CVSS: 7.8EPSS: 0%CPEs: 54EXPL: 0CVE-2021-40363
https://notcve.org/view.php?id=CVE-2021-40363
09 Feb 2022 — A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the... • https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf • CWE-312: Cleartext Storage of Sensitive Information CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 8.8EPSS: 0%CPEs: 53EXPL: 0CVE-2021-40360
https://notcve.org/view.php?id=CVE-2021-40360
09 Feb 2022 — A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via... • https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-40364
https://notcve.org/view.php?id=CVE-2021-40364
09 Nov 2021 — A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An a... • https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.7EPSS: 0%CPEs: 39EXPL: 0CVE-2021-40359
https://notcve.org/view.php?id=CVE-2021-40359
09 Nov 2021 — A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 6), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All ver... • https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 48EXPL: 0CVE-2021-40358
https://notcve.org/view.php?id=CVE-2021-40358
09 Nov 2021 — A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected system... • https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-40142
https://notcve.org/view.php?id=CVE-2021-40142
27 Aug 2021 — In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. En OPC Foundation Local Discovery Server (LDS) versiones anteriores a 1.04.402.463, unos atacantes remotos pueden causar una denegación de servicio (DoS) mediante el envío de mensajes cuidadosamente diseñados que conllevan a el Acceso a una Ubicación de Memoria Después del Final de un... • https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 155EXPL: 0CVE-2021-27385
https://notcve.org/view.php?id=CVE-2021-27385
12 May 2021 — A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP90... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 155EXPL: 0CVE-2021-27386
https://notcve.org/view.php?id=CVE-2021-27386
12 May 2021 — A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP90... • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2021-25660
https://notcve.org/view.php?id=CVE-2021-25660
12 May 2021 — A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP90... • https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-788: Access of Memory Location After End of Buffer •
CVSS: 7.5EPSS: 0%CPEs: 139EXPL: 0CVE-2021-25661
https://notcve.org/view.php?id=CVE-2021-25661
12 May 2021 — A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP90... • https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf • CWE-788: Access of Memory Location After End of Buffer •