CVE-2019-19282

A vulnerability has been identified in OpenPCS 7 V8.1 All versions, OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd3, SIMATIC BATCH V8.1 All versions, SIMATIC BATCH V8.2 All versions V8.2 Upd12, SIMATIC BATCH V9.0 All versions V9.0 SP1 Upd5, SIMATIC NET PC Software V14 All...

CVE-2019-19282

CVE-2019-19282 describes an incorrect calculation of buffer size (CWE-131) that allows a remote attacker to cause a denial-of-service on Siemens industrial software when encrypted communication is enabled. Exploitation requires network access and no privileges/UI. Affected products span OpenPCS 7...

CVE-2019-19282

A vulnerability has been identified in OpenPCS 7 V8.1 All versions, OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd3, SIMATIC BATCH V8.1 All versions, SIMATIC BATCH V8.2 All versions V8.2 Upd12, SIMATIC BATCH V9.0 All versions V9.0 SP1 Upd5, SIMATIC NET PC Software V14 All...

Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products

Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...

Siemens SIMATIC NET SOFTNET-IE PROFINET IO V14 Software

Binary data 764691.prm...

CVE-2019-6575

CVE-2019-6575 affects Siemens industrial products using OPC UA, including SIMATIC CP443-1 OPC UA, ET 200 Open Controller CPU 1515SP PC2, HMI Outdoor Panels (7"/15"), HMI Comfort Panels (4"–22"), KTP Mobile Panels, IPC DiagMonitor, NET PC Software, RF188C, RF600R, S7‑1500 family, WinCC OA/Runtime,...

CVE-2018-4832

CVE-2018-4832 affects Siemens SPPA-T3000 and related OpenPCS/WinCC/BATCH/Route Control components. The vulnerability stems from improper input validation in the RPC service, enabling a remote attacker with network access to cause a DoS in remote and local communication, requiring a reboot to rest...

CVE-2017-12069

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...

CVE-2017-12069

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...

CVE-2017-12069

Summary: CVE-2017-12069 is an XXE vulnerability in the OPC UA Discovery Server handling of XML, affecting Siemens products using the OPC UA Stack (e.g., SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, SIMATIC NET PC Software, and IT Production Suite). Root cause: Improper restri...

CVE-2017-6865

CVE-2017-6865 is a DoS vulnerability in Siemens PROFINET DCP handling affecting multiple Siemens products (WinCC, STEP 7/TIA Portal, PCS 7, WinAC/WinCC flexible, SCT, SINEMA, SINUMERIK, etc.). The root cause is improper input validation, where specially crafted PROFINET DCP broadcast packets on a...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens Discloses Local Privilege Escalation Bug in SCADA Gear

German engineering giant Siemens is warning operators of a local privilege escalation vulnerability that leaves more than a dozen models of its SCADA equipment open to attack. Some of the issues have been patched, or in other cases, Siemens has provided a workaround. The vulnerability was disclos...

Siemens SIMATIC NET PCSoftware Denial of Service Vulnerability

SIMATIC NET is an open and multifaceted communication system provided by Siemens at the industrial control level. A denial of service vulnerability exists in Siemens SIMATIC NET PCSoftware. An attacker can exploit the vulnerability by sending specially crafted packets to ports...

CVE-2016-5874

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service OPC UA service outage via crafted TCP packets...

CVE-2016-5874

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service OPC UA service outage via crafted TCP packets...

Code injection

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service OPC UA service outage via crafted TCP packets...

CVE-2016-5874

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service OPC UA service outage via crafted TCP packets...

CVE-2016-5874

The vulnerability CVE-2016-5874 affects Siemens SIMATIC NET PC-Software prior to version 13 SP2. The underlying issue is a denial-of-service condition caused by specially crafted TCP packets sent to specific OPC-UA-related ports (55101–55105, 4845, 4847–4850). Successful exploitation can cause an...