Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wincc Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2011-4512

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows rem...

6.9AI Score

0.002EPSS

2012-02-03 08:55 PM
28
cve
cve

CVE-2012-2596

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.

6.2AI Score

0.001EPSS

2012-06-08 06:55 PM
32
4
cve
cve

CVE-2012-3003

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.

6.9AI Score

0.002EPSS

2012-06-08 06:55 PM
30
cve
cve

CVE-2012-3030

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request.

6.4AI Score

0.003EPSS

2012-09-18 02:55 PM
24
cve
cve

CVE-2013-0677

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.

6.7AI Score

0.004EPSS

2013-03-21 03:55 PM
30
cve
cve

CVE-2013-4912

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

6.9AI Score

0.004EPSS

2013-08-01 01:32 PM
27
cve
cve

CVE-2014-4682

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.

6.2AI Score

0.003EPSS

2014-07-24 02:55 PM
35
cve
cve

CVE-2015-1358

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in ...

6.6AI Score

0.004EPSS

2015-02-18 02:59 AM
45