Simatic Pcs7@7.1 Security Vulnerabilities and Issues — Simatic Pcs7@7.1 CVE List

Lucene search

SiemensSimatic Pcs77.1

12 matches found

CVE•added 2013/03/21 3:55 p.m.•132 views

CVE-2013-0674

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.

6.8CVSS8.1AI score0.02707EPSS

CVE•added 2014/07/24 2:55 p.m.•70 views

CVE-2014-4684

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.

6CVSS6.6AI score0.00366EPSS

CVE•added 2014/11/26 11:59 a.m.•51 views

CVE-2014-8551

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

10CVSS7.7AI score0.05807EPSS

CVE•added 2013/03/21 3:55 p.m.•50 views

CVE-2013-0676

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.

4CVSS6.3AI score0.00211EPSS

CVE•added 2014/07/24 2:55 p.m.•49 views

CVE-2014-4682

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.

5CVSS6.2AI score0.0023EPSS

CVE•added 2014/07/24 2:55 p.m.•48 views

CVE-2014-4685

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.

4.6CVSS6.6AI score0.00054EPSS

CVE•added 2013/03/21 3:55 p.m.•46 views

CVE-2013-0679

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.

4CVSS6.4AI score0.00334EPSS

CVE•added 2014/07/24 2:55 p.m.•46 views

CVE-2014-4686

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during t...

6.8CVSS6.1AI score0.00231EPSS

CVE•added 2014/11/26 11:59 a.m.•46 views

CVE-2014-8552

5CVSS6.8AI score0.00118EPSS

CVE•added 2013/03/21 3:55 p.m.•43 views

CVE-2013-0675

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.

6.1CVSS7AI score0.00064EPSS

CVE•added 2014/07/24 2:55 p.m.•41 views

CVE-2014-4683

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.

4.9CVSS6.6AI score0.00157EPSS

CVE•added 2013/03/21 3:55 p.m.•40 views

CVE-2013-0677

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.

5.8CVSS6.7AI score0.00455EPSS