400 matches found
CVE-2022-43513
A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...
PT-2023-1360 · Unknown · Telecontrol Server Basic V3 +2
Name of the Vulnerable Software and Affected Versions: Automation License Manager V5 All versions Automation License Manager V6 All versions prior to V6.0 SP9 Upd4 TeleControl Server Basic V3 All versions prior to V3.1.2 Description: The issue is related to a path traversal vulnerability. It may...
Siemens Industrial Products with OPC UA
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET PC, SITOP Manager, TeleControl Server Basic Vulnerability: Null Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...
Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)
1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...
CVE-2019-6575
CVE-2019-6575 affects Siemens industrial products using OPC UA, including SIMATIC CP443-1 OPC UA, ET 200 Open Controller CPU 1515SP PC2, HMI Outdoor Panels (7"/15"), HMI Comfort Panels (4"–22"), KTP Mobile Panels, IPC DiagMonitor, NET PC Software, RF188C, RF600R, S7‑1500 family, WinCC OA/Runtime,...
PT-2019-2034 · Siemens · Simatic Hmi Comfort Outdoor Panels 7" & 15" +16
Name of the Vulnerable Software and Affected Versions: SIMATIC CP 443-1 OPC UA versions prior to the fixed version SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V2.7 SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions prior to V15.1 Upd 4 SIMATIC HMI Comfort Panels 4" - 22"...
Siemens Industrial Products with OPC UA (Update H)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
Siemens TeleControl Server Basic Elevation of Privilege Vulnerability
Siemens TeleControl Server Basic is a remote control system for Siemens equipment from Siemens, Germany. A security vulnerability exists in Siemens TeleControl Server Basic versions prior to 3.1. An attacker could use this vulnerability to elevate privileges and perform administrative operations...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...
Race condition
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
Design/Logic Flaw
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4837
The connected sources confirm CVE-2018-4837 affects Siemens TeleControl Server Basic versions prior to 3.1, where a vulnerability in the webserver (ports 80/443) can cause a Denial-of-Service without affecting other functionality. The ICSA advisory reiterates this as a DoS risk via the webserver,...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...