CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35783
https://notcve.org/view.php?id=CVE-2024-35783
10 Sep 2024 — A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinC... • https://cert-portal.siemens.com/productcert/html/ssa-629254.html • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-46280
https://notcve.org/view.php?id=CVE-2023-46280
14 May 2024 — A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions),... • https://cert-portal.siemens.com/productcert/html/ssa-962515.html • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48364
https://notcve.org/view.php?id=CVE-2023-48364
13 Feb 2024 — A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure... • https://cert-portal.siemens.com/productcert/html/ssa-753746.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-48363
https://notcve.org/view.php?id=CVE-2023-48363
13 Feb 2024 — A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure... • https://cert-portal.siemens.com/productcert/html/ssa-753746.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 223EXPL: 0CVE-2022-30694
https://notcve.org/view.php?id=CVE-2022-30694
08 Nov 2022 — The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. El endpoint de inicio de sesión /FormLogin en los servicios web afectados no aplica la verificación de origen adecuada. Esto podría permitir a atacantes remotos autenticados rastrear las actividades de otros usuarios mediante un ataque de Cross-Site Request Forgery (CSRF). • https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •