Lucene search

K
SiemensSimatic Pcs7

9 matches found

CVE
CVE
added 2017/11/06 10:29 p.m.57 views

CVE-2017-14023

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators gr...

4.9CVSS5AI score0.02765EPSS
CVE
CVE
added 2013/03/21 3:55 p.m.50 views

CVE-2013-0676

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.

4CVSS6.3AI score0.00211EPSS
CVE
CVE
added 2013/06/14 7:55 p.m.50 views

CVE-2013-3959

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL...

4CVSS6.4AI score0.00162EPSS
CVE
CVE
added 2014/07/24 2:55 p.m.48 views

CVE-2014-4685

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.

4.6CVSS6.6AI score0.00054EPSS
CVE
CVE
added 2012/09/18 2:55 p.m.47 views

CVE-2012-3031

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header.

4.3CVSS5.8AI score0.00589EPSS
CVE
CVE
added 2013/03/21 3:55 p.m.46 views

CVE-2013-0679

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.

4CVSS6.4AI score0.00334EPSS
CVE
CVE
added 2013/03/21 3:55 p.m.44 views

CVE-2013-0678

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.

4CVSS6.2AI score0.00211EPSS
CVE
CVE
added 2012/09/18 2:55 p.m.41 views

CVE-2012-3034

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls.

4.3CVSS7AI score0.00518EPSS
CVE
CVE
added 2014/07/24 2:55 p.m.41 views

CVE-2014-4683

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.

4.9CVSS6.6AI score0.00157EPSS