EUVD-2020-28705

Malware in sbrugna...

CVE-2020-7580

A vulnerability has been identified in SIMATIC Automation Tool All versions V4 SP2, SIMATIC NET PC Software V14 All versions V14 SP1 Update 14, SIMATIC NET PC Software V15 All versions, SIMATIC NET PC Software V16 All versions V16 Upd3, SIMATIC PCS neo All versions V3.0 SP1, SIMATIC ProSave All...

CVE-2023-28829

A vulnerability has been identified in SIMATIC NET PC Software V14 All versions, SIMATIC NET PC Software V15 All versions, SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions, SIMATIC WinCC All versions V8.0, SINAUT Software ST7sc All versions. Before...

CVE-2023-28829

CVE-2023-28829 concerns Siemens SIMATIC WinCC/PCS7/NET PC software. The root cause is use of legacy OPC services (OPC DA/HDA/AE) built on Windows ActiveX/DCOM that lack modern authentication and encryption. Affected: SIMATIC NET PC Software V14/V15, SIMATIC PCS 7 V8.2/V9.0/V9.1, SIMATIC WinCC (al...

CVE-2021-40359

A vulnerability has been identified in OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd4, OpenPCS 7 V9.1 All versions, SIMATIC BATCH V8.2 All versions, SIMATIC BATCH V9.0 All versions, SIMATIC BATCH V9.1 All versions, SIMATIC NET PC Software V14 All versions, SIMATIC NET PC...

Authentication flaw

A vulnerability has been identified in OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd4, OpenPCS 7 V9.1 All versions, SIMATIC BATCH V8.2 All versions, SIMATIC BATCH V9.0 All versions, SIMATIC BATCH V9.1 All versions, SIMATIC NET PC Software V14 All versions, SIMATIC NET PC...

CVE-2019-19282

A vulnerability has been identified in OpenPCS 7 V8.1 All versions, OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd3, SIMATIC BATCH V8.1 All versions, SIMATIC BATCH V8.2 All versions V8.2 Upd12, SIMATIC BATCH V9.0 All versions V9.0 SP1 Upd5, SIMATIC NET PC Software V14 All...

CVE-2019-19282

CVE-2019-19282 describes an incorrect calculation of buffer size (CWE-131) that allows a remote attacker to cause a denial-of-service on Siemens industrial software when encrypted communication is enabled. Exploitation requires network access and no privileges/UI. Affected products span OpenPCS 7...

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...

CVE-2017-12069

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...

CVE-2017-12069

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...

CVE-2017-12069

Summary: CVE-2017-12069 is an XXE vulnerability in the OPC UA Discovery Server handling of XML, affecting Siemens products using the OPC UA Stack (e.g., SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, SIMATIC NET PC Software, and IT Production Suite). Root cause: Improper restri...

Siemens Discloses Local Privilege Escalation Bug in SCADA Gear

German engineering giant Siemens is warning operators of a local privilege escalation vulnerability that leaves more than a dozen models of its SCADA equipment open to attack. Some of the issues have been patched, or in other cases, Siemens has provided a workaround. The vulnerability was disclos...

Siemens SIMATIC NET PC-Software Denial-of-Service Vulnerability

OVERVIEW Siemens has identified a denial-of-service vulnerability in SIMATIC NET PC-Software. Vladimir Dashchenko and Sergey Temnikov from Kaspersky Labs reported this issue directly to Siemens. Siemens has produced a new version to mitigate this vulnerability. This vulnerability could be exploit...