CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30897
https://notcve.org/view.php?id=CVE-2023-30897
13 Jun 2023 — A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2018-4832 – Siemens Security Advisory - SPPA-T3000 Code Execution
https://notcve.org/view.php?id=CVE-2018-4832
24 Apr 2018 — A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All vers... • http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-12069
https://notcve.org/view.php?id=CVE-2017-12069
30 Aug 2017 — An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system t... • http://www.securityfocus.com/bid/100559 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.9EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7165
https://notcve.org/view.php?id=CVE-2016-7165
15 Nov 2016 — A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (... • http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5744
https://notcve.org/view.php?id=CVE-2016-5744
22 Jul 2016 — Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. Siemens SIMATIC WinCC 7.0 hasta la versión SP3 y 7.2 permite a atacantes remotos leer archivos de la estación WinCC arbitrarios a través de paquetes manipulados. • http://www.securityfocus.com/bid/92116 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2822
https://notcve.org/view.php?id=CVE-2015-2822
08 Apr 2015 — Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC HMI Comfort Panels anterior a WinCC (TIA Portal) 13 SP1 Upd2 y SIMATIC WinCC Runtime Advanced anterior a WinCC (TIA Portal) 13 SP1 Upd2 permiten a atacantes man-in-the-middle causar una denegación de servicio a través de paquetes manipulados en el pu... • http://www.securityfocus.com/bid/74028 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2015-2823
https://notcve.org/view.php?id=CVE-2015-2823
08 Apr 2015 — Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers ... • http://www.securityfocus.com/bid/74040 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2014-8551
https://notcve.org/view.php?id=CVE-2014-8551
26 Nov 2014 — The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. El servidor WinCC en Siemens SIMATIC WinCC 7.0 hasta SP3, 7.2 anterior a la actualización 9, y 7.3 anterior a la actualización 2; SIMATIC PCS 7 7.1 hasta SP4, 8.0 hasta SP2, y 8.1; y TIA Portal 13 anterior a la actualización 6 permite a atacante... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2014-8552
https://notcve.org/view.php?id=CVE-2014-8552
26 Nov 2014 — The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. El servidor WinCC en Siemens SIMATIC WinCC 7.0 hasta SP3, 7.2 anterior a la actualización 9, y 7.3 anterior a la actualización 2; SIMATIC PCS 7 7.1 hasta SP4, 8.0 hasta SP2; y 8.1; y TIA Portal 13 anterior a la actualización 6 permite a atacantes ... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-4682 – Siemens SIMATIC WinCC Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-4682
24 Jul 2014 — The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. El servidor WebNavigator en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a atacantes remotos obtener información sensible a través de una solicitud HTTP. Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded encryption key vulnerabilitie... • http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •