CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-11453
https://notcve.org/view.php?id=CVE-2018-11453
07 Aug 2018 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to ins... • http://www.securityfocus.com/bid/105115 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0CVE-2018-11454
https://notcve.org/view.php?id=CVE-2018-11454
07 Aug 2018 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to man... • http://www.securityfocus.com/bid/105115 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2822
https://notcve.org/view.php?id=CVE-2015-2822
08 Apr 2015 — Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC HMI Comfort Panels anterior a WinCC (TIA Portal) 13 SP1 Upd2 y SIMATIC WinCC Runtime Advanced anterior a WinCC (TIA Portal) 13 SP1 Upd2 permiten a atacantes man-in-the-middle causar una denegación de servicio a través de paquetes manipulados en el pu... • http://www.securityfocus.com/bid/74028 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2015-2823
https://notcve.org/view.php?id=CVE-2015-2823
08 Apr 2015 — Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers ... • http://www.securityfocus.com/bid/74040 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4911 – Siemens WinCC (TIA Portal) CSRF / URL Redirection
https://notcve.org/view.php?id=CVE-2013-4911
31 Jul 2013 — Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Vulnerabilidad CSRF en Siemens WinCC (TIA Portal) 11 y 12 anterior a 12 SP1, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar aprovechando una configuración incorrecta de los paneles SIMATIC HMI del producto WinCC. Sie... • http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4912 – Siemens WinCC (TIA Portal) CSRF / URL Redirection
https://notcve.org/view.php?id=CVE-2013-4912
31 Jul 2013 — Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Vulnerabilidad de redirección en Siemens WinCC (TIA Portal) 11 y 12 anterior a 12 SP1, permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing aprovechando una configuración inapropiada del panel S... • http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4515
https://notcve.org/view.php?id=CVE-2011-4515
21 Mar 2013 — Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. Siemens WinCC (Portal TIA) 11 utiliza un algoritmo reversible para el almacenamiento de contraseñas de aplicaciones HMI Web en archivos legibles por todo el mundo escritura global, lo que permite a usuarios locales obtener información sensible media... • http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0667
https://notcve.org/view.php?id=CVE-2013-0667
21 Mar 2013 — Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la aplicación web HMI en Siemens WinCC (TIA Portal) v11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URL malicioso. • http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0668
https://notcve.org/view.php?id=CVE-2013-0668
21 Mar 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la aplicación web HMI en Siemens WinCC (TIA Portal) v11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL modificada. • http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0669
https://notcve.org/view.php?id=CVE-2013-0669
21 Mar 2013 — The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. La aplicación web HMI en Siemens WinCC (TIA Portal) v11 permite a usuarios remotos autenticados a provocar una denegación de servicio (caída del demonio) a través de una solicitud HTTP manipulada. • http://ics-cert.us-cert.gov/pdf/ICSA-13-079-03.pdf • CWE-20: Improper Input Validation •