33 matches found
EUVD-2013-0686
Malware in sbrugna...
EUVD-2013-0685
Malware in sbrugna...
EUVD-2012-3009
Malware in sbrugna...
Vulnerability fixed in SIMATIC eaSie PCS7
Siemens has fixed a vulnerability in SIMATIC eaSie PCS7. A authenticated malicious party can exploit the vulnerability to access arbitrary files via path-traversal on the vulnerable system. The download function in which the vulnerability is not activated by default. Siemens has released updates ...
Siemens SIMATIC PCS7 < V9.1 and TIA Portal < 15.2 Unrestricted Upload of File with Dangerous Type (ICSA-19-192-02)
Binary data 720309.prm...
ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7 (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...
Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities
OVERVIEW Siemens has identified two vulnerabilities within products utilizing the Siemens WinCC application. Siemens has produced a patch that mitigates this vulnerability in the WinCC application and is working on updates for the remaining affected products to address the other vulnerability in...
Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published November 25, 2014, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities within products utilizing the...
Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02A Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities within products using the Siemen...
CVE-2017-12069
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...
Design/Logic Flaw
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...
CVE-2017-12069
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...
CVE-2017-12069
Summary: CVE-2017-12069 is an XXE vulnerability in the OPC UA Discovery Server handling of XML, affecting Siemens products using the OPC UA Stack (e.g., SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, SIMATIC NET PC Software, and IT Production Suite). Root cause: Improper restri...
Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02C Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 18, 2014, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities within products using the Sieme...
Siemens Patches Five Vulnerabilities in SIMATIC System
Siemens released an update for two builds of its SIMATIC automation system this week, addressing a quintet of vulnerabilities, four of which are remotely exploitable. The German company’s SIMATIC WinCC, a SCADA system and SIMATIC PCS7, a distributed control system DCS are directly affected by the...
Cross site request forgery (csrf)
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a 1 HTTP or 2 HTTPS request...
CVE-2014-4686
Siemens SIMATIC WinCC (before 7.3) contains a hard-coded encryption key in the Project administration component, enabling remote attackers to extract the key from another installation and use it to sniff traffic on TCP port 1030. This can lead to credential exposure and elevated privileges. Publi...
CVE-2014-4685
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control...
CVE-2014-4682
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request...
CVE-2013-3958
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request...