CVE-2024-44102

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 6NH9910-0AA31-0AE1 All versions V3.1.2.1 with redundancy configured, PP TeleControl Server Basic 256 to 1000 V3.1 6NH9910-0AA31-0AD1 All versions V3.1.2.1 with redundancy configured, PP TeleControl Server Basic 3...

Siemens PP TeleControl Server 代码问题漏洞

TeleControl Server Basic allows remote monitoring and control of plants via WAN/LAN. A deserialization vulnerability exists in Siemens TeleControl Server Basic, which can be exploited by an attacker to execute arbitrary code on a device with SYSTEM privileges...

PT-2024-8008 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: PP TeleControl Server Basic versions prior to V3.1.2.1 with redundancy configured TeleControl Server Basic versions prior to V3.1.2.1 with redundancy configured Description: The affected system allows remote users to send maliciously crafted...

Siemens OPC Foundation Local Discovery Server Affecting Siemens Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...

CVE-2022-43514

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected component does not correctly validate the root path on folder related operations, allowing to...

CVE-2022-43514

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected component does not correctly validate the root path on folder related operations, allowing to...

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...

PT-2023-1360 · Unknown · Telecontrol Server Basic V3 +2

Name of the Vulnerable Software and Affected Versions: Automation License Manager V5 All versions Automation License Manager V6 All versions prior to V6.0 SP9 Upd4 TeleControl Server Basic V3 All versions prior to V3.1.2 Description: The issue is related to a path traversal vulnerability. It may...

Siemens Industrial Products with OPC UA

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET PC, SITOP Manager, TeleControl Server Basic Vulnerability: Null Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...

CVE-2019-6575

CVE-2019-6575 affects Siemens industrial products using OPC UA, including SIMATIC CP443-1 OPC UA, ET 200 Open Controller CPU 1515SP PC2, HMI Outdoor Panels (7"/15"), HMI Comfort Panels (4"–22"), KTP Mobile Panels, IPC DiagMonitor, NET PC Software, RF188C, RF600R, S7‑1500 family, WinCC OA/Runtime,...

PT-2019-2034 · Siemens · Simatic Hmi Comfort Outdoor Panels 7" & 15" +16

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 443-1 OPC UA versions prior to the fixed version SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V2.7 SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions prior to V15.1 Upd 4 SIMATIC HMI Comfort Panels 4" - 22"...

Siemens Industrial Products with OPC UA (Update H)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

CVE-2018-4836

A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...

Design/Logic Flaw

A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...

CVE-2018-4836

A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...

CVE-2018-4835

A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...

CVE-2018-4835

A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...