cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-52051,https://securityvulnerability.io/vulnerability/CVE-2024-52051,"{""Vulnerability in Siemens PLCs and SCADA Systems Could Allow Arbitrary Code Execution""}","A vulnerability exists in various Siemens products, including SIMATIC S7-PLCSIM and TIA Portal, due to improper sanitization of user-controllable input when processing user settings. This flaw could enable local attackers to execute arbitrary commands on the host operating system, leveraging the privileges of the user running the affected software. Organizations utilizing these products should prioritize updates and apply security measures to mitigate potential risks.",Siemens,"Simatic S7-plcsim V17,Simatic S7-plcsim V18,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 Safety V19,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Step 7 V19,Simatic Wincc Unified Pc Runtime V18,Simatic Wincc Unified Pc Runtime V19,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc Unified V19,Simatic Wincc V17,Simatic Wincc V18,Simatic Wincc V19,Simocode Es V17,Simocode Es V18,Simocode Es V19,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Simotion Scout Tia V5.6 Sp1,Sinamics Startdrive V17,Sinamics Startdrive V18,Sinamics Startdrive V19,Sirius Safety Es V17 (tia Portal),Sirius Safety Es V18 (tia Portal),Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V17 (tia Portal),Sirius Soft Starter Es V18 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Portal Cloud V17,Tia Portal Cloud V18,Tia Portal Cloud V19",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-12-10T13:53:57.576Z,0
CVE-2024-35783,https://securityvulnerability.io/vulnerability/CVE-2024-35783,Elevated Privileges Vulnerability Affects Siemens' Industrial Automation Products,"A vulnerability affects various Siemens SIMATIC products, specifically allowing the database server to operate with elevated privileges. This situation provides a potential opportunity for authenticated attackers to execute arbitrary operating system commands, posing a significant security risk to the affected systems. Products including SIMATIC BATCH, SIMATIC Information Server, and multiple versions of SIMATIC WinCC have been identified as vulnerable. Proper mitigation measures should be employed to safeguard against potential exploitation.",Siemens,"Simatic Batch V9.1,Simatic Information Server 2020,Simatic Information Server 2022,Simatic Pcs 7 V9.1,Simatic Process Historian 2020,Simatic Process Historian 2022,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0",9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:36:32.225Z,0
CVE-2023-30756,https://securityvulnerability.io/vulnerability/CVE-2023-30756,Vulnerability in SIMATIC Communication Processors and HMI Panels,"A security vulnerability has been identified in specific versions of SIMATIC CP communication processors and HMI Comfort Panels by Siemens. The web server on these devices fails to handle particular errors when the Expect HTTP request header is used, leading to a NULL dereference issue. This flaw allows a remote attacker to exploit the vulnerability without requiring additional privileges, thereby potentially initiating a denial of service condition. Users of affected products are advised to assess their systems and apply the necessary updates to mitigate risks associated with this vulnerability.",Siemens,"Simatic Cp 1242-7 V2 (incl. Siplus Variants),Simatic Cp 1243-1 (incl. Siplus Variants),Simatic Cp 1243-1 Dnp3 (incl. Siplus Variants),Simatic Cp 1243-1 Iec (incl. Siplus Variants),Simatic Cp 1243-7 Lte,Simatic Cp 1243-8 Irc,Simatic Hmi Comfort Panels (incl. Siplus Variants),Simatic Ipc Diagbase,Simatic Ipc Diagmonitor,Simatic Wincc Runtime Advanced,Siplus Tim 1531 Irc,Tim 1531 Irc",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:33:40.640Z,0
CVE-2023-30755,https://securityvulnerability.io/vulnerability/CVE-2023-30755,Denial of Service Vulnerability in Siemens SIMATIC Products,"A significant vulnerability exists within a range of Siemens SIMATIC devices that impacts how the integrated web server processes shutdown and reboot requests. This improper handling can result in certain resources not being correctly cleaned up. An attacker with elevated privileges could exploit this vulnerability remotely, potentially leading to a denial of service condition that disrupts the normal operation of the affected systems. Organizations using these products should assess their security posture in relation to this vulnerability and implement appropriate measures to mitigate any risks associated.",Siemens,"Simatic Cp 1242-7 V2 (incl. Siplus Variants),Simatic Cp 1243-1 (incl. Siplus Variants),Simatic Cp 1243-1 Dnp3 (incl. Siplus Variants),Simatic Cp 1243-1 Iec (incl. Siplus Variants),Simatic Cp 1243-7 Lte,Simatic Cp 1243-8 Irc,Simatic Hmi Comfort Panels (incl. Siplus Variants),Simatic Ipc Diagbase,Simatic Ipc Diagmonitor,Simatic Wincc Runtime Advanced,Siplus Tim 1531 Irc,Tim 1531 Irc",4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:33:39.215Z,0
CVE-2023-28827,https://securityvulnerability.io/vulnerability/CVE-2023-28827,Denial of Service Vulnerability in Siemens SIMATIC Products,"A vulnerability has been found in multiple Siemens SIMATIC products due to the web server's failure to properly handle specific requests. This issue may cause a timeout in the watchdog system, leading to an unwanted cleanup of pointers. Consequently, a remote attacker could exploit this vulnerability to generate a denial of service condition, potentially disrupting operations and impacting system availability.",Siemens,"Simatic Cp 1242-7 V2 (incl. Siplus Variants),Simatic Cp 1243-1 (incl. Siplus Variants),Simatic Cp 1243-1 Dnp3 (incl. Siplus Variants),Simatic Cp 1243-1 Iec (incl. Siplus Variants),Simatic Cp 1243-7 Lte,Simatic Cp 1243-8 Irc,Simatic Hmi Comfort Panels (incl. Siplus Variants),Simatic Ipc Diagbase,Simatic Ipc Diagmonitor,Simatic Wincc Runtime Advanced,Siplus Tim 1531 Irc,Tim 1531 Irc",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:33:37.794Z,0
CVE-2024-30321,https://securityvulnerability.io/vulnerability/CVE-2024-30321,Information Disclosure in Siemens SIMATIC Products,"A vulnerability has been identified in specific versions of Siemens SIMATIC PCS 7, WinCC Runtime Professional, and WinCC products. The issue arises due to improper handling of certain requests within their web applications, potentially allowing unauthenticated remote attackers to access sensitive information, such as user credentials. This poses significant risks to organizations utilizing these systems, emphasizing the need for immediate updates to the latest patches.",Siemens,"Simatic Pcs 7 V9.1,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2023-46280,https://securityvulnerability.io/vulnerability/CVE-2023-46280,Out of Bounds Read Vulnerability in SIMATIC and TIA Portal Products by Siemens,"An out of bounds read vulnerability has been identified in multiple Siemens products, including the SIMATIC and TIA Portal series. This flaw can potentially lead to the crashing of the Windows kernel, resulting in a Blue Screen of Death (BSOD) error. Attackers could exploit this vulnerability to destabilize systems, impacting operational efficiency and safety within industrial environments. It is crucial for users of these products to be aware of this vulnerability and to implement necessary mitigations as outlined by Siemens.",Siemens,"Security Configuration Tool (sct),Simatic Automation Tool,Simatic Batch V9.1,Simatic Net Pc Software V16,Simatic Net Pc Software V17,Simatic Net Pc Software V18,Simatic Net Pc Software V19,Simatic Pcs 7 V9.1,Simatic Pdm V9.2,Simatic Route Control V9.1,Simatic S7-pct,Simatic Step 7 V5,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18,Simatic Wincc Oa V3.19,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V16,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0,Sinamics Startdrive,Sinec Nms,Sinumerik One Virtual,Sinumerik Plc Programming Tool,Tia Portal Cloud Connector,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T10:01:52.069Z,0
CVE-2023-50821,https://securityvulnerability.io/vulnerability/CVE-2023-50821,Input Validation Flaw in SIMATIC PCS 7 and WinCC Runtime Products by Siemens,"An input validation flaw in various Siemens SIMATIC PCS 7 and WinCC Runtime products could be exploited by attackers. This vulnerability arises from improper handling of user inputs within the login dialog box, allowing for a potential persistent denial of service condition. Users are advised to review and update the affected products to mitigate the risk associated with this vulnerability.",Siemens,"Simatic Pcs 7 V9.1,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.5,Simatic Wincc V8.0",6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T08:34:35.452Z,0
CVE-2023-48364,https://securityvulnerability.io/vulnerability/CVE-2023-48364,Remote Procedure Call Vulnerability in OpenPCS and SIMATIC Products by Siemens,"A vulnerability exists in certain Siemens OpenPCS and SIMATIC products due to improper handling of malformed Remote Procedure Call (RPC) messages. This oversight could allow an attacker to exploit the vulnerability, leading to a denial of service condition in the RPC server, thereby impacting the availability and functionality of the affected systems. It is crucial for users to apply the updates provided by Siemens to mitigate potential risks associated with this vulnerability.",Siemens,"Openpcs 7 V9.1,Simatic Batch V9.1,Simatic Pcs 7 V9.1,Simatic Route Control V9.1,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-02-13T08:59:56.648Z,0
CVE-2023-48363,https://securityvulnerability.io/vulnerability/CVE-2023-48363,Remote Procedure Call Vulnerability in Siemens OpenPCS and SIMATIC Products,"A vulnerability exists in certain versions of Siemens OpenPCS and SIMATIC products due to improper handling of specific unorganized Remote Procedure Call (RPC) messages. This flaw can be exploited by an attacker to trigger a denial of service condition in the RPC server, potentially disrupting operations across affected systems. Timely updates to the latest service packs are recommended to mitigate this risk.",Siemens,"Openpcs 7 V9.1,Simatic Batch V9.1,Simatic Pcs 7 V9.1,Simatic Route Control V9.1,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-02-13T08:59:55.432Z,0
CVE-2023-28831,https://securityvulnerability.io/vulnerability/CVE-2023-28831,Integer Overflow Issue in Siemens OPC UA Implementations,"The OPC UA implementations in Siemens products harbor an integer overflow vulnerability that can lead to an infinite loop during the certificate validation process. This condition could be exploited by an unauthenticated remote attacker utilizing a specially crafted certificate, resulting in a denial of service that impacts application availability and reliability.",Siemens,"Simatic Braumat,Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716,Simatic Comfort/mobile Rt,Simatic Drive Controller Cpu 1504d Tf,Simatic Drive Controller Cpu 1507d Tf,Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Ipc Diagmonitor,Simatic Net Pc Software V14,Simatic Net Pc Software V16,Simatic Net Pc Software V17,Simatic Net Pc Software V18,Simatic Pcs 7 V9.1,Simatic Pcs Neo V4.0,Simatic S7-1500 Cpu 1510sp F-1 Pn,Simatic S7-1500 Cpu 1510sp-1 Pn,Simatic S7-1500 Cpu 1511-1 Pn,Simatic S7-1500 Cpu 1511c-1 Pn,Simatic S7-1500 Cpu 1511f-1 Pn,Simatic S7-1500 Cpu 1511t-1 Pn,Simatic S7-1500 Cpu 1511tf-1 Pn,Simatic S7-1500 Cpu 1512c-1 Pn,Simatic S7-1500 Cpu 1512sp F-1 Pn,Simatic S7-1500 Cpu 1512sp-1 Pn,Simatic S7-1500 Cpu 1513-1 Pn,Simatic S7-1500 Cpu 1513f-1 Pn,Simatic S7-1500 Cpu 1514sp F-2 Pn,Simatic S7-1500 Cpu 1514sp-2 Pn,Simatic S7-1500 Cpu 1514spt F-2 Pn,Simatic S7-1500 Cpu 1514spt-2 Pn,Simatic S7-1500 Cpu 1515-2 Pn,Simatic S7-1500 Cpu 1515f-2 Pn,Simatic S7-1500 Cpu 1515t-2 Pn,Simatic S7-1500 Cpu 1515tf-2 Pn,Simatic S7-1500 Cpu 1516-3 Pn/dp,Simatic S7-1500 Cpu 1516f-3 Pn/dp,Simatic S7-1500 Cpu 1516t-3 Pn/dp,Simatic S7-1500 Cpu 1516tf-3 Pn/dp,Simatic S7-1500 Cpu 1517-3 Pn/dp,Simatic S7-1500 Cpu 1517f-3 Pn/dp,Simatic S7-1500 Cpu 1517t-3 Pn/dp,Simatic S7-1500 Cpu 1517tf-3 Pn/dp,Simatic S7-1500 Cpu 1518-4 Pn/dp,Simatic S7-1500 Cpu 1518-4 Pn/dp Mfp,Simatic S7-1500 Cpu 1518f-4 Pn/dp,Simatic S7-1500 Cpu 1518f-4 Pn/dp Mfp,Simatic S7-1500 Cpu 1518t-4 Pn/dp,Simatic S7-1500 Cpu 1518tf-4 Pn/dp,Simatic S7-1500 Cpu S7-1518-4 Pn/dp Odk,Simatic S7-1500 Cpu S7-1518f-4 Pn/dp Odk,Simatic S7-1500 Et 200pro: Cpu 1513pro F-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1513pro-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1516pro F-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1516pro-2 Pn,Simatic S7-1500 Software Controller V2,Simatic S7-1500 Software Controller V3,Simatic S7-plcsim Advanced,Simatic Sistar,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18,Simatic Wincc Oa V3.19,Simatic Wincc Opc Ua Client,Simatic Wincc Runtime Professional V16,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc Unified Opc Ua Server,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0,Sinumerik Mc,Sinumerik One,Siplus Et 200sp Cpu 1510sp F-1 Pn,Siplus Et 200sp Cpu 1510sp F-1 Pn Rail,Siplus Et 200sp Cpu 1510sp-1 Pn,Siplus Et 200sp Cpu 1510sp-1 Pn Rail,Siplus Et 200sp Cpu 1512sp F-1 Pn,Siplus Et 200sp Cpu 1512sp F-1 Pn Rail,Siplus Et 200sp Cpu 1512sp-1 Pn,Siplus Et 200sp Cpu 1512sp-1 Pn Rail,Siplus S7-1500 Cpu 1511-1 Pn,Siplus S7-1500 Cpu 1511-1 Pn T1 Rail,Siplus S7-1500 Cpu 1511-1 Pn Tx Rail,Siplus S7-1500 Cpu 1511f-1 Pn,Siplus S7-1500 Cpu 1513-1 Pn,Siplus S7-1500 Cpu 1513f-1 Pn,Siplus S7-1500 Cpu 1515f-2 Pn,Siplus S7-1500 Cpu 1515f-2 Pn Rail,Siplus S7-1500 Cpu 1515f-2 Pn T2 Rail,Siplus S7-1500 Cpu 1516-3 Pn/dp,Siplus S7-1500 Cpu 1516-3 Pn/dp Rail,Siplus S7-1500 Cpu 1516-3 Pn/dp Tx Rail,Siplus S7-1500 Cpu 1516f-3 Pn/dp,Siplus S7-1500 Cpu 1516f-3 Pn/dp Rail,Siplus S7-1500 Cpu 1518-4 Pn/dp,Siplus S7-1500 Cpu 1518-4 Pn/dp Mfp,Siplus S7-1500 Cpu 1518f-4 Pn/dp",7.5,HIGH,0.0005300000193528831,false,,false,false,false,,false,false,2023-09-12T10:15:00.000Z,0
CVE-2022-30694,https://securityvulnerability.io/vulnerability/CVE-2022-30694,Cross-Site Request Forgery Vulnerability in Siemens Web Services,"An issue in the login endpoint of Siemens web services permits inadequate origin checking, allowing authenticated remote attackers to potentially exploit this weakness. By leveraging this vulnerability, attackers can orchestrate cross-site request forgery (CSRF) attacks, which could enable them to track the activities of legitimate users without their consent.",Siemens,"Simatic Drive Controller Cpu 1504d Tf,Simatic Drive Controller Cpu 1507d Tf,Simatic Et 200pro Im154-8 Pn/dp Cpu,Simatic Et 200pro Im154-8f Pn/dp Cpu,Simatic Et 200pro Im154-8fx Pn/dp Cpu,Simatic Et 200s Im151-8 Pn/dp Cpu,Simatic Et 200s Im151-8f Pn/dp Cpu,Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Pc Station,Simatic S7-1200 Cpu Family (incl. Siplus Variants),Simatic S7-1500 Cpu 1510sp F-1 Pn,Simatic S7-1500 Cpu 1510sp-1 Pn,Simatic S7-1500 Cpu 1511-1 Pn,Simatic S7-1500 Cpu 1511c-1 Pn,Simatic S7-1500 Cpu 1511f-1 Pn,Simatic S7-1500 Cpu 1511t-1 Pn,Simatic S7-1500 Cpu 1511tf-1 Pn,Simatic S7-1500 Cpu 1512c-1 Pn,Simatic S7-1500 Cpu 1512sp F-1 Pn,Simatic S7-1500 Cpu 1512sp-1 Pn,Simatic S7-1500 Cpu 1513-1 Pn,Simatic S7-1500 Cpu 1513f-1 Pn,Simatic S7-1500 Cpu 1513r-1 Pn,Simatic S7-1500 Cpu 1515-2 Pn,Simatic S7-1500 Cpu 1515f-2 Pn,Simatic S7-1500 Cpu 1515r-2 Pn,Simatic S7-1500 Cpu 1515t-2 Pn,Simatic S7-1500 Cpu 1515tf-2 Pn,Simatic S7-1500 Cpu 1516-3 Pn/dp,Simatic S7-1500 Cpu 1516f-3 Pn/dp,Simatic S7-1500 Cpu 1516t-3 Pn/dp,Simatic S7-1500 Cpu 1516tf-3 Pn/dp,Simatic S7-1500 Cpu 1517-3 Pn/dp,Simatic S7-1500 Cpu 1517f-3 Pn/dp,Simatic S7-1500 Cpu 1517h-3 Pn,Simatic S7-1500 Cpu 1517t-3 Pn/dp,Simatic S7-1500 Cpu 1517tf-3 Pn/dp,Simatic S7-1500 Cpu 1518-4 Pn/dp,Simatic S7-1500 Cpu 1518-4 Pn/dp Mfp,Simatic S7-1500 Cpu 1518f-4 Pn/dp,Simatic S7-1500 Cpu 1518f-4 Pn/dp Mfp,Simatic S7-1500 Cpu 1518hf-4 Pn,Simatic S7-1500 Cpu 1518t-4 Pn/dp,Simatic S7-1500 Cpu 1518tf-4 Pn/dp,Simatic S7-1500 Cpu S7-1518-4 Pn/dp Odk,Simatic S7-1500 Cpu S7-1518f-4 Pn/dp Odk,Simatic S7-1500 Et 200pro: Cpu 1513pro F-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1513pro-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1516pro F-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1516pro-2 Pn,Simatic S7-1500 Software Controller V2,Simatic S7-300 Cpu 314c-2 Pn/dp,Simatic S7-300 Cpu 315-2 Pn/dp,Simatic S7-300 Cpu 315f-2 Pn/dp,Simatic S7-300 Cpu 315t-3 Pn/dp,Simatic S7-300 Cpu 317-2 Pn/dp,Simatic S7-300 Cpu 317f-2 Pn/dp,Simatic S7-300 Cpu 317t-3 Pn/dp,Simatic S7-300 Cpu 317tf-3 Pn/dp,Simatic S7-300 Cpu 319-3 Pn/dp,Simatic S7-300 Cpu 319f-3 Pn/dp,Simatic S7-400 Pn/dp V6 Cpu Family (incl. Siplus Variants),Simatic S7-400 Pn/dp V7 Cpu Family (incl. Siplus Variants),Simatic S7-plcsim Advanced,Simatic Wincc Runtime Advanced,Sinumerik One,Siplus Et 200s Im151-8 Pn/dp Cpu,Siplus Et 200s Im151-8f Pn/dp Cpu,Siplus Et 200sp Cpu 1510sp F-1 Pn,Siplus Et 200sp Cpu 1510sp F-1 Pn Rail,Siplus Et 200sp Cpu 1510sp-1 Pn,Siplus Et 200sp Cpu 1510sp-1 Pn Rail,Siplus Et 200sp Cpu 1512sp F-1 Pn,Siplus Et 200sp Cpu 1512sp F-1 Pn Rail,Siplus Et 200sp Cpu 1512sp-1 Pn,Siplus Et 200sp Cpu 1512sp-1 Pn Rail,Siplus S7-1500 Cpu 1511-1 Pn,Siplus S7-1500 Cpu 1511-1 Pn T1 Rail,Siplus S7-1500 Cpu 1511-1 Pn Tx Rail,Siplus S7-1500 Cpu 1511f-1 Pn,Siplus S7-1500 Cpu 1513-1 Pn,Siplus S7-1500 Cpu 1513f-1 Pn,Siplus S7-1500 Cpu 1515f-2 Pn,Siplus S7-1500 Cpu 1515f-2 Pn Rail,Siplus S7-1500 Cpu 1515f-2 Pn T2 Rail,Siplus S7-1500 Cpu 1515r-2 Pn,Siplus S7-1500 Cpu 1515r-2 Pn Tx Rail,Siplus S7-1500 Cpu 1516-3 Pn/dp,Siplus S7-1500 Cpu 1516-3 Pn/dp Rail,Siplus S7-1500 Cpu 1516-3 Pn/dp Tx Rail,Siplus S7-1500 Cpu 1516f-3 Pn/dp,Siplus S7-1500 Cpu 1516f-3 Pn/dp Rail,Siplus S7-1500 Cpu 1517h-3 Pn,Siplus S7-1500 Cpu 1518-4 Pn/dp,Siplus S7-1500 Cpu 1518-4 Pn/dp Mfp,Siplus S7-1500 Cpu 1518f-4 Pn/dp,Siplus S7-1500 Cpu 1518hf-4 Pn,Siplus S7-300 Cpu 314c-2 Pn/dp,Siplus S7-300 Cpu 315-2 Pn/dp,Siplus S7-300 Cpu 315f-2 Pn/dp,Siplus S7-300 Cpu 317-2 Pn/dp,Siplus S7-300 Cpu 317f-2 Pn/dp",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-24287,https://securityvulnerability.io/vulnerability/CVE-2022-24287,Vulnerability in Siemens SIMATIC Products Allows Kiosk Mode Escape,"A security flaw in Siemens' SIMATIC products allows an authenticated attacker to bypass the Kiosk Mode due to a missing printer configuration on the host. This vulnerability affects various versions of the SIMATIC PCS 7 and WinCC products, which could potentially lead to unauthorized access and manipulation of the systems. It is critical for users to ensure correct printer configurations to mitigate this risk effectively.",Siemens,"Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Pcs 7 V9.1,Simatic Wincc Runtime Professional V16 And Earlier,Simatic Wincc Runtime Professional V17,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2021-27386,https://securityvulnerability.io/vulnerability/CVE-2021-27386,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",7.5,HIGH,0.004809999838471413,false,,false,false,false,,false,false,2021-05-12T13:18:23.000Z,0
CVE-2021-27385,https://securityvulnerability.io/vulnerability/CVE-2021-27385,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",7.5,HIGH,0.0029299999587237835,false,,false,false,false,,false,false,2021-05-12T13:18:23.000Z,0
CVE-2021-27384,https://securityvulnerability.io/vulnerability/CVE-2021-27384,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",9.8,CRITICAL,0.005330000072717667,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0
CVE-2021-27383,https://securityvulnerability.io/vulnerability/CVE-2021-27383,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16,Sinamics Gh150,Sinamics Gl150 (with Option X30),Sinamics Gm150 (with Option X30),Sinamics Sh150,Sinamics Sl150,Sinamics Sm120,Sinamics Sm150,Sinamics Sm150i",7.5,HIGH,0.0016599999507889152,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0
CVE-2021-25661,https://securityvulnerability.io/vulnerability/CVE-2021-25661,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16",7.5,HIGH,0.0014600000577047467,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0
CVE-2021-25662,https://securityvulnerability.io/vulnerability/CVE-2021-25662,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16",7.5,HIGH,0.008379999548196793,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0
CVE-2021-25660,https://securityvulnerability.io/vulnerability/CVE-2021-25660,,"A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\"" & 15\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\"" - 22\"" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.",Siemens,"Simatic Hmi Comfort Outdoor Panels V15 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels V16 7\"" & 15\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V15 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Comfort Panels V16 4\"" - 22\"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels V15 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Hmi Ktp Mobile Panels V16 Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Wincc Runtime Advanced V15,Simatic Wincc Runtime Advanced V16",7.5,HIGH,0.0014700000174343586,false,,false,false,false,,false,false,2021-05-12T13:18:22.000Z,0
CVE-2020-7592,https://securityvulnerability.io/vulnerability/CVE-2020-7592,,"A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.",Siemens,"Simatic Hmi Basic Panels 1st Generation (incl. Siplus Variants),Simatic Hmi Basic Panels 2nd Generation (incl. Siplus Variants),Simatic Hmi Comfort Panels (incl. Siplus Variants),Simatic Hmi Ktp700f Mobile Arctic,Simatic Hmi Mobile Panels 2nd Generation,Simatic Wincc Runtime Advanced",6.5,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2020-07-14T13:18:05.000Z,0
CVE-2020-7580,https://securityvulnerability.io/vulnerability/CVE-2020-7580,,"A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.",Siemens,"Simatic Automation Tool,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Net Pc Software V16,Simatic Pcs Neo,Simatic Prosave,Simatic S7-1500 Software Controller,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simatic Step 7 V5,Simatic Wincc Oa V3.16,Simatic Wincc Oa V3.17,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc Runtime Professional V16,Simatic Wincc V7.4,Simatic Wincc V7.5,Sinamics Starter,Sinamics Startdrive,Sinec Nms,Sinema Server,Sinumerik One Virtual,Sinumerik Operate",6.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2020-06-10T00:00:00.000Z,0
CVE-2019-10929,https://securityvulnerability.io/vulnerability/CVE-2019-10929,,"A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.",Siemens,"Simatic Cp 1626,Simatic Et 200sp Open Controller Cpu 1515sp Pc (incl. Siplus Variants),Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Hmi Panel (incl. Siplus Variants),Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic S7-1200 Cpu Family (incl. Siplus Variants),Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic S7-plcsim Advanced,Simatic Step 7 (tia Portal),Simatic Wincc (tia Portal),Simatic Wincc Oa,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Tim 1531 Irc (incl. Siplus Net Variants)",5.9,MEDIUM,0.002360000042244792,false,,false,false,false,,false,false,2019-08-13T18:55:57.000Z,0
CVE-2019-10935,https://securityvulnerability.io/vulnerability/CVE-2019-10935,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc Professional (tia Portal V13),Simatic Wincc Professional (tia Portal V14),Simatic Wincc Professional (tia Portal V15),Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.2,HIGH,0.0009200000204145908,false,,false,false,false,,false,false,2019-07-11T21:17:47.000Z,0
CVE-2019-10918,https://securityvulnerability.io/vulnerability/CVE-2019-10918,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009500000160187483,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0