CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0670
https://notcve.org/view.php?id=CVE-2013-0670
21 Mar 2013 — CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Vulnerabilidad de inyección CRLF en la aplicación web HMI en Siemens WinCC (TIA Portal) 11 que permite a atacantes remotos inyectar cabeceras HTTP (splitting attacks) y llevar a cabo respuestas HTTP a través de URL modificada. • http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0669
https://notcve.org/view.php?id=CVE-2013-0669
21 Mar 2013 — The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. La aplicación web HMI en Siemens WinCC (TIA Portal) v11 permite a usuarios remotos autenticados a provocar una denegación de servicio (caída del demonio) a través de una solicitud HTTP manipulada. • http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0668
https://notcve.org/view.php?id=CVE-2013-0668
21 Mar 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la aplicación web HMI en Siemens WinCC (TIA Portal) v11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL modificada. • http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4508
https://notcve.org/view.php?id=CVE-2011-4508
03 Feb 2012 — The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. El servidor web HMI de Siemens WinCC flexible v2004, v2005, v2007 y v2008 antes de SP3, WinCC V11 (también c... • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4510
https://notcve.org/view.php?id=CVE-2011-4510
03 Feb 2012 — Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el se... • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4511
https://notcve.org/view.php?id=CVE-2011-4511
03 Feb 2012 — Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. Existe una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) e... • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4512
https://notcve.org/view.php?id=CVE-2011-4512
03 Feb 2012 — CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en el servidor web HMI de Siemens WinCC flexible 2004, 2005, 200... • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 28%CPEs: 16EXPL: 2CVE-2011-4878 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4878
03 Feb 2012 — Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. Vulnerabilidad de salto de directorio en miniweb.exe de servidor web HMI de Siemens WinCC flexible 2004, 2005, 20... • https://www.exploit-db.com/exploits/18166 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 39%CPEs: 16EXPL: 2CVE-2011-4879 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4879
03 Feb 2012 — miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. miniweb.exe del servidor ... • https://www.exploit-db.com/exploits/18166 • CWE-20: Improper Input Validation •