CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2019-10929
https://notcve.org/view.php?id=CVE-2019-10929
13 Aug 2019 — A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 ... • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 0CVE-2019-10935
https://notcve.org/view.php?id=CVE-2019-10935
11 Jul 2019 — A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATI... • https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10916
https://notcve.org/view.php?id=CVE-2019-10916
14 May 2019 — A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All ve... • https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10917
https://notcve.org/view.php?id=CVE-2019-10917
14 May 2019 — A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All ve... • https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10918
https://notcve.org/view.php?id=CVE-2019-10918
14 May 2019 — A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All ve... • https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-10922
https://notcve.org/view.php?id=CVE-2019-10922
14 May 2019 — A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction... • http://www.securityfocus.com/bid/108398 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2018-4832 – Siemens Security Advisory - SPPA-T3000 Code Execution
https://notcve.org/view.php?id=CVE-2018-4832
24 Apr 2018 — A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All vers... • http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 2%CPEs: 3EXPL: 0CVE-2017-14023
https://notcve.org/view.php?id=CVE-2017-14023
06 Nov 2017 — An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. Se ha descubierto un problema de validación incorrecta de entradas en Siemens SIMATIC PCS 7 V8.1 en versiones anteriores a V8.1 SP... • http://www.securityfocus.com/bid/101680 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2017-6867
https://notcve.org/view.php?id=CVE-2017-6867
11 May 2017 — A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface. Se detectó una vulnerabilidad en SIMATIC WinCC (versión V7.3 anterior a Upd 11 y versión V7.... • http://www.securityfocus.com/bid/98368 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9160
https://notcve.org/view.php?id=CVE-2016-9160
17 Dec 2016 — A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. Una vulnerabilidad en SIEMENS SIMATIC WinCC (Todas las versions < SIMATIC WinCC V7.2) y SIEMENS SIMATIC PCS 7 (Todas las versiones < SIMATIC PCS 7 V8.0 SP1) podría permitir a un atacante r... • http://www.securityfocus.com/bid/94825 • CWE-111: Direct Use of Unsafe JNI CWE-254: 7PK - Security Features •