Lucene search
K

40 matches found

CVE
CVE
added 2020/03/10 7:16 p.m.59 views

CVE-2019-19282

CVE-2019-19282 describes an incorrect calculation of buffer size (CWE-131) that allows a remote attacker to cause a denial-of-service on Siemens industrial software when encrypted communication is enabled. Exploitation requires network access and no privileges/UI. Affected products span OpenPCS 7...

7.5CVSS7.2AI score0.01311EPSS
Exploits0References1Affected Software6
ICS
ICS
added 2019/10/10 12:0 p.m.68 views

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...

6.9CVSS7AI score0.00378EPSS
Exploits0References55
Positive Technologies
Positive Technologies
added 2019/04/09 12:0 a.m.5 views

PT-2019-2034 · Siemens · Simatic Hmi Comfort Outdoor Panels 7" & 15" +16

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 443-1 OPC UA versions prior to the fixed version SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V2.7 SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions prior to V15.1 Upd 4 SIMATIC HMI Comfort Panels 4" - 22"...

7.8CVSS7.5AI score0.01633EPSS
Exploits0References3
Kitploit
Kitploit
added 2018/03/17 8:9 p.m.45 views

CBM - Car Backdoor Maker

A hardware-backdoor for CAN bus - by @UnaPibaGeek & @holesec For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a...

7.8AI score
Exploits0References1
CNVD
CNVD
added 2017/09/27 12:0 a.m.3 views

Eaton ELCSoft Out-of-Bounds Write Remote Code Execution Vulnerability

The Eaton ELCSoft programmable logic control software runs on a PC and can help configure the ELC controller. An out-of-bounds write remote code execution vulnerability exists in Eaton ELCSoft Device Comment Range Parsing, which results in a lack of proper validation of user-supplied data, leadin...

8.6AI score
Exploits0References1
NVD
NVD
added 2017/08/30 7:29 p.m.43 views

CVE-2017-12069

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...

8.2CVSS8.1AI score0.02904EPSS
Exploits0References4
CVE
CVE
added 2017/08/30 7:0 p.m.113 views

CVE-2017-12069

Summary: CVE-2017-12069 is an XXE vulnerability in the OPC UA Discovery Server handling of XML, affecting Siemens products using the OPC UA Stack (e.g., SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, SIMATIC NET PC Software, and IT Production Suite). Root cause: Improper restri...

8.2CVSS8AI score0.02904EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2017/08/30 7:0 p.m.40 views

CVE-2017-12069

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...

8.1AI score0.02904EPSS
Exploits0References4
NVD
NVD
added 2017/08/29 1:35 a.m.14 views

CVE-2017-10812

Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

9.3CVSS7.8AI score0.0108EPSS
Exploits0References1
CVE
CVE
added 2017/08/28 8:0 p.m.50 views

CVE-2017-10812

CVE-2017-10812 corresponds to an untrusted search path vulnerability in Photo Collection PC Software (NTT DOCOMO) versions ≤ 4.0.2. The underlying issue is insecure DLL/executable search paths (CWE-427) that allow a local attacker to execute arbitrary code with the privileges of the user invoking...

9.3CVSS7.7AI score0.0108EPSS
Exploits0References1Affected Software1
n0where
n0where
added 2017/06/05 8:14 p.m.33 views

Car Backdoor Maker: CBM

Car Backdoor Maker For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a configuration interface that allows users ...

3.7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2016/11/10 12:57 p.m.16 views

Siemens Discloses Local Privilege Escalation Bug in SCADA Gear

German engineering giant Siemens is warning operators of a local privilege escalation vulnerability that leaves more than a dozen models of its SCADA equipment open to attack. Some of the issues have been patched, or in other cases, Siemens has provided a workaround. The vulnerability was disclos...

1.2AI score
Exploits0References5
CNVD
CNVD
added 2016/07/25 12:0 a.m.3 views

Siemens SIMATIC NET PCSoftware Denial of Service Vulnerability

SIMATIC NET is an open and multifaceted communication system provided by Siemens at the industrial control level. A denial of service vulnerability exists in Siemens SIMATIC NET PCSoftware. An attacker can exploit the vulnerability by sending specially crafted packets to ports...

7.5CVSS6.8AI score0.03528EPSS
Exploits0References1
OSV
OSV
added 2016/07/22 3:59 p.m.2 views

CVE-2016-5874

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service OPC UA service outage via crafted TCP packets...

7.5CVSS5.8AI score0.03528EPSS
Exploits0References3
NVD
NVD
added 2016/07/22 3:59 p.m.13 views

CVE-2016-5874

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service OPC UA service outage via crafted TCP packets...

7.5CVSS7.4AI score0.03528EPSS
Exploits0References3
Prion
Prion
added 2016/07/22 3:59 p.m.16 views

Code injection

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service OPC UA service outage via crafted TCP packets...

5CVSS7.1AI score0.03528EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/07/22 3:0 p.m.46 views

CVE-2016-5874

The vulnerability CVE-2016-5874 affects Siemens SIMATIC NET PC-Software prior to version 13 SP2. The underlying issue is a denial-of-service condition caused by specially crafted TCP packets sent to specific OPC-UA-related ports (55101–55105, 4845, 4847–4850). Successful exploitation can cause an...

7.5CVSS7.3AI score0.03528EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/07/22 3:0 p.m.22 views

CVE-2016-5874

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service OPC UA service outage via crafted TCP packets...

7.4AI score0.03528EPSS
Exploits0References3
ICS
ICS
added 2016/04/29 6:0 a.m.63 views

Siemens SIMATIC NET PC-Software Denial-of-Service Vulnerability

OVERVIEW Siemens has identified a denial-of-service vulnerability in SIMATIC NET PC-Software. Vladimir Dashchenko and Sergey Temnikov from Kaspersky Labs reported this issue directly to Siemens. Siemens has produced a new version to mitigate this vulnerability. This vulnerability could be exploit...

7.5CVSS7.6AI score0.03528EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2007/11/07 12:0 a.m.27 views

HP OpenView Client Configuration Manager Default Credentials

The remote host is running HP OpenView Client Configuration Manager OVCCM, a PC software configuration management application. The remote installation of OVCCM is configured to use default credentials to control access. Knowing these, an attacker can gain control of the affected application...

5.6AI score
Exploits0
Rows per page
Query Builder