CVSS: 6.9EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7165
https://notcve.org/view.php?id=CVE-2016-7165
15 Nov 2016 — A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (... • http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 6%CPEs: 9EXPL: 0CVE-2016-5743
https://notcve.org/view.php?id=CVE-2016-5743
22 Jul 2016 — Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. Siemens SIMATIC WinCC en versiones anteriores a 7.3 Update 10 y... • http://www.securityfocus.com/bid/92112 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2010-2772
https://notcve.org/view.php?id=CVE-2010-2772
22 Jul 2010 — Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. Siemens Simatic WinCC y sistemas PCS 7 SCADA utiliza una contraseña no modificable en el código, lo cual permite a usuarios locales acceder a una base de datos interna (back-end) y obtener privilegios, como se demuestra en julio de 2010 por el gusano Stux... • http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01 • CWE-798: Use of Hard-coded Credentials •