3 matches found
CVE-2014-4684
The CVE-2014-4684 issue affects Siemens SIMATIC WinCC before 7.3 (as used in PCS7 and other products) where the WinCC database server could allow remote authenticated users to escalate privileges by sending a crafted command to TCP/1433. Connected sources confirm root cause in the database server...
KLA10393 LPE & OSI vulnerabilities in Siemens Simatic WinCC
Multiple serious vulnerabilities have been found in Siemens Simatic WinCC. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information. Below is a complete list of vulnerabilities 1. An unsafe encryption key can be exploited remotely via key extraction; 2...
Siemens SIMATIC WinCC Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-205-02 Siemens SIMATIC WinCC Vulnerabilities that was published July 24, 2014, on the NCCIC/ICS-CERT web site. Researchers Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai of Positive...