Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.
5.8AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
5.7AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
5.7AI Score
0.002EPSS
The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.
6.3AI Score
0.001EPSS
CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
7AI Score
0.001EPSS
Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.
6.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.
5.4AI Score
0.001EPSS