Siemens SIMATIC Panels and WinCC (TIA Portal)

🗓️ 09 Apr 2019 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics

ics🔗 www.cisa.gov👁 60 Views

Siemens SIMATIC Panels and WinCC (TIA Portal) vulnerabilities affecting HMI Panel

Reporter	Title	Published	Views	Family All 44
Tenable Nessus	Siemens SIMATIC HMI Panels and TIA Portal <= v15.1 Update 1 Hardcoded Credentials (ICSA-19-134-09)	31 Jul 201900:00	–	nessus
Tenable Nessus	Siemens SIMATIC HMI Panels and TIA Portal <= v15.1 Update 1 Insufficiently Protected Credentials (ICSA-19-134-09)	31 Jul 201900:00	–	nessus
Tenable Nessus	Siemens SIMATIC HMI Panels and TIA Portal <= v15.1 Update 1 XSS (ICSA-19-134-09)	31 Jul 201900:00	–	nessus
Tenable Nessus	Siemens Simatic Improper Input Validation	8 Nov 201900:00	–	nessus
Tenable Nessus	Siemens Industrial Products with OPC UA Uncaught Exception (CVE-2019-6575)	7 Feb 202200:00	–	nessus
BDU FSTEC	Siemens’ software vulnerabilities, related to insufficient validation of input data, allow attackers to trigger service failures.	16 May 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Siemens Simatic device software, related to errors in permission management, allows a perpetrator to gain access to read and write SNMP data.	31 May 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of SIMATIC device software, related to errors in cryptography usage, allow attackers to obtain the TLS session key.	31 May 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of integrated web servers of SIMATIC devices stems from insufficient protection of the web page structure, allowing attackers to compromise the confidentiality and integrity of the protected information.	31 May 201900:00	–	bdu_fstec
CNVD	Siemens Industrial Products with OPC UA Denial of Service Vulnerability	10 Apr 201900:00	–	cnvd

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-307392.json
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-307392.txt
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-134-09.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-19-134-09
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

09 Apr 2019 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 27.8

CVSS 3.17.5 - 9.1

CVSS 37.5

EPSS0.01124

SSVC

siemens simatic panels wincc tia portal hard-coded credentials insufficient protection cross-site scripting update web interface restriction