20 matches found
EUVD-2013-0686
Malware in sbrugna...
EUVD-2013-0685
Malware in sbrugna...
EUVD-2012-3009
Malware in sbrugna...
Siemens SIMATIC PCS7 < V9.1 and TIA Portal < 15.2 Unrestricted Upload of File with Dangerous Type (ICSA-19-192-02)
Binary data 720309.prm...
ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7 (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...
CVE-2017-12069
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...
Design/Logic Flaw
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...
CVE-2017-12069
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...
CVE-2017-12069
Summary: CVE-2017-12069 is an XXE vulnerability in the OPC UA Discovery Server handling of XML, affecting Siemens products using the OPC UA Stack (e.g., SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, SIMATIC NET PC Software, and IT Production Suite). Root cause: Improper restri...
CVE-2013-3958
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request...
Code injection
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted U...
CVE-2013-3957
CVE-2013-3957 describes an SQL injection vulnerability in the Web Navigator login screen of Siemens WinCC prior to version 7.2 Update 1 (used in SIMATIC PCS7 8.0 SP1 and earlier). The issue arises from input handling in the login/UI that can be manipulated to inject SQL statements through unspeci...
CVE-2013-3957
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-0677
The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file...
CVE-2013-0678
Siemens WinCC (before 7.2, used in SIMATIC PCS7 before 8.0 SP1) stores WebNavigator passwords in an MS SQL database without proper protection, enabling remote authenticated users with DB access to read credentials and obtain sensitive information. The root cause is information disclosure due to m...
CVE-2012-3032
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a 1 GET parameter, 2 POST parameter, or 3 Referer HTTP header...
Sql injection
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message...
CVE-2012-3034
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls...
CVE-2012-3031
CVE-2012-3031 affects Siemens WinCC WebNavigator (Web interface for WinCC) in WinCC 7.0 SP3 and earlier. The vulnerability is reflected XSS (via a GET parameter, a POST parameter, or the Referer header) that could let an attacker inject arbitrary script/HTML. ICS-CERT notes the issues could allow...