Lucene search
+L
SiemensSimatic Step 7

19 matches found

CVE
CVE
added 2023/06/13 8:17 a.m.118 views

CVE-2023-25910

CVE-2023-25910 describes a remote code execution vulnerability in Siemens SIMATIC STEP 7 V5, SIMATIC PCS 7, and S7-PM products that contain an embedded database management system. The root cause is improper generation/control of code within the database functions, allowing remote unauthenticated ...

10CVSS8.5AI score0.01EPSS
CVE
CVE
added 2019/08/13 6:55 p.m.93 views

CVE-2019-10929

CVE-2019-10929 affects Siemens SIMATIC products (S7-1200/1500 families, ET200SP Open Controllers, HMI/WinCC/STEP 7, TIM 1531 IRC, etc.). The flaw is a message protection bypass caused by properties in the integrity-protection calculation, enabling a man-in-the-middle attacker with network access ...

5.9CVSS5.5AI score0.00978EPSS
CVE
CVE
added 2020/06/10 12:0 a.m.90 views

CVE-2020-7580

CVE-2020-7580 affects Siemens products (e.g., SIMATIC Automation Tool, STEP 7/TIA Portal, WinCC OA, ProSave, S7-1500 controllers, etc.). Root cause: a common component calls a helper binary with SYSTEM privileges while the call path is not quoted (unquoted search path/element CWE-428). This could...

7.2CVSS6.7AI score0.00441EPSS
CVE
CVE
added 2022/04/12 9:7 a.m.86 views

CVE-2021-42029

CVE-2021-42029 affects SIMATIC STEP 7 (TIA Portal) V15 (all versions), V16 (all versions before V16 Update 5), and V17 (all versions before V17 Update 2). Root cause: improper access control in the engineering system software that can allow privilege escalation on the web server of affected devic...

7.8CVSS7.6AI score0.0023EPSS
CVE
CVE
added 2020/07/14 1:18 p.m.81 views

CVE-2020-7581

CVE-2020-7581 affects Siemens/Opcenter components (Discrete/Foundation/Process, Intelligence, Quality, RD&L) and related SIMATIC/Soft Starter/PCS neo, STEP 7, SIMOCODE ES, and Notifier Server. Root cause: an internal component calls a helper binary with SYSTEM privileges during startup via an unq...

7.2CVSS6.5AI score0.00379EPSS
CVE
CVE
added 2012/07/26 10:0 a.m.77 views

CVE-2012-3015

Untrusted search path DLL loading vulnerability in Siemens SIMATIC STEP7 (before v5.5 SP1; used in PCS 7 up to v7.1 SP3) can allow execution of arbitrary code via a Trojan DLL placed in a STEP7 project folder. Affected products use DLL loading without validation, executing with STEP 7 permissions...

6.9CVSS6.7AI score0.00455EPSS
CVE
CVE
added 2020/06/10 4:23 p.m.69 views

CVE-2020-7585

The connected advisory (ICSA-20-161-05) provides concrete details for CVE-2020-7585. A DLL hijacking flaw (Uncontrolled Search Path Element, CWE-427) in Siemens software could allow a local attacker with access to execute code with elevated privileges, affecting: SIMATIC PCS 7 v8.2 and earlier; S...

7.8CVSS7.5AI score0.00433EPSS
CVE
CVE
added 2020/07/14 1:18 p.m.69 views

CVE-2020-7587

CVE-2020-7587 affects Siemens Opcenter and SIMATIC software (e.g., Opcenter Execution Discrete/Foundation/Process, Opcenter Intelligence, Opcenter RD&L, SIMATIC IT LMS/Production Suite, SIMATIC Notifier, PCSneo, STEP 7, SIMOCODE ES, Soft Starter ES, IT Production products). The vulnerability set ...

8.2CVSS7.7AI score0.02484EPSS
CVE
CVE
added 2020/07/14 1:18 p.m.68 views

CVE-2020-7588

CVE-2020-7588 affects Siemens/SIEMENS-related products (Opcenter Execution Discrete/Foundation/Process, Intelligence, Quality, RD&L, SIMATIC IT LMS/Production Suite, Notifier Server, PCS neo, STEP 7 TI A Portal, SIMOCODE ES, Soft Starter ES). Root cause per PT-2020-6696 and CISA/NVD details: insu...

5.3CVSS5.1AI score0.02151EPSS
CVE
CVE
added 2015/03/07 2:0 a.m.67 views

CVE-2015-1594

CVE-2015-1594 is a local untrusted-search-path vulnerability in Siemens SIMATIC ProSave, SIMATIC CFC, SIMATIC STEP 7, SIMOTION Scout, and STARTER. The root cause is an untrusted search path (CWE-426) that lets a local attacker cause arbitrary code execution by loading a Trojan horse application f...

6.9CVSS6.6AI score0.00405EPSS
CVE
CVE
added 2016/11/15 7:0 p.m.65 views

CVE-2016-7165

CVE-2016-7165 affects Siemens products including Primary Setup Tool, SIMATIC IT Production Suite, SIMATIC NET PC-Software, SIMATIC STEP 7 (TIA Portal) v13/v5.x, SIMATIC WinCC (TIA Portal) Basic/Professional/Runtime, SIMIT, SINEMA components, etc. Root cause: unquoted service paths enabling local ...

6.9CVSS6.9AI score0.00378EPSS
CVE
CVE
added 2015/04/06 1:0 a.m.64 views

CVE-2015-1602

Siemens SIMATIC STEP 7 (TIA Portal) v12 and v13 prior to SP1 Upd1 are affected by CVE-2015-1602, which involves storing cleartext passwords in project files, enabling local attackers to reconstruct protection-level and web-server passwords from read files. The issue comprises two related weakness...

2.1CVSS6.5AI score0.00366EPSS
CVE
CVE
added 2015/04/06 1:0 a.m.61 views

CVE-2015-1601

CVE-2015-1601 affects Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1. The root cause is a man-in-the-middle vulnerability in network communications (Port 102/TCP) that can allow attackers to intercept or modify transmitted data, potentially exposing sensitive information or enab...

6.8CVSS6AI score0.01429EPSS
CVE
CVE
added 2015/02/18 2:0 a.m.60 views

CVE-2015-1355

Siemens SIMATIC STEP 7 TIA Portal (all versions prior to V13 SP1) is vulnerable due to use of a weak password-hashing algorithm for device user passwords stored in TIA Portal project files. Local users with read access to a project file could potentially reconstruct plaintext passwords. Siemens r...

2.1CVSS6.5AI score0.0037EPSS
CVE
CVE
added 2020/06/10 4:23 p.m.58 views

CVE-2020-7586

CVE-2020-7586 is a local, heap-based buffer overflow vulnerability affecting Siemens products (SIMATIC PCS 7, PDM, STEP 7, SINAMICS STARTER). The issue allows a local attacker with existing access to cause a DoS and potentially access confidential information due to memory corruption. Root cause ...

7.8CVSS7.5AI score0.00405EPSS
CVE
CVE
added 2015/02/18 2:0 a.m.54 views

CVE-2015-1356

Siemens SIMATIC STEP 7 TIA Portal (pre-13 SP1) stores device user privileges in project files with insufficient integrity protection, enabling modification of authorization data via a manipulated file and leading to privilege escalation. Mitigation: apply Siemens STEP 7 TIA Portal V13 Service Pac...

4.4CVSS6.9AI score0.00512EPSS
CVE
CVE
added 2016/10/13 10:0 a.m.52 views

CVE-2016-7960

Siemens SIMATIC STEP 7 (TIA Portal) prior to version 14 is affected by an information-disclosure vulnerability caused by an improper format for managing TIA project files during version updates. Local attackers with access to engineering workstations or project storage could obtain sensitive conf...

2.5CVSS3.3AI score0.00332EPSS
CVE
CVE
added 2016/10/13 10:0 a.m.48 views

CVE-2016-7959

Siemens SIMATIC STEP 7 (TIA Portal) before version 14 stores pre‑shared key data in TIA project files, enabling local attackers with file access to brute‑force and read sensitive information. The vulnerability is described across multiple sources (NVD entry for CVE-2016-7959 and PT Security advis...

4.7CVSS4.3AI score0.00297EPSS
CVE
CVE
added 2023/12/12 11:25 a.m.45 views

CVE-2022-46141

CVE-2022-46141 affects SIMATIC STEP 7 (TIA Portal): all versions before V19 are vulnerable to information disclosure that could allow a local attacker to obtain the access level password of S7-1200/S7-1500 CPUs when entered by a legitimate user in the hardware configuration. The Red Hat/Siemens a...

5.5CVSS4.6AI score0.00142EPSS