CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 0CVE-2018-13812
https://notcve.org/view.php?id=CVE-2018-13812
13 Dec 2018 — A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/M... • http://www.securityfocus.com/bid/105922 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-13813
https://notcve.org/view.php?id=CVE-2018-13813
13 Dec 2018 — A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/M... • http://www.securityfocus.com/bid/105922 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2018-13814
https://notcve.org/view.php?id=CVE-2018-13814
13 Dec 2018 — A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web ser... • http://www.securityfocus.com/bid/105931 • CWE-20: Improper Input Validation CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13799
https://notcve.org/view.php?id=CVE-2018-13799
12 Sep 2018 — A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow... • http://www.securityfocus.com/bid/105332 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-11453
https://notcve.org/view.php?id=CVE-2018-11453
07 Aug 2018 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to ins... • http://www.securityfocus.com/bid/105115 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0CVE-2018-11454
https://notcve.org/view.php?id=CVE-2018-11454
07 Aug 2018 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to man... • http://www.securityfocus.com/bid/105115 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2018-4832 – Siemens Security Advisory - SPPA-T3000 Code Execution
https://notcve.org/view.php?id=CVE-2018-4832
24 Apr 2018 — A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All vers... • http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4847
https://notcve.org/view.php?id=CVE-2018-4847
23 Apr 2018 — A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue. Se ha identificado una vulnerabilidad en SIMATIC WinCC OA Operator iOS App (todas las versiones anteriores a la V... • http://www.securityfocus.com/bid/103941 • CWE-311: Missing Encryption of Sensitive Data CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4844
https://notcve.org/view.php?id=CVE-2018-4844
20 Mar 2018 — A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks... • http://www.securityfocus.com/bid/103475 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 4.9EPSS: 2%CPEs: 3EXPL: 0CVE-2017-14023
https://notcve.org/view.php?id=CVE-2017-14023
06 Nov 2017 — An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. Se ha descubierto un problema de validación incorrecta de entradas en Siemens SIMATIC PCS 7 V8.1 en versiones anteriores a V8.1 SP... • http://www.securityfocus.com/bid/101680 • CWE-20: Improper Input Validation •