Lucene search
K
SiemensSimatic Wincc

30 matches found

CVE
CVE
•added 2010/07/22 10:0 a.m.•392 views

CVE-2010-2772

CVE-2010-2772 affects Siemens SIMATIC WinCC and SIMATIC PCS 7: a security bypass via default hard-coded SQL credentials allows remote attackers to access the backend database with administrative-like access. The vulnerability is tied to use of default credentials in the WinCC SQL server, permitti...

7.8CVSS7.2AI score0.0055EPSS
In wild
CVE
CVE
•added 2019/07/11 9:17 p.m.•295 views

CVE-2019-10935

CVE-2019-10935 applies to Siemens SIMATIC WinCC/PCS7 family (PCS 7 v8.x/9.x and WinCC variants) where the WinCC DataMonitor web application allows an authenticated, network-accessible attacker to upload arbitrary ASPX code. The vulnerability enables unrestricted file upload without user interacti...

7.2CVSS6.7AI score0.01297EPSS
CVE
CVE
•added 2022/02/09 3:17 p.m.•120 views

CVE-2021-40363

CVE-2021-40363 affects Siemens SIMATIC PCS 7 and WinCC products. The underlying issue is that the affected component stores local system account credentials in a publicly accessible project file using an outdated cipher algorithm, enabling an attacker to brute-force credentials and take over the ...

7.8CVSS7.3AI score0.0016EPSS
CVE
CVE
•added 2022/02/09 3:17 p.m.•104 views

CVE-2021-40360

Siemens SIMATIC PCS 7 and SIMATIC WinCC contain a vulnerability (CVE-2021-40360) where the password hash of a local account on a remote server can be exposed via a public API, enabling an authenticated attacker to brute‑force and log in. Affected: PCS 7 v8.2–v9.1; WinCC v7.4–v7.5 and v15–v17 (wit...

8.8CVSS8.3AI score0.00682EPSS
CVE
CVE
•added 2018/04/24 5:0 p.m.•96 views

CVE-2018-4832

CVE-2018-4832 affects Siemens SPPA-T3000 and related OpenPCS/WinCC/BATCH/Route Control components. The vulnerability stems from improper input validation in the RPC service, enabling a remote attacker with network access to cause a DoS in remote and local communication, requiring a reboot to rest...

7.5CVSS7AI score0.02437EPSS
CVE
CVE
•added 2022/05/10 9:46 a.m.•89 views

CVE-2022-24287

This CVE (CVE-2022-24287) relates to Siemens SIMATIC WinCC/Kiosk Mode: an authenticated attacker could escape kiosk mode by opening the printer dialog when no printer is installed. Affected products include SIMATIC PCS 7 v8.2/v9.0/v9.1 and WinCC Runtime Professional v16/v17 (prior to Upd4), plus ...

7.8CVSS7.3AI score0.00229EPSS
CVE
CVE
•added 2019/08/13 6:55 p.m.•88 views

CVE-2019-10929

CVE-2019-10929 affects Siemens SIMATIC products (S7-1200/1500 families, ET200SP Open Controllers, HMI/WinCC/STEP 7, TIM 1531 IRC, etc.). The flaw is a message protection bypass caused by properties in the integrity-protection calculation, enabling a man-in-the-middle attacker with network access ...

5.9CVSS5.5AI score0.00978EPSS
CVE
CVE
•added 2020/06/10 12:0 a.m.•88 views

CVE-2020-7580

CVE-2020-7580 affects Siemens products (e.g., SIMATIC Automation Tool, STEP 7/TIA Portal, WinCC OA, ProSave, S7-1500 controllers, etc.). Root cause: a common component calls a helper binary with SYSTEM privileges while the call path is not quoted (unquoted search path/element CWE-428). This could...

7.2CVSS6.7AI score0.00441EPSS
CVE
CVE
•added 2021/08/27 6:51 a.m.•88 views

CVE-2021-40142

In the OPC Foundation Local Discovery Server (LDS), versions before 1.04.402.463 are vulnerable to a DoS caused by crafted messages that trigger an access to memory location after the end of a buffer (CVE-2021-40142). The issue affects LDS and related Siemens products listed in ICS/CISA advisorie...

7.5CVSS7.4AI score0.02563EPSS
CVE
CVE
•added 2019/05/14 7:54 p.m.•85 views

CVE-2019-10916

CVE-2019-10916 affects Siemens SIMATIC PCS7 and WinCC/TIA Portal products (multiple versions). The root cause is SQL Injection in the project file handling, allowing an attacker who can access the project file to run arbitrary commands with the local database server’s privileges, impacting confid...

9CVSS8.3AI score0.0157EPSS
CVE
CVE
•added 2021/11/09 11:32 a.m.•85 views

CVE-2021-40359

CVE-2021-40359 is a path traversal vulnerability in Siemens products (OpenPCS 7, SIMATIC BATCH, SIMATIC NET PC Software, SIMATIC PCS 7, SIMATIC Route Control, SIMATIC WinCC, etc.). The issue arises from improper neutralization of special elements in pathnames when downloading files, allowing an a...

7.7CVSS7.2AI score0.01137EPSS
CVE
CVE
•added 2021/11/09 11:32 a.m.•84 views

CVE-2021-40358

CVE-2021-40358 describes a path-traversal vulnerability in Siemens SIMATIC PCS 7 and WinCC products (V8.2–V9.1, V15–V17, various SP/update levels). Legitimate file operations on the web server fail to neutralize special elements in pathnames, allowing an attacker to resolve a pathname outside the...

9.9CVSS9.2AI score0.01233EPSS
CVE
CVE
•added 2017/05/11 10:0 a.m.•80 views

CVE-2017-6865

CVE-2017-6865 is a DoS vulnerability in Siemens PROFINET DCP handling affecting multiple Siemens products (WinCC, STEP 7/TIA Portal, PCS 7, WinAC/WinCC flexible, SCT, SINEMA, SINUMERIK, etc.). The root cause is improper input validation, where specially crafted PROFINET DCP broadcast packets on a...

6.5CVSS6AI score0.00469EPSS
CVE
CVE
•added 2021/11/09 11:32 a.m.•79 views

CVE-2021-40364

CVE-2021-40364 affects Siemens SIMATIC PCS 7 and WinCC products. The root issue is insertion of sensitive information into log files , enabling an attacker with log access to publicly expose data or reuse it for further attacks. Affected versions include PCS 7 v8.2, v9.0 (pre-SP3 UC04), v9.1 (pre...

5.5CVSS5.1AI score0.00233EPSS
CVE
CVE
•added 2019/05/14 7:54 p.m.•77 views

CVE-2019-10918

Siemens CVE-2019-10918 affects multiple SIMATIC/WinCC products (e.g., WinCC/TIA Portal v14 with SP1 Upd 9 and v15 with Upd 3; WinCC Runtime Professional v14/v15; PCS7 with WinCC updaters). Root cause is an exposed DCOM interface that could let an authenticated, network-reachable attacker execute ...

9CVSS8.6AI score0.01962EPSS
CVE
CVE
•added 2019/05/14 7:54 p.m.•76 views

CVE-2019-10922

This CVE (CVE-2019-10922) affects Siemens SIMATIC WinCC and PCS 7: PCS 7 v8.0 and earlier, PCS 7 v8.1 and newer if Encrypted Communications is disabled; WinCC v7.2 and earlier, WinCC v7.3 and newer if Encrypted Communications is disabled. Vulnerability type: Missing Authentication for Critical Fu...

9.8CVSS9.4AI score0.0264EPSS
CVE
CVE
•added 2017/11/06 10:0 p.m.•71 views

CVE-2017-14023

CVE-2017-14023 affects Siemens SIMATIC PCS 7 (V8.1 up to SP1 with WinCC V7.3 Upd 13, and V8.2 all versions). The issue is improper input validation that may allow an authenticated remote attacker in the administrators group to crash services by sending specially crafted messages to the DCOM inter...

4.9CVSS5AI score0.03675EPSS
CVE
CVE
•added 2024/02/13 8:59 a.m.•71 views

CVE-2023-48364

Siemens CVE-2023-48364 affects multiple OpenPCS/WinCC/PCS7/Route Control products (OpenPCS 7, SIMATIC BATCH, PCS 7, Route Control, WinCC Runtime Professional V18/V19, WinCC V7.4/7.5/8.0) and is caused by improper handling of certain malformed RPC messages, leading to a denial-of-service condition...

7.1CVSS6.2AI score0.0027EPSS
CVE
CVE
•added 2014/11/26 11:0 a.m.•69 views

CVE-2014-8551

CVE-2014-8551 describes a remote code execution vulnerability in Siemens WinCC/PCS7/TIA Portal components due to improper access control (CWE-284). A component within WinCC could allow unauthenticated remote code execution when specially crafted packets are sent to the WinCC server. Affected prod...

10CVSS7.7AI score0.05271EPSS
CVE
CVE
•added 2023/06/13 8:17 a.m.•68 views

CVE-2023-28829

CVE-2023-28829 concerns Siemens SIMATIC WinCC/PCS7/NET PC software. The root cause is use of legacy OPC services (OPC DA/HDA/AE) built on Windows ActiveX/DCOM that lack modern authentication and encryption. Affected: SIMATIC NET PC Software V14/V15, SIMATIC PCS 7 V8.2/V9.0/V9.1, SIMATIC WinCC (al...

8.8CVSS8.8AI score0.00291EPSS
CVE
CVE
•added 2024/02/13 8:59 a.m.•66 views

CVE-2023-48363

CVE-2023-48363 affects Siemens OpenPCS 7, SIMATIC BATCH/PCS 7, Route Control, WinCC Runtime Professional V18/V19, WinCC V7.4/V7.5/V8.0. Root cause: improper handling of certain unorganized RPC messages in the RPC server, leading to a denial-of-service. Affected versions include OpenPCS 7 V9.1 and...

7.1CVSS6.2AI score0.0027EPSS
CVE
CVE
•added 2019/05/14 7:54 p.m.•64 views

CVE-2019-10917

CVE-2019-10917 is a local-denial-of-service vulnerability affecting Siemens SIMATIC PCS7/WinCC product families (e.g., WinCC (TIA Portal) v13–v15 and WinCC Runtime Professional; PCS7 v8.0–9.0 with WinCC variants). The issue arises when a local attacker loads a project file, triggering a DoS and c...

5.5CVSS5.1AI score0.00265EPSS
CVE
CVE
•added 2016/07/22 3:0 p.m.•63 views

CVE-2016-5744

CVE-2016-5744 affects Siemens SIMATIC WinCC (and WinCC Runtime Professional) via improper input validation, allowing remote, unauthenticated attackers to extract arbitrary files from WinCC stations. Affected: WinCC V7.0 SP2, WinCC V7.0 SP3, and WinCC V7.2 (WinCC Runtime Professional and related c...

7.5CVSS7.8AI score0.04399EPSS
CVE
CVE
•added 2016/11/15 7:0 p.m.•63 views

CVE-2016-7165

CVE-2016-7165 affects Siemens products including Primary Setup Tool, SIMATIC IT Production Suite, SIMATIC NET PC-Software, SIMATIC STEP 7 (TIA Portal) v13/v5.x, SIMATIC WinCC (TIA Portal) Basic/Professional/Runtime, SIMIT, SINEMA components, etc. Root cause: unquoted service paths enabling local ...

6.9CVSS6.9AI score0.00378EPSS
CVE
CVE
•added 2020/03/10 7:16 p.m.•60 views

CVE-2019-19282

CVE-2019-19282 describes an incorrect calculation of buffer size (CWE-131) that allows a remote attacker to cause a denial-of-service on Siemens industrial software when encrypted communication is enabled. Exploitation requires network access and no privileges/UI. Affected products span OpenPCS 7...

7.5CVSS7.2AI score0.01311EPSS
CVE
CVE
•added 2014/11/26 11:0 a.m.•59 views

CVE-2014-8552

CVE-2014-8552 : The WinCC family (SIMATIC WinCC 7.0 SP3 and earlier, 7.2 before Update 9, 7.3 before Update 2; PCS 7 7.1 SP4 and earlier, 8.0 before SP2 with WinCC 7.2 Update 9, 8.1 before Update 2; TIA Portal 13 before Update 6) contains an unauthenticated remote arbitrary-file-read vulnerabilit...

5CVSS6.8AI score0.02047EPSS
CVE
CVE
•added 2017/05/11 10:0 a.m.•59 views

CVE-2017-6867

CVE-2017-6867 affects Siemens SIMATIC WinCC family (WinCC v7.3 before Update 11, WinCC v7.4 before SP1; WinCC Runtime Professional v13 before SP2, v14 before SP1; WinCC (TIA Portal) Professional v13 before SP2, v14 before SP1). The issue is improper input validation allowing an authenticated remo...

4.9CVSS5.4AI score0.01923EPSS
CVE
CVE
•added 2016/07/22 3:0 p.m.•54 views

CVE-2016-5743

This CVE (CVE-2016-5743) affects Siemens SIMATIC WinCC/PCS 7/WinCC Runtime Professional. The vulnerability stems from improper input validation that allows specially crafted packets to trigger remote code execution on unauthenticated users. Affected products include WinCC before 7.3 Update 10 and...

10CVSS9.6AI score0.10491EPSS
CVE
CVE
•added 2016/12/17 3:34 a.m.•53 views

CVE-2016-9160

The CVE-2016-9160 entry affects Siemens SIMATIC WinCC and PCS 7. Affected versions are WinCC before v7.2 and PCS 7 before v8.0 SP1. The vulnerability stems from improper restriction of operations within the bounds of a memory buffer in the ActiveX control, enabling a remote attacker to crash the ...

8.1CVSS7.8AI score0.0142EPSS
CVE
CVE
•added 2021/02/09 3:38 p.m.•53 views

CVE-2020-10048

CVE-2020-10048 affects Siemens SIMATIC PCS 7 (All versions) and SIMATIC WinCC (all versions

5.5CVSS5.4AI score0.00336EPSS