CVSS: 6.9EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7165
https://notcve.org/view.php?id=CVE-2016-7165
15 Nov 2016 — A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (... • http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 6%CPEs: 9EXPL: 0CVE-2016-5743
https://notcve.org/view.php?id=CVE-2016-5743
22 Jul 2016 — Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. Siemens SIMATIC WinCC en versiones anteriores a 7.3 Update 10 y... • http://www.securityfocus.com/bid/92112 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5744
https://notcve.org/view.php?id=CVE-2016-5744
22 Jul 2016 — Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. Siemens SIMATIC WinCC 7.0 hasta la versión SP3 y 7.2 permite a atacantes remotos leer archivos de la estación WinCC arbitrarios a través de paquetes manipulados. • http://www.securityfocus.com/bid/92116 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2014-8551
https://notcve.org/view.php?id=CVE-2014-8551
26 Nov 2014 — The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. El servidor WinCC en Siemens SIMATIC WinCC 7.0 hasta SP3, 7.2 anterior a la actualización 9, y 7.3 anterior a la actualización 2; SIMATIC PCS 7 7.1 hasta SP4, 8.0 hasta SP2, y 8.1; y TIA Portal 13 anterior a la actualización 6 permite a atacante... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2014-8552
https://notcve.org/view.php?id=CVE-2014-8552
26 Nov 2014 — The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. El servidor WinCC en Siemens SIMATIC WinCC 7.0 hasta SP3, 7.2 anterior a la actualización 9, y 7.3 anterior a la actualización 2; SIMATIC PCS 7 7.1 hasta SP4, 8.0 hasta SP2; y 8.1; y TIA Portal 13 anterior a la actualización 6 permite a atacantes ... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2010-2772
https://notcve.org/view.php?id=CVE-2010-2772
22 Jul 2010 — Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. Siemens Simatic WinCC y sistemas PCS 7 SCADA utiliza una contraseña no modificable en el código, lo cual permite a usuarios locales acceder a una base de datos interna (back-end) y obtener privilegios, como se demuestra en julio de 2010 por el gusano Stux... • http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01 • CWE-798: Use of Hard-coded Credentials •