CVE-2012-3030

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a 1 log file or 2 configuration file via a direct request...

CVE-2012-3031

Multiple cross-site scripting XSS vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a 1 GET parameter, 2 POST parameter, or 3 Referer HTTP header...

CVE-2012-3032

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service...

Improper access control

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a 1 log file or 2 configuration file via a direct request...

CVE-2012-3032

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message...

CVE-2012-3028

CVE-2012-3028 affects Siemens WinCC WebNavigator (7.0 SP3 and earlier). A CSRF flaw lets remote attackers hijack a user’s session to perform data-modifying actions or cause a denial of service. Mitigation: Siemens released SSA-864051 and an update for WinCC 7.0 SP3; apply the patch and limit expo...

CVE-2012-2598

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service agent outage via crafted input...

Buffer overflow

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service agent outage via crafted input...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters...

Directory traversal

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL...

CVE-2012-3003

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request...

CVE-2012-2598

The CVE-2012-2598 issue affects Siemens WinCC 7.0 SP3 (DiagAgent Web server). A buffer overflow in the DiagAgent Web server can be triggered by crafted input, allowing remote attackers to cause a denial of service (agent outage). The vulnerability is remotely exploitable over the network with no ...

CVE-2012-2597

Siemens WinCC 7.0 SP3 contains a directory traversal flaw (CVE-2012-2597) that allows remote AUTHENTICATED users to read arbitrary files via a crafted URL parameter. Affected: WinCC Web applications on 7.0 SP3 before Update 2. Root cause: improper handling of URL parameters leading to path traver...