Page 5 of 31 results (0.016 seconds)

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

CVE-2012-3030

https://notcve.org/view.php?id=CVE-2012-3030

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. WebNavigator en Siemens WinCC v7.0 SP3 y anteriores, como las usadas en SIMATIC PCS7 y otros productos, almacena información sensible bajo l directorio web raiz con un control de acceso no suficiente, lo que permite a atacantes remotos a leer (1) ficheros de registro o (2) ficheros de configuración a través de una petición directa. • http://en.securitylab.ru/lab/PT-2012-43 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2012-3031

https://notcve.org/view.php?id=CVE-2012-3031

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Web Navigator en Siemens WinCC v7.0 SP3 y versiones anteriores, tal y como se usan en SIMATIC PCS v7 y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro (1) GET, (2) POST, o (3) una cabecera HTTP Referer. • http://en.securitylab.ru/lab/PT-2012-42 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2012-3032

https://notcve.org/view.php?id=CVE-2012-3032

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. Vulnerabilidad de inyección SQL en Siemens WinCC v7.0 SP3 y anteriores, como se usa en SIMATIC PCS7 y otros productos, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un mensaje SOAP modificado. • http://en.securitylab.ru/lab/PT-2012-44 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2012-3034

https://notcve.org/view.php?id=CVE-2012-3034

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. WebNavigator en Siemens WinCC v7.0 SP3 y anteriores, como se usa en SIMATIC PCS7 y otros productos, permite a atacantes remotos descubrir un nombre de usuario y contraseña a través de parámetros modificados en métodos no especificados de controles ActiveX • http://en.securitylab.ru/lab/PT-2012-45 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.5EPSS: 2%CPEs: 16EXPL: 2

CVE-2011-4879 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4879

miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. miniweb.exe del servidor web HMI de Siemens WinCC flexible 2004, 2005, 2007 y 2008 anteriores a SP3; WinCC V11 (portal TIA) anteriores a SP2 Update 1; los TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime no manejan apropiadamente URIs que comienzan con un caracter 0xfa, lo que permite a atacantes remotos leer localizaciones de memoria arbitrarias o provocar una denegación de servicio (caída de la aplicación) a través de una petición POST. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77384 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf https • CWE-20: Improper Input Validation •