Lucene search
K

831 matches found

CVE
CVE
added 2013/03/21 2:0 p.m.48 views

CVE-2011-4515

Summary of CVE-2011-4515 (Siemens WinCC TIA Portal): The vulnerability affects Siemens WinCC (TIA Portal) HMI Web server in version 11. It involves storing HMI Web-application passwords using a reversible scheme, leaving password data world-readable/writable and retrievable with local access or v...

4.6CVSS5.8AI score0.00381EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/03/21 2:0 p.m.56 views

CVE-2013-0670

Siemens WinCC (TIA Portal) 11 HMI Web application is affected by CVE-2013-0670 (CRLF injection). A crafted URL can lead to HTTP header injection and HTTP response splitting via the HMI Web server. Public sources (NVD, Red Hat cve page, ICS-CERT advisory) confirm the vulnerability in WinCC V11 and...

4.3CVSS7AI score0.01539EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/03/21 2:0 p.m.51 views

CVE-2013-0667

CVE-2013-0667 is a cross-site scripting (XSS) vulnerability in the HMI web application of Siemens WinCC (TIA Portal) 11. Affected product: WinCC (TIA Portal) V11 (all versions). Vulnerability: improper handling in the Web server may allow an authenticated user or an attacker with valid credential...

4.3CVSS5.7AI score0.01513EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/03/21 2:0 p.m.50 views

CVE-2013-0672

Siemens WinCC (TIA Portal) 11 HMI Web application is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2013-0672). An authenticated user can inject arbitrary script or HTML via data stored in the Web interface. The issue is associated with the HMI Web server and Web-based compone...

3.5CVSS5.4AI score0.01196EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/03/21 2:0 p.m.50 views

CVE-2013-0669

Siemens WinCC (TIA Portal) V11 HMI web application is affected by CVE-2013-0669. An authenticated user can craft HTTP requests that crash the HMI Web application, causing a denial of service. The root cause is Improper Input Validation in the Web server, with network attack vector and no confiden...

4CVSS6.3AI score0.0183EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2013/03/21 2:0 p.m.25 views

CVE-2011-4515

Siemens WinCC TIA Portal 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging 1 physical access or 2 Sm@rt Server access...

5.6AI score0.00381EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/03/21 2:0 p.m.26 views

CVE-2013-0670

CRLF injection vulnerability in the HMI web application in Siemens WinCC TIA Portal 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL...

6.7AI score0.01539EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/03/21 2:0 p.m.21 views

CVE-2013-0671

Directory traversal vulnerability in Siemens WinCC TIA Portal 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL...

6.2AI score0.02328EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/03/21 2:0 p.m.18 views

CVE-2013-0668

Multiple cross-site scripting XSS vulnerabilities in the HMI web application in Siemens WinCC TIA Portal 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

5.6AI score0.01513EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/03/21 2:0 p.m.17 views

CVE-2013-0669

The HMI web application in Siemens WinCC TIA Portal 11 allows remote authenticated users to cause a denial of service daemon crash via a crafted HTTP request...

6.1AI score0.0183EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/03/21 2:0 p.m.34 views

CVE-2013-0667

Cross-site scripting XSS vulnerability in the HMI web application in Siemens WinCC TIA Portal 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

5.5AI score0.01513EPSS
Exploits0References2
CVE
CVE
added 2013/03/21 2:0 p.m.50 views

CVE-2013-0668

CVE-2013-0668 : In Siemens WinCC (TIA Portal) 11, the HMI Web application is vulnerable to cross-site scripting via crafted URLs. The issue is tied to input handling in the Web UI, enabling an authenticated or social-engineered user to trigger script execution in other users’ browsers. Affected p...

4.3CVSS5.7AI score0.01513EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2013/03/21 6:0 a.m.61 views

Siemens WinCC 7.2 Multiple Vulnerabilities

OVERVIEW This advisory provides mitigation details for vulnerabilities that impact the Siemens WinCC Web Navigator 7.2. Researchers Alexander Tlyapov, Sergey Gordeychik, and Timur Yunusov of Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC Web Navigator 7.2...

7.5CVSS7.6AI score0.01934EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2013/03/03 12:0 a.m.13 views

PT-2013-43: Hard-coded credentials in Siemens WinCC and SIMATIC PCS 7

The specialists of the Positive Research center have detected a vulnerability in Siemens WinCC and SIMATIC PCS 7 related to hard-coded credentials used in the login system . Attackers with network access and knowledge of the credentials could log into the Web Navigator Web applications as an...

7.5CVSS6.7AI score0.01934EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2013/01/21 12:0 a.m.34 views

Simatic WinCC Information Harvester

encoding: UTF-8 This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Simatic WinCC info...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2013/01/13 12:0 a.m.14 views

PT-2013-42: SQL Injection in Siemens WinCC and SIMATIC PCS 7

The specialists of the Positive Research center have detected "SQL Injection" vulnerability in Siemens WinCC and SIMATIC PCS 7. The WinCC Web Navigator 7.2 and Runtime Client OPC protocol have input filtering in the login screen an attacker can overcome, allowing injection of SQL statements into...

10CVSS7.3AI score0.01784EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2013/01/13 12:0 a.m.11 views

PT-2013-44: Forced browsing in Siemens WinCC and SIMATIC PCS 7

The specialists of the Positive Research center have detected a vulnerability, which can be used to gain access to usernames in Siemens WinCC and SIMATIC PCS 7. The WinCC Web Navigator 7.2 allows a user with authenticated access to probe for valid NetBIOS user names by manipulating URL parameters...

4CVSS6.5AI score0.01332EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2012/12/23 12:0 a.m.7 views

PT-2014-13: Privilege Gaining in Siemens SIMATIC WinCC

The specialists of the Positive Research center have detected a Privilege Gaining vulnerability in SIMATIC WinCC. Existing access control of the WinCC WebNavigator server at port 80/tcp and port 443/tcp could allow remote authenticated users to escalate their privileges in WinCC. How to fix Updat...

4.9CVSS6.8AI score0.01222EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2012/12/23 12:0 a.m.11 views

PT-2014-12: Information Disclosure in Siemens SIMATIC WinCC

The specialists of the Positive Research center have detected an Information disclosure vulnerability in SIMATIC WinCC. The SIMATIC WinCC WebNavigator server at port 80/tcp and port 443/tcp could allow unauthenticated access to sensitive data if an attacker sends specially crafted HTTP requests t...

5CVSS6.4AI score0.01686EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2012/12/11 2:28 p.m.46 views

Kelihos Update Includes New TLD and USB Infection Capabilities

There’s a little Michael Myers in the Kelihos botnet; maim it, kill it and it keeps on coming back to wreak more havoc. The 2011 takedown of the Kelihos botnet was one of Microsoft’s high-profile success stories against spambots and the like, yet Kelihos was back for more at the start of 2012 usi...

9.3CVSS7.6AI score0.91324EPSS
Exploits15References6
Rows per page
Query Builder