CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35783
https://notcve.org/view.php?id=CVE-2024-35783
A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges. • https://cert-portal.siemens.com/productcert/html/ssa-629254.html • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45147
https://notcve.org/view.php?id=CVE-2022-45147
A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. Se ha identificado una vulnerabilidad en SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC STEP 7 V16 (todas las versiones), SIMATIC STEP 7 V17 (todas las versiones), SIMATIC STEP 7 V18 (todas las versiones < V18 Update 2). Las aplicaciones afectadas no restringen adecuadamente .NET BinaryFormatter al deserializar la entrada controlable por el usuario. • https://cert-portal.siemens.com/productcert/html/ssa-825651.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-28829
https://notcve.org/view.php?id=CVE-2023-28829
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents. • https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf • CWE-477: Use of Obsolete Function •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25910
https://notcve.org/view.php?id=CVE-2023-25910
A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server. Se ha identificado una vulnerabilidad en SIMATIC PCS 7 (todas las versiones < V9.1 SP2 UC04), SIMATIC S7-PM (todas las versiones), SIMATIC STEP 7 V5 (todas las versiones < V5.7). El producto afectado contiene un sistema de gestión de bases de datos que podría permitir a usuarios remotos con pocos privilegios utilizar funciones integradas de la base de datos (local o en un recurso compartido de red) que tienen impacto en el servidor. Un atacante con acceso a la red del servidor podría aprovechar estas funciones integradas para ejecutar código con privilegios elevados en el servidor del sistema de administración de bases de datos. • https://cert-portal.siemens.com/productcert/html/ssa-968170.html https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-24287
https://notcve.org/view.php?id=CVE-2022-24287
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode. Se ha identificado una vulnerabilidad en SIMATIC PCS 7 V9.0 y anteriores (Todas las versiones), SIMATIC PCS 7 V9.1 (Todas las versiones anteriores V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 y anteriores (Todas las versiones), SIMATIC WinCC Runtime Professional V17 (Todas las versiones anteriores V17 Upd4), SIMATIC WinCC V7.4 y anteriores (Todas las versiones), SIMATIC WinCC V7.5 (Todas las versiones anteriores V7.5 SP2 Update 8). Un atacante autenticado podría escapar del modo quiosco de WinCC abriendo el cuadro de diálogo de la impresora en la aplicación afectada en caso de que no haya ninguna impresora instalada • https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf • CWE-1188: Initialization of a Resource with an Insecure Default •