16 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC HMI Comfort Panels anterior a WinCC (TIA Portal) 13 SP1 Upd2 y SIMATIC WinCC Runtime Advanced anterior a WinCC (TIA Portal) 13 SP1 Upd2 permiten a atacantes man-in-the-middle causar una denegación de servicio a través de paquetes manipulados en el puerto TCP 102. • http://www.securityfocus.com/bid/74028 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. Siemens SIMATIC HMI Basic Panels 2nd Generation anterior a WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels anterior a WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced anterior a WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional anterior a WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), y SIMATIC WinCC 7.x anterior a 7.3 Upd4 permiten a atacantes remotos completar la autenticación mediante el aprovechamiento de conocimiento de un hash de contraseñas sin conocer la contraseña asociada. • http://www.securityfocus.com/bid/74040 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Vulnerabilidad CSRF en Siemens WinCC (TIA Portal) 11 y 12 anterior a 12 SP1, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar aprovechando una configuración incorrecta de los paneles SIMATIC HMI del producto WinCC. • http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html http://secunia.com/advisories/54051 http://secunia.com/advisories/54252 http://www.securityfocus.com/bid/61536 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/86099 https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Vulnerabilidad de redirección en Siemens WinCC (TIA Portal) 11 y 12 anterior a 12 SP1, permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing aprovechando una configuración inapropiada del panel SIMANTIC HMI del producto WinCC. • http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html http://secunia.com/advisories/54051 http://secunia.com/advisories/54252 http://www.securityfocus.com/bid/61535 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/86100 https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el servidor web HMI en Siemens WinCC flexible v2004, v2005, v2007 y v2008 antes de SP3, WinCC V11 (también conocido como TIA Portal) antes de SP2 Update 1, el TP, OP, MP, Comfort Panels, y los paneles de Mobile Panels SIMATIC HMI, WinCC V11 Runtime Advanced, y WinCC flexible Runtime, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4511. • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •