69 matches found
CVE-2022-33139
A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...
EUVD-2018-5735
Malware in sbrugna...
EUVD-2014-1772
Malware in sbrugna...
EUVD-2018-16633
Malware in sbrugna...
EUVD-2022-47663
Malicious code in bioql PyPI...
CVE-2022-44731
A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...
CVE-2023-46280
A vulnerability has been identified in Security Configuration Tool SCT All versions, SIMATIC Automation Tool All versions V5.0 SP2, SIMATIC BATCH V9.1 All versions V9.1 SP2 Upd5, SIMATIC NET PC Software V16 All versions V16 Update 8, SIMATIC NET PC Software V17 All versions, SIMATIC NET PC Softwa...
Siemens SIMATIC WinCC OA Ultralight Client Parameter Injection Vulnerability
SIMATIC WinCC Open Architecture OA is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptability, large or complex applications, and projects that require specific system requirements or functionality. A parameter injection...
CVE-2022-44731
A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...
Code injection
A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...
CVE-2022-44731
The CVE-2022-44731 vulnerability affects Siemens SIMATIC WinCC OA Ultralight Client. The Ultralight Client backend can be injected with custom arguments under certain conditions when started via the web interface, enabling an authenticated remote attacker to inject parameters (e.g., open attacker...
PT-2022-27287 · Siemens · Simatic Wincc
Name of the Vulnerable Software and Affected Versions: SIMATIC WinCC OA versions prior to V3.15 P038 SIMATIC WinCC OA versions prior to V3.16 P035 SIMATIC WinCC OA versions prior to V3.17 P024 SIMATIC WinCC OA versions prior to V3.18 P014 Description: A vulnerability allows injecting custom...
CVE-2022-44731
A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...
CVE-2022-44731
A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...
Vulnerabilities fixed in Siemens products
Siemens has fixed vulnerabilities in Mendix, among others, Nucleus NET, RUGGEDCOM, SCALANCE, SICAM, SIMATIC, SIPROTEC and SIMATIC WinCC-OA. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF...
Siemens WinCC OA 3.16 < 3.19 Client Side Authentication Vulnerability (SSA-111512)
Binary data scadaappsiemenswinccoassa-111512icefall.nbin...
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...
CVE-2022-33139
A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...
CVE-2022-33139
A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...
Default configuration
A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...