anteriores a 22-10-2014 y componentes Automation Device Specification (ADS) TwinCAT podr\u00edan permitir a atacantes remotos obtener acceso a trav\u00e9s de (1) Windows CE Remote Configuration Tool, (2) servicio CE Remote Display o (3) servicio TELNET."}], "lastModified": "2025-11-05T00:15:33.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:beckhoff:embedded_pc_images:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27BB7F09-2369-4C2A-9CDB-6469E59EF7E5"}, {"criteria": "cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0324B77D-8923-4C9B-8F06-535FBC758AF7"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}