Lucene search
K

831 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:9 a.m.10 views

CVE-2013-0679

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname...

4CVSS6.6AI score0.02328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.8 views

CVE-2019-10935

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd 11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC...

7.2CVSS6.8AI score0.01297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 a.m.9 views

CVE-2011-4508

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication token...

9.3CVSS7.1AI score0.03119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 a.m.7 views

CVE-2011-4513

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file,...

10CVSS8AI score0.04846EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 a.m.12 views

CVE-2011-4510

Cross-site scripting XSS vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime...

4.3CVSS5.9AI score0.01509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:48 a.m.8 views

CVE-2011-4514

The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attacker...

10CVSS6.8AI score0.03522EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 a.m.5 views

CVE-2012-2597

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL...

4CVSS6.7AI score0.02328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:23 a.m.10 views

CVE-2011-4515

Siemens WinCC TIA Portal 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging 1 physical access or 2 Sm@rt Server access...

4.6CVSS6AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:57 a.m.9 views

CVE-2013-0675

Buffer overflow in CCEServer aka the central communications component in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet...

6.1CVSS7.2AI score0.01047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:50 a.m.8 views

CVE-2011-4512

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows...

5CVSS7.2AI score0.01704EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:50 a.m.10 views

CVE-2011-4511

Cross-site scripting XSS vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime...

4.3CVSS5.9AI score0.01509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 a.m.10 views

CVE-2012-3030

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a 1 log file or 2 configuration file via a direct request...

5CVSS6.6AI score0.02638EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:31 a.m.10 views

CVE-2012-3028

Cross-site request forgery CSRF vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service...

6.8CVSS7.7AI score0.00978EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:30 a.m.14 views

CVE-2012-3003

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request...

5.8CVSS7AI score0.01698EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.9 views

CVE-2012-2598

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service agent outage via crafted input...

4.3CVSS7.2AI score0.01845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.11 views

CVE-2012-2596

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack...

5.5CVSS6.5AI score0.01504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.7 views

CVE-2012-2595

Multiple cross-site scripting XSS vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters...

4.3CVSS5.9AI score0.01513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:3 a.m.8 views

CVE-2013-3959

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted U...

4CVSS6.6AI score0.01332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:3 a.m.12 views

CVE-2013-3958

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request...

7.5CVSS6.9AI score0.01934EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:30 a.m.7 views

CVE-2012-3032

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message...

7.5CVSS8.6AI score0.02405EPSS
Exploits0References1
Rows per page
Query Builder