Wincc@7.1 Security Vulnerabilities and Issues — Wincc@7.1 CVE List

Lucene search

SiemensWincc7.1

9 matches found

CVE•added 2014/07/24 2:55 p.m.•70 views

CVE-2014-4684

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.

6CVSS6.6AI score0.00366EPSS

CVE•added 2015/04/08 4:59 p.m.•51 views

CVE-2015-2823

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SI...

6.8CVSS7.1AI score0.00497EPSS

CVE•added 2013/06/14 7:55 p.m.•50 views

CVE-2013-3959

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL...

4CVSS6.4AI score0.00162EPSS

CVE•added 2014/07/24 2:55 p.m.•49 views

CVE-2014-4682

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.

5CVSS6.2AI score0.0023EPSS

CVE•added 2014/07/24 2:55 p.m.•48 views

CVE-2014-4685

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.

4.6CVSS6.6AI score0.00054EPSS

CVE•added 2014/07/24 2:55 p.m.•46 views

CVE-2014-4686

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during t...

6.8CVSS6.1AI score0.00231EPSS

CVE•added 2013/06/14 7:55 p.m.•45 views

CVE-2013-3958

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

7.5CVSS6.8AI score0.00423EPSS

CVE•added 2013/06/14 7:55 p.m.•43 views

CVE-2013-3957

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.5AI score0.00337EPSS

CVE•added 2014/07/24 2:55 p.m.•41 views

CVE-2014-4683

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.

4.9CVSS6.6AI score0.00157EPSS