CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10916
https://notcve.org/view.php?id=CVE-2019-10916
14 May 2019 — A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All ve... • https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10917
https://notcve.org/view.php?id=CVE-2019-10917
14 May 2019 — A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All ve... • https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10918
https://notcve.org/view.php?id=CVE-2019-10918
14 May 2019 — A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All ve... • https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-11453
https://notcve.org/view.php?id=CVE-2018-11453
07 Aug 2018 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to ins... • http://www.securityfocus.com/bid/105115 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0CVE-2018-11454
https://notcve.org/view.php?id=CVE-2018-11454
07 Aug 2018 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to man... • http://www.securityfocus.com/bid/105115 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2017-6865
https://notcve.org/view.php?id=CVE-2017-6865
11 May 2017 — A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All version... • https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2822
https://notcve.org/view.php?id=CVE-2015-2822
08 Apr 2015 — Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC HMI Comfort Panels anterior a WinCC (TIA Portal) 13 SP1 Upd2 y SIMATIC WinCC Runtime Advanced anterior a WinCC (TIA Portal) 13 SP1 Upd2 permiten a atacantes man-in-the-middle causar una denegación de servicio a través de paquetes manipulados en el pu... • http://www.securityfocus.com/bid/74028 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2015-2823
https://notcve.org/view.php?id=CVE-2015-2823
08 Apr 2015 — Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers ... • http://www.securityfocus.com/bid/74040 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1358 – Siemens SIMATIC WinCC (TIA Portal) V13 Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1358
16 Feb 2015 — The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. El módulo de administración remota en la funcionalidad (1) Multi P... • http://www.securityfocus.com/bid/72625 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2014-8551
https://notcve.org/view.php?id=CVE-2014-8551
26 Nov 2014 — The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. El servidor WinCC en Siemens SIMATIC WinCC 7.0 hasta SP3, 7.2 anterior a la actualización 9, y 7.3 anterior a la actualización 2; SIMATIC PCS 7 7.1 hasta SP4, 8.0 hasta SP2, y 8.1; y TIA Portal 13 anterior a la actualización 6 permite a atacante... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •