18 matches found
EUVD-2017-4276
Malware in sbrugna...
Siemens CPCI85 Central Processing和SICORE Base system 安全漏洞
The SICAM 8 power automation platform is a universal, integrated hardware and software-based solution for all applications in the power supply sector.The SICAM A8000 RTUs are modular devices for remote control and automation applications in all areas of energy supply.The SICAM EGS is the gateway ...
Siemens SICAM RTUs SM-2556 COM Modules Code Injection
Binary data 720107.prm...
Siemens SICAM RTUs SM-2556 COM Modules Authentication Bypass
Binary data 720105.prm...
Siemens SICAM RTUs SM-2556 COM Modules XSS
Binary data 720106.prm...
CVE-2017-12738
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into clicking...
CVE-2017-12737
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the...
Design/Logic Flaw
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the...
Cross site scripting
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into clicking...
Code injection
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected devic...
CVE-2017-12739
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected devic...
CVE-2017-12738
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into clicking...
CVE-2017-12739
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected devic...
CVE-2017-12737
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the...
CVE-2017-12739
Siemens SICAM RTUs SM-2556 COM Modules with firmware ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00 expose a web server on port 80 that could allow unauthenticated remote attackers to execute arbitrary code (CVE-2017-12739). The issue is tied to code injection via the integrated web server; remedia...
CVE-2017-12737
The CVE-2017-12737 entry applies to Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00). The vulnerability arises from a missing authentication for a critical function: the integrated web server (port 80) could allow unauthenticated remote acces...
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution Vulnerabilities
Siemens SICAM RTUs SM-2556 COM modules firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00 suffer from authentication bypass, code execution, and cross site scripting vulnerabilities. ======================================================================= title: Authentication...
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 COM Modules firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and...