CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2822
https://notcve.org/view.php?id=CVE-2015-2822
08 Apr 2015 — Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC HMI Comfort Panels anterior a WinCC (TIA Portal) 13 SP1 Upd2 y SIMATIC WinCC Runtime Advanced anterior a WinCC (TIA Portal) 13 SP1 Upd2 permiten a atacantes man-in-the-middle causar una denegación de servicio a través de paquetes manipulados en el pu... • http://www.securityfocus.com/bid/74028 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2015-2823
https://notcve.org/view.php?id=CVE-2015-2823
08 Apr 2015 — Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers ... • http://www.securityfocus.com/bid/74040 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1358 – Siemens SIMATIC WinCC (TIA Portal) V13 Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1358
16 Feb 2015 — The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. El módulo de administración remota en la funcionalidad (1) Multi P... • http://www.securityfocus.com/bid/72625 • CWE-310: Cryptographic Issues •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5231
https://notcve.org/view.php?id=CVE-2014-5231
14 Jan 2015 — The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. La aplicación Siemens SIMATIC WinCC Sm@rtClient anterior a 1.0.2 para iOS permite a atacantes físicamente próximos descubrir las credenciales del almacenamiento a través de vectores sin especificar • http://www.securitytracker.com/id/1031546 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5232
https://notcve.org/view.php?id=CVE-2014-5232
14 Jan 2015 — The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. La aplicación Siemens SIMATIC WinCC Sm@rtClient anterior a 1.0.2 para iOS permite a usuarios locales evadir el requerimiento de la contraseña de la aplicación mediante el aprovechamiento del funcionamiento de la aplicación en el estado de segundo plano. • http://www.securitytracker.com/id/1031546 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5233
https://notcve.org/view.php?id=CVE-2014-5233
14 Jan 2015 — The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism. La aplicación Siemens SIMATIC WinCC Sm@rtClient anterior a 1.0.2 para iOS permite a atacantes físicamente próximos descubrir las credenciales de Sm@rtServer mediante el aprovechamiento de un error en el mecanismo del procesamiento de credenciales. • http://www.securitytracker.com/id/1031546 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2014-8551
https://notcve.org/view.php?id=CVE-2014-8551
26 Nov 2014 — The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. El servidor WinCC en Siemens SIMATIC WinCC 7.0 hasta SP3, 7.2 anterior a la actualización 9, y 7.3 anterior a la actualización 2; SIMATIC PCS 7 7.1 hasta SP4, 8.0 hasta SP2, y 8.1; y TIA Portal 13 anterior a la actualización 6 permite a atacante... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2014-8552
https://notcve.org/view.php?id=CVE-2014-8552
26 Nov 2014 — The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. El servidor WinCC en Siemens SIMATIC WinCC 7.0 hasta SP3, 7.2 anterior a la actualización 9, y 7.3 anterior a la actualización 2; SIMATIC PCS 7 7.1 hasta SP4, 8.0 hasta SP2; y 8.1; y TIA Portal 13 anterior a la actualización 6 permite a atacantes ... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-4682 – Siemens SIMATIC WinCC Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4682
24 Jul 2014 — The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. El servidor WebNavigator en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a atacantes remotos obtener información sensible a través de una solicitud HTTP. Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded encryption key vulnerabilitie... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2014-4683 – Siemens SIMATIC WinCC Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4683
24 Jul 2014 — The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. El servidor WebNavigator en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a usuarios remotos autenticados ganar privilegios a través de una solicitud (1) HTTP o (2) HTTPS. Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf • CWE-264: Permissions, Privileges, and Access Controls •