378 matches found
PT-2023-1360 · Unknown · Telecontrol Server Basic V3 +2
Name of the Vulnerable Software and Affected Versions: Automation License Manager V5 All versions Automation License Manager V6 All versions prior to V6.0 SP9 Upd4 TeleControl Server Basic V3 All versions prior to V3.1.2 Description: The issue is related to a path traversal vulnerability. It may...
Siemens Industrial Products with OPC UA
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET PC, SITOP Manager, TeleControl Server Basic Vulnerability: Null Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...
Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)
1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...
CVE-2019-6575
CVE-2019-6575 affects Siemens industrial products using OPC UA, including SIMATIC CP443-1 OPC UA, ET 200 Open Controller CPU 1515SP PC2, HMI Outdoor Panels (7"/15"), HMI Comfort Panels (4"–22"), KTP Mobile Panels, IPC DiagMonitor, NET PC Software, RF188C, RF600R, S7‑1500 family, WinCC OA/Runtime,...
PT-2019-2034 · Siemens · Simatic Hmi Comfort Outdoor Panels 7" & 15" +16
Name of the Vulnerable Software and Affected Versions: SIMATIC CP 443-1 OPC UA versions prior to the fixed version SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V2.7 SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions prior to V15.1 Upd 4 SIMATIC HMI Comfort Panels 4" - 22"...
Siemens Industrial Products with OPC UA (Update H)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...
Race condition
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
Design/Logic Flaw
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations...
CVE-2018-4837
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...
CVE-2018-4837
The connected sources confirm CVE-2018-4837 affects Siemens TeleControl Server Basic versions prior to 3.1, where a vulnerability in the webserver (ports 80/443) can cause a Denial-of-Service without affecting other functionality. The ICSA advisory reiterates this as a DoS risk via the webserver,...
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information...