EUVD-2014-4602

Malware in sbrugna...

The vulnerability of the automated system for managing technological processes, SIMATIC WinCC, allows authorized users to elevate their privileges remotely.

The vulnerability of Siemens SIMATIC WinCC software is related to errors in the code of the WinCC WebNavigator server. Exploiting this vulnerability allows authorized users to remotely escalate their privileges...

Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7

Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data. The flaws technically exist in WinCC, a SCADA supervisory control and data acquisition and HMI human-machine interface syst...

Cross site request forgery (csrf)

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a 1 HTTP or 2 HTTPS request...

CVE-2014-4682

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request...