8 matches found
CVE-2019-10929
CVE-2019-10929 affects Siemens SIMATIC products (S7-1200/1500 families, ET200SP Open Controllers, HMI/WinCC/STEP 7, TIM 1531 IRC, etc.). The flaw is a message protection bypass caused by properties in the integrity-protection calculation, enabling a man-in-the-middle attacker with network access ...
CVE-2020-7580
CVE-2020-7580 affects Siemens products (e.g., SIMATIC Automation Tool, STEP 7/TIA Portal, WinCC OA, ProSave, S7-1500 controllers, etc.). Root cause: a common component calls a helper binary with SYSTEM privileges while the call path is not quoted (unquoted search path/element CWE-428). This could...
CVE-2014-1696
Siemens SIMATIC WinCC OA before 3.12 P002 uses a weak password hash in the server application, enabling remote brute-force access. Affected: SIMATIC WinCC OA server (prior to 3.12 P002 January). Impact: potential privilege escalation or unauthorized access as described in the ICS advisory. Remedi...
CVE-2018-3991
The CVE-2018-3991 vulnerability is a heap-based overflow in WIBU-SYSTEMS WibuKey Network server management (WkbProgramLow function) affecting versions around 6.40.2402.500. A specially crafted TCP packet to port 22347/TCP can trigger the overflow, potentially enabling remote code execution. Mitig...
CVE-2018-13799
The CVE-2018-13799 vulnerability affects SIMATIC WinCC OA V3.14 and earlier (
CVE-2014-1698
CVE-2014-1698 is a directory traversal vulnerability in Siemens SIMATIC WinCC OA, affecting versions before 3.12 P002 January. The affected component is the integrated Web server at Port 4999/TCP, allowing remote attackers to read arbitrary files via crafted packets. The ICS advisory confirms mul...
CVE-2014-1699
CVE-2014-1699 affects Siemens SIMATIC WinCC OA before version 3.12 P002 January. The vulnerability resides in the integrated Web server on port 4999/TCP and stems from improper input validation, allowing remote attackers to trigger a denial of service (monitoring-service outage) by sending malfor...
CVE-2014-1697
The CVE-2014-1697 entry concerns Siemens SIMATIC WinCC OA prior to version 3.12 P002. The vulnerability lies in the integrated Web server on port 4999, where specially crafted, unauthenticated packets can remotely trigger arbitrary code execution due to improper handling of inputs (code injection...