Page 9 of 130 results (0.019 seconds)

CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2014-4684 – Siemens SIMATIC WinCC Privilege Escalation

https://notcve.org/view.php?id=CVE-2014-4684

24 Jul 2014 — The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. El servidor de la base de datos en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a usuarios remotos autenticados ganar privilegios a través de una solicitud en el puerto TCP 1433. Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded ... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2014-4685 – Siemens SIMATIC WinCC Privilege Escalation

https://notcve.org/view.php?id=CVE-2014-4685

24 Jul 2014 — Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a usuarios locales ganar privilegios mediante el aprovechamiento de controles débiles del acceso a objetos de sistema. Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded encryption key vulnerabilities. • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

CVE-2014-4686 – Siemens SIMATIC WinCC Privilege Escalation

https://notcve.org/view.php?id=CVE-2014-4686

24 Jul 2014 — The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. La aplicación de administración del proyecto en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, tiene una clave de codificación embebida,... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf •

CVSS: 7.5EPSS: 94%CPEs: 54EXPL: 84

CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2014-0160

07 Apr 2014 — The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo qu... • https://packetstorm.news/files/id/180746 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-1696

https://notcve.org/view.php?id=CVE-2014-1696

07 Feb 2014 — Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. Siemens SIMATIC WinCC OA anterior a 3.12 P002 January usa un algoritmo hash débil para las contraseñas, lo que hace más fácil para atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01 • CWE-310: Cryptographic Issues •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0

CVE-2014-1697

https://notcve.org/view.php?id=CVE-2014-1697

07 Feb 2014 — The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. El servidor Web integrado en Siemens SIMATIC WinCC OA anterior a 3.12 P002 January permite a atacantes remotos ejecutar código arbitrario a través de paquetes manipulados hacia el puerto TCP 4999. • http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-1698

https://notcve.org/view.php?id=CVE-2014-1698

07 Feb 2014 — Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. Vulnerabilidad de salto de directorio en Siemens SIMATIC WinCC OA anterior a 3.12 P002 January permite a atacantes remotos leer archivos arbitrarios a través de paquetes manipulados hacia el puerto TCP 4999. • http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2014-1699

https://notcve.org/view.php?id=CVE-2014-1699

07 Feb 2014 — Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. Siemens SIMATIC WinCC OA anterior a 3.12 P002 January permite a atacantes remotos causar una denegación de servicio (interrupción del servicio de monitorización) a través de peticiones HTTP malformadas hacia el puerto TCP 4999. • http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01 • CWE-399: Resource Management Errors •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-4911 – Siemens WinCC (TIA Portal) CSRF / URL Redirection

https://notcve.org/view.php?id=CVE-2013-4911

31 Jul 2013 — Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Vulnerabilidad CSRF en Siemens WinCC (TIA Portal) 11 y 12 anterior a 12 SP1, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar aprovechando una configuración incorrecta de los paneles SIMATIC HMI del producto WinCC. Sie... • http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-4912 – Siemens WinCC (TIA Portal) CSRF / URL Redirection

https://notcve.org/view.php?id=CVE-2013-4912

31 Jul 2013 — Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Vulnerabilidad de redirección en Siemens WinCC (TIA Portal) 11 y 12 anterior a 12 SP1, permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing aprovechando una configuración inapropiada del panel S... • http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html • CWE-20: Improper Input Validation •