CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46141
https://notcve.org/view.php?id=CVE-2022-46141
12 Dec 2023 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application. Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Portal) (todas las versiones < V19). Una vulnerabilidad de divulgación de información podría permitir a un ataca... • https://cert-portal.siemens.com/productcert/pdf/ssa-887801.pdf • CWE-312: Cleartext Storage of Sensitive Information CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25910
https://notcve.org/view.php?id=CVE-2023-25910
13 Jun 2023 — A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded... • https://cert-portal.siemens.com/productcert/html/ssa-968170.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2021-42029
https://notcve.org/view.php?id=CVE-2021-42029
12 Apr 2022 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Port... • https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2020-7581
https://notcve.org/view.php?id=CVE-2020-7581
14 Jul 2020 — A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16... • https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf • CWE-428: Unquoted Search Path or Element •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 0CVE-2020-7587
https://notcve.org/view.php?id=CVE-2020-7587
14 Jul 2020 — A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal)... • https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2020-7588
https://notcve.org/view.php?id=CVE-2020-7588
14 Jul 2020 — A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal)... • https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-7586
https://notcve.org/view.php?id=CVE-2020-7586
10 Jun 2020 — A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful ex... • https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-7585
https://notcve.org/view.php?id=CVE-2020-7585
10 Jun 2020 — A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful ex... • https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.2EPSS: 0%CPEs: 44EXPL: 0CVE-2020-7580
https://notcve.org/view.php?id=CVE-2020-7580
10 Jun 2020 — A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 S... • https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf • CWE-428: Unquoted Search Path or Element •
CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2019-10929
https://notcve.org/view.php?id=CVE-2019-10929
13 Aug 2019 — A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 ... • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •