NotCVE - vendor:"Siemens" product:"Simatic Wincc Open Architecture" version:" <= 3.12"

6 results (0.005 seconds)

CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0

CVE-2019-10929

https://notcve.org/view.php?id=CVE-2019-10929

13 Aug 2019 — A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 ... • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-13799

https://notcve.org/view.php?id=CVE-2018-13799

12 Sep 2018 — A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow... • http://www.securityfocus.com/bid/105332 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-1696

https://notcve.org/view.php?id=CVE-2014-1696

07 Feb 2014 — Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. Siemens SIMATIC WinCC OA anterior a 3.12 P002 January usa un algoritmo hash débil para las contraseñas, lo que hace más fácil para atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01 • CWE-310: Cryptographic Issues •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0

CVE-2014-1697

https://notcve.org/view.php?id=CVE-2014-1697

07 Feb 2014 — The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. El servidor Web integrado en Siemens SIMATIC WinCC OA anterior a 3.12 P002 January permite a atacantes remotos ejecutar código arbitrario a través de paquetes manipulados hacia el puerto TCP 4999. • http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-1698

https://notcve.org/view.php?id=CVE-2014-1698

07 Feb 2014 — Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. Vulnerabilidad de salto de directorio en Siemens SIMATIC WinCC OA anterior a 3.12 P002 January permite a atacantes remotos leer archivos arbitrarios a través de paquetes manipulados hacia el puerto TCP 4999. • http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2014-1699

https://notcve.org/view.php?id=CVE-2014-1699

07 Feb 2014 — Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. Siemens SIMATIC WinCC OA anterior a 3.12 P002 January permite a atacantes remotos causar una denegación de servicio (interrupción del servicio de monitorización) a través de peticiones HTTP malformadas hacia el puerto TCP 4999. • http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01 • CWE-399: Resource Management Errors •