CVE-2012-3032

CVE-2012-3032 describes a SQL Injection vulnerability in the WebNavigator component of Siemens WinCC (7.0 SP3 and earlier) where a crafted SOAP message can cause arbitrary SQL commands to be executed. The affected product is Siemens WinCC WebNavigator; the root cause is improper neutralization of...

CVE-2012-3030

Siemens WinCC WebNavigator (WebNavigator component) in WinCC 7.0 SP3 and earlier stores sensitive files under the web root with insufficient access controls, enabling a remote attacker to read (1) a log file or (2) a configuration file via a direct request. The issue is mapped to CVE-2012-3030 an...

CVE-2012-3032

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message...

CVE-2012-3031

CVE-2012-3031 affects Siemens WinCC WebNavigator (Web interface for WinCC) in WinCC 7.0 SP3 and earlier. The vulnerability is reflected XSS (via a GET parameter, a POST parameter, or the Referer header) that could let an attacker inject arbitrary script/HTML. ICS-CERT notes the issues could allow...

CVE-2012-3028

CVE-2012-3028 affects Siemens WinCC WebNavigator (7.0 SP3 and earlier). A CSRF flaw lets remote attackers hijack a user’s session to perform data-modifying actions or cause a denial of service. Mitigation: Siemens released SSA-864051 and an update for WinCC 7.0 SP3; apply the patch and limit expo...

CVE-2012-3034

The CVE-2012-3034 issue affects Siemens WinCC WebNavigator (used with SIMATIC PCS7) where crafted parameters to certain ActiveX controls allow remote attackers to obtain a user name and password. The root cause involves unsafe handling within ActiveX methods exposed by WebNavigator, enabling cred...

CVE-2012-3031

Multiple cross-site scripting XSS vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a 1 GET parameter, 2 POST parameter, or 3 Referer HTTP header...

CVE-2012-3028

Cross-site request forgery CSRF vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service...

PT-2013-50: Cross-Site Request Forgery (CSRF) in Siemens Simatic WinCC TIA Portal

The specialists of the Positive Research center have detected "Cross-Site Request Forgery" vulnerability in Siemens Simatic WinCC TIA Portal. Cross-site request forgery CSRF vulnerability in Siemens WinCC TIA Portal allows remote attackers to hijack the authentication of unspecified victims by...

Siemens Patches Stuxnet-Like SCADA Bugs

German industrial control system manufacturer Siemens announced Monday that it had patched holes in some of its products that appear to resemble holes used by the famous Stuxnet worm in 2010. If left unpatched, vulnerabilities in the company’s Simatic STEP 7 and Simatic PCS 7 software could have...

PT-2013-27: Directory Traversal in Siemens Simatic WinCC and PCS 7

The specialists of the Positive Research center have detected "Directory Traversal" vulnerability in Siemens Simatic WinCC and PCS 7. Authenticated users may manipulate the URL in the web browser to access the file system of the web server. With this vulnerability they may read all the files that...

PT-2013-26: Information Disclosure in Siemens Simatic WinCC and PCS 7

The specialists of the Positive Research center have detected "Information Disclosure" vulnerability in Siemens Simatic WinCC and PCS 7. Users with legitimate, non-privileged access to WinCC MS SQL database can retrieve obfuscated user passwords for WebNavigator. For doing this, access to the...

Siemens WinCC WebNavigator Multiple Vulnerabilities

Overview Siemens has reported multiple vulnerabilities in the Siemens WinCC WebNavigator application. These vulnerabilities were originally reported directly to Siemens by Positive Technologies. Siemens has produced an update that mitigates these vulnerabilities. These vulnerabilities could be...

CVE-2012-2598

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service agent outage via crafted input...

CVE-2012-3003

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request...

CVE-2012-2596

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack...

CVE-2012-2597

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL...

CVE-2012-2595

Multiple cross-site scripting XSS vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters...

Directory traversal

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL...

Buffer overflow

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service agent outage via crafted input...