CVSS: 7.3EPSS: 0%CPEs: 34EXPL: 0CVE-2024-52051
https://notcve.org/view.php?id=CVE-2024-52051
10 Dec 2024 — A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unif... • https://cert-portal.siemens.com/productcert/html/ssa-392859.html • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 40EXPL: 0CVE-2024-49849
https://notcve.org/view.php?id=CVE-2024-49849
10 Dec 2024 — A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMAT... • https://cert-portal.siemens.com/productcert/html/ssa-800126.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2023-32736
https://notcve.org/view.php?id=CVE-2023-32736
12 Nov 2024 — A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC... • https://cert-portal.siemens.com/productcert/html/ssa-871035.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32737
https://notcve.org/view.php?id=CVE-2023-32737
09 Jul 2024 — A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. Se ha identificado una vulnerabilidad en SIMATIC STEP 7 Sa... • https://cert-portal.siemens.com/productcert/html/ssa-313039.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45147
https://notcve.org/view.php?id=CVE-2022-45147
09 Jul 2024 — A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.co... • https://cert-portal.siemens.com/productcert/html/ssa-825651.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46141
https://notcve.org/view.php?id=CVE-2022-46141
12 Dec 2023 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application. Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Portal) (todas las versiones < V19). Una vulnerabilidad de divulgación de información podría permitir a un ataca... • https://cert-portal.siemens.com/productcert/pdf/ssa-887801.pdf • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25910
https://notcve.org/view.php?id=CVE-2023-25910
13 Jun 2023 — A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded... • https://cert-portal.siemens.com/productcert/html/ssa-968170.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2021-42029
https://notcve.org/view.php?id=CVE-2021-42029
12 Apr 2022 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Port... • https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-37172
https://notcve.org/view.php?id=CVE-2021-37172
10 Aug 2021 — A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device. • https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2021-31894
https://notcve.org/view.php?id=CVE-2021-31894
13 Jul 2021 — A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate paramet... • https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •