cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-35783,https://securityvulnerability.io/vulnerability/CVE-2024-35783,Elevated Privileges Vulnerability Affects Siemens' Industrial Automation Products,"A vulnerability affects various Siemens SIMATIC products, specifically allowing the database server to operate with elevated privileges. This situation provides a potential opportunity for authenticated attackers to execute arbitrary operating system commands, posing a significant security risk to the affected systems. Products including SIMATIC BATCH, SIMATIC Information Server, and multiple versions of SIMATIC WinCC have been identified as vulnerable. Proper mitigation measures should be employed to safeguard against potential exploitation.",Siemens,"Simatic Batch V9.1,Simatic Information Server 2020,Simatic Information Server 2022,Simatic Pcs 7 V9.1,Simatic Process Historian 2020,Simatic Process Historian 2022,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0",9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T09:36:32.225Z,0
CVE-2024-30321,https://securityvulnerability.io/vulnerability/CVE-2024-30321,Information Disclosure in Siemens SIMATIC Products,"A vulnerability has been identified in specific versions of Siemens SIMATIC PCS 7, WinCC Runtime Professional, and WinCC products. The issue arises due to improper handling of certain requests within their web applications, potentially allowing unauthenticated remote attackers to access sensitive information, such as user credentials. This poses significant risks to organizations utilizing these systems, emphasizing the need for immediate updates to the latest patches.",Siemens,"Simatic Pcs 7 V9.1,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-09T12:15:00.000Z,0
CVE-2023-46280,https://securityvulnerability.io/vulnerability/CVE-2023-46280,Out of Bounds Read Vulnerability in SIMATIC and TIA Portal Products by Siemens,"An out of bounds read vulnerability has been identified in multiple Siemens products, including the SIMATIC and TIA Portal series. This flaw can potentially lead to the crashing of the Windows kernel, resulting in a Blue Screen of Death (BSOD) error. Attackers could exploit this vulnerability to destabilize systems, impacting operational efficiency and safety within industrial environments. It is crucial for users of these products to be aware of this vulnerability and to implement necessary mitigations as outlined by Siemens.",Siemens,"Security Configuration Tool (sct),Simatic Automation Tool,Simatic Batch V9.1,Simatic Net Pc Software V16,Simatic Net Pc Software V17,Simatic Net Pc Software V18,Simatic Net Pc Software V19,Simatic Pcs 7 V9.1,Simatic Pdm V9.2,Simatic Route Control V9.1,Simatic S7-pct,Simatic Step 7 V5,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18,Simatic Wincc Oa V3.19,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V16,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0,Sinamics Startdrive,Sinec Nms,Sinumerik One Virtual,Sinumerik Plc Programming Tool,Tia Portal Cloud Connector,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-14T10:01:52.069Z,0
CVE-2023-50821,https://securityvulnerability.io/vulnerability/CVE-2023-50821,Input Validation Flaw in SIMATIC PCS 7 and WinCC Runtime Products by Siemens,"An input validation flaw in various Siemens SIMATIC PCS 7 and WinCC Runtime products could be exploited by attackers. This vulnerability arises from improper handling of user inputs within the login dialog box, allowing for a potential persistent denial of service condition. Users are advised to review and update the affected products to mitigate the risk associated with this vulnerability.",Siemens,"Simatic Pcs 7 V9.1,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.5,Simatic Wincc V8.0",6.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-09T08:34:35.452Z,0
CVE-2023-48364,https://securityvulnerability.io/vulnerability/CVE-2023-48364,Remote Procedure Call Vulnerability in OpenPCS and SIMATIC Products by Siemens,"A vulnerability exists in certain Siemens OpenPCS and SIMATIC products due to improper handling of malformed Remote Procedure Call (RPC) messages. This oversight could allow an attacker to exploit the vulnerability, leading to a denial of service condition in the RPC server, thereby impacting the availability and functionality of the affected systems. It is crucial for users to apply the updates provided by Siemens to mitigate potential risks associated with this vulnerability.",Siemens,"Openpcs 7 V9.1,Simatic Batch V9.1,Simatic Pcs 7 V9.1,Simatic Route Control V9.1,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-02-13T08:59:56.648Z,0
CVE-2023-48363,https://securityvulnerability.io/vulnerability/CVE-2023-48363,Remote Procedure Call Vulnerability in Siemens OpenPCS and SIMATIC Products,"A vulnerability exists in certain versions of Siemens OpenPCS and SIMATIC products due to improper handling of specific unorganized Remote Procedure Call (RPC) messages. This flaw can be exploited by an attacker to trigger a denial of service condition in the RPC server, potentially disrupting operations across affected systems. Timely updates to the latest service packs are recommended to mitigate this risk.",Siemens,"Openpcs 7 V9.1,Simatic Batch V9.1,Simatic Pcs 7 V9.1,Simatic Route Control V9.1,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-02-13T08:59:55.432Z,0
CVE-2023-28831,https://securityvulnerability.io/vulnerability/CVE-2023-28831,Integer Overflow Issue in Siemens OPC UA Implementations,"The OPC UA implementations in Siemens products harbor an integer overflow vulnerability that can lead to an infinite loop during the certificate validation process. This condition could be exploited by an unauthenticated remote attacker utilizing a specially crafted certificate, resulting in a denial of service that impacts application availability and reliability.",Siemens,"Simatic Braumat,Simatic Cloud Connect 7 Cc712,Simatic Cloud Connect 7 Cc716,Simatic Comfort/mobile Rt,Simatic Drive Controller Cpu 1504d Tf,Simatic Drive Controller Cpu 1507d Tf,Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Ipc Diagmonitor,Simatic Net Pc Software V14,Simatic Net Pc Software V16,Simatic Net Pc Software V17,Simatic Net Pc Software V18,Simatic Pcs 7 V9.1,Simatic Pcs Neo V4.0,Simatic S7-1500 Cpu 1510sp F-1 Pn,Simatic S7-1500 Cpu 1510sp-1 Pn,Simatic S7-1500 Cpu 1511-1 Pn,Simatic S7-1500 Cpu 1511c-1 Pn,Simatic S7-1500 Cpu 1511f-1 Pn,Simatic S7-1500 Cpu 1511t-1 Pn,Simatic S7-1500 Cpu 1511tf-1 Pn,Simatic S7-1500 Cpu 1512c-1 Pn,Simatic S7-1500 Cpu 1512sp F-1 Pn,Simatic S7-1500 Cpu 1512sp-1 Pn,Simatic S7-1500 Cpu 1513-1 Pn,Simatic S7-1500 Cpu 1513f-1 Pn,Simatic S7-1500 Cpu 1514sp F-2 Pn,Simatic S7-1500 Cpu 1514sp-2 Pn,Simatic S7-1500 Cpu 1514spt F-2 Pn,Simatic S7-1500 Cpu 1514spt-2 Pn,Simatic S7-1500 Cpu 1515-2 Pn,Simatic S7-1500 Cpu 1515f-2 Pn,Simatic S7-1500 Cpu 1515t-2 Pn,Simatic S7-1500 Cpu 1515tf-2 Pn,Simatic S7-1500 Cpu 1516-3 Pn/dp,Simatic S7-1500 Cpu 1516f-3 Pn/dp,Simatic S7-1500 Cpu 1516t-3 Pn/dp,Simatic S7-1500 Cpu 1516tf-3 Pn/dp,Simatic S7-1500 Cpu 1517-3 Pn/dp,Simatic S7-1500 Cpu 1517f-3 Pn/dp,Simatic S7-1500 Cpu 1517t-3 Pn/dp,Simatic S7-1500 Cpu 1517tf-3 Pn/dp,Simatic S7-1500 Cpu 1518-4 Pn/dp,Simatic S7-1500 Cpu 1518-4 Pn/dp Mfp,Simatic S7-1500 Cpu 1518f-4 Pn/dp,Simatic S7-1500 Cpu 1518f-4 Pn/dp Mfp,Simatic S7-1500 Cpu 1518t-4 Pn/dp,Simatic S7-1500 Cpu 1518tf-4 Pn/dp,Simatic S7-1500 Cpu S7-1518-4 Pn/dp Odk,Simatic S7-1500 Cpu S7-1518f-4 Pn/dp Odk,Simatic S7-1500 Et 200pro: Cpu 1513pro F-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1513pro-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1516pro F-2 Pn,Simatic S7-1500 Et 200pro: Cpu 1516pro-2 Pn,Simatic S7-1500 Software Controller V2,Simatic S7-1500 Software Controller V3,Simatic S7-plcsim Advanced,Simatic Sistar,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18,Simatic Wincc Oa V3.19,Simatic Wincc Opc Ua Client,Simatic Wincc Runtime Professional V16,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc Unified Opc Ua Server,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0,Sinumerik Mc,Sinumerik One,Siplus Et 200sp Cpu 1510sp F-1 Pn,Siplus Et 200sp Cpu 1510sp F-1 Pn Rail,Siplus Et 200sp Cpu 1510sp-1 Pn,Siplus Et 200sp Cpu 1510sp-1 Pn Rail,Siplus Et 200sp Cpu 1512sp F-1 Pn,Siplus Et 200sp Cpu 1512sp F-1 Pn Rail,Siplus Et 200sp Cpu 1512sp-1 Pn,Siplus Et 200sp Cpu 1512sp-1 Pn Rail,Siplus S7-1500 Cpu 1511-1 Pn,Siplus S7-1500 Cpu 1511-1 Pn T1 Rail,Siplus S7-1500 Cpu 1511-1 Pn Tx Rail,Siplus S7-1500 Cpu 1511f-1 Pn,Siplus S7-1500 Cpu 1513-1 Pn,Siplus S7-1500 Cpu 1513f-1 Pn,Siplus S7-1500 Cpu 1515f-2 Pn,Siplus S7-1500 Cpu 1515f-2 Pn Rail,Siplus S7-1500 Cpu 1515f-2 Pn T2 Rail,Siplus S7-1500 Cpu 1516-3 Pn/dp,Siplus S7-1500 Cpu 1516-3 Pn/dp Rail,Siplus S7-1500 Cpu 1516-3 Pn/dp Tx Rail,Siplus S7-1500 Cpu 1516f-3 Pn/dp,Siplus S7-1500 Cpu 1516f-3 Pn/dp Rail,Siplus S7-1500 Cpu 1518-4 Pn/dp,Siplus S7-1500 Cpu 1518-4 Pn/dp Mfp,Siplus S7-1500 Cpu 1518f-4 Pn/dp",7.5,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-09-12T10:15:00.000Z,0
CVE-2022-24287,https://securityvulnerability.io/vulnerability/CVE-2022-24287,Vulnerability in Siemens SIMATIC Products Allows Kiosk Mode Escape,"A security flaw in Siemens' SIMATIC products allows an authenticated attacker to bypass the Kiosk Mode due to a missing printer configuration on the host. This vulnerability affects various versions of the SIMATIC PCS 7 and WinCC products, which could potentially lead to unauthorized access and manipulation of the systems. It is critical for users to ensure correct printer configurations to mitigate this risk effectively.",Siemens,"Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Pcs 7 V9.1,Simatic Wincc Runtime Professional V16 And Earlier,Simatic Wincc Runtime Professional V17,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-20T13:15:00.000Z,0
CVE-2020-7580,https://securityvulnerability.io/vulnerability/CVE-2020-7580,Local Code Execution Vulnerability in SIMATIC Automation Tools by Siemens,"A vulnerability has been identified in various Siemens SIMATIC applications that allows a local attacker to execute arbitrary code with SYSTEM privileges. This issue arises because a common component frequently invokes a helper binary without properly quoting the call path, which may lead to unintended code execution with elevated privileges. Affected applications span across several SIMATIC products, including but not limited to the Automation Tool, PROsave, Step 7, and WinCC, highlighting a significant concern for users. It is imperative for organizations using these software versions to update to secure versions to mitigate this risk.",Siemens,"Simatic Automation Tool,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Net Pc Software V16,Simatic Pcs Neo,Simatic Prosave,Simatic S7-1500 Software Controller,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simatic Step 7 V5,Simatic Wincc Oa V3.16,Simatic Wincc Oa V3.17,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc Runtime Professional V16,Simatic Wincc V7.4,Simatic Wincc V7.5,Sinamics Starter,Sinamics Startdrive,Sinec Nms,Sinema Server,Sinumerik One Virtual,Sinumerik Operate",6.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2020-06-10T00:00:00.000Z,0
CVE-2019-10929,https://securityvulnerability.io/vulnerability/CVE-2019-10929,Message Protection Bypass Vulnerability in Siemens SIMATIC Products,"A message protection bypass vulnerability exists in various Siemens SIMATIC products that affects the integrity protection calculations. This flaw could allow a Man-in-the-Middle attacker to intercept and alter network traffic directed at the vulnerable devices, which operate over port 102/tcp. The issue arises from specific properties in the integrity protection mechanism, potentially compromising the security and functionality of the devices involved.",Siemens,"Simatic Cp 1626,Simatic Et 200sp Open Controller Cpu 1515sp Pc (incl. Siplus Variants),Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Hmi Panel (incl. Siplus Variants),Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic S7-1200 Cpu Family (incl. Siplus Variants),Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic S7-plcsim Advanced,Simatic Step 7 (tia Portal),Simatic Wincc (tia Portal),Simatic Wincc Oa,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Tim 1531 Irc (incl. Siplus Net Variants)",5.9,MEDIUM,0.002360000042244792,false,,false,false,false,,,false,false,,2019-08-13T18:55:57.000Z,0
CVE-2019-10935,https://securityvulnerability.io/vulnerability/CVE-2019-10935,Code Injection Vulnerability in Siemens SIMATIC WinCC and PCS 7 Products,"A vulnerability in various Siemens SIMATIC WinCC and PCS 7 products allows authenticated attackers to upload arbitrary ASPX code via the WinCC DataMonitor web application. This security issue necessitates network access but does not require user interaction, thereby posing a significant risk to the confidentiality, integrity, and availability of the affected systems. No public exploitation has been reported as of the advisory's release.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc Professional (tia Portal V13),Simatic Wincc Professional (tia Portal V14),Simatic Wincc Professional (tia Portal V15),Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.2,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2019-07-11T21:17:47.000Z,0
CVE-2019-6577,https://securityvulnerability.io/vulnerability/CVE-2019-6577,Cross-Site Scripting Vulnerability in SIMATIC HMI Products by Siemens,"A Cross-Site Scripting (XSS) vulnerability has been identified in various SIMATIC HMI products, which may allow an attacker with network access to exploit the integrated web server. If successful, this exploitation can compromise the confidentiality and integrity of the affected systems. The attack could be executed by manipulating specific configurations via SNMP, requiring user interaction and system privileges. As of now, there have been no known public exploits reported for this vulnerability. It is crucial for users of affected devices to implement security measures promptly.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"",Simatic Hmi Comfort Outdoor Panels 7"" & 15"",Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Simatic Wincc (tia Portal),Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2019-10916,https://securityvulnerability.io/vulnerability/CVE-2019-10916,Arbitrary Command Execution in Siemens SIMATIC Products,"A vulnerability exists in several Siemens SIMATIC products that allows an attacker with access to the project file to execute arbitrary system commands. This can be done with the privileges of the local database server, potentially impacting the confidentiality, integrity, and availability of the affected systems. No public exploitation has been reported at this time.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2019-10917,https://securityvulnerability.io/vulnerability/CVE-2019-10917,Denial-of-Service Vulnerability in SIMATIC PCS 7 and WinCC Products by Siemens,"A vulnerability in Siemens SIMATIC PCS 7 and WinCC products allows an attacker with local access to a project file to trigger a Denial-of-Service condition during the loading process. This could compromise the availability of the affected systems. Exploitation requires access to the project file, and there were no known public exploits at the time of the advisory publication.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2019-10918,https://securityvulnerability.io/vulnerability/CVE-2019-10918,Remote Code Execution Vulnerability in Siemens SIMATIC Products,"A remote code execution vulnerability has been identified in various versions of Siemens SIMATIC PCS 7 and WinCC products. An authenticated attacker with network access can exploit this vulnerability through the DCOM interface, enabling them to execute arbitrary commands with SYSTEM privileges. This can significantly compromise the confidentiality, integrity, and availability of the affected systems. Successful exploitation requires only low-privileged user credentials and eliminates the need for user interaction. As of the latest advisory publication, no public exploitation of this security vulnerability has been reported.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2019-6572,https://securityvulnerability.io/vulnerability/CVE-2019-6572,SNMP Vulnerability in Siemens SIMATIC HMI Products,"A vulnerability exists in various Siemens SIMATIC HMI products, allowing SNMP read and write operations through a hardcoded community string. This security issue can be exploited by attackers with network access, enabling potential risks to confidentiality and integrity without the need for system privileges or user interaction. Remediation is necessary, as the risk of exploitation exists despite the lack of known public exploits at the time of the advisory.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"",Simatic Hmi Comfort Outdoor Panels 7"" & 15"",Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Simatic Wincc (tia Portal),Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",9.1,CRITICAL,0.003800000064074993,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2019-6576,https://securityvulnerability.io/vulnerability/CVE-2019-6576,Network Access Vulnerability in Siemens SIMATIC HMI Devices and WinCC Products,"A vulnerability in Siemens SIMATIC HMI devices and WinCC products allows an attacker with network access to obtain TLS session keys. This could enable decryption of sensitive TLS traffic between legitimate users and the affected device. The flaw is present in multiple models and versions, posing risks to the confidentiality of communications. At the time of this advisory, there were no known public exploits related to this vulnerability.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"",Simatic Hmi Comfort Outdoor Panels 7"" & 15"",Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Simatic Wincc (tia Portal),Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",7.5,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2018-13812,https://securityvulnerability.io/vulnerability/CVE-2018-13812,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"", Simatic Hmi Comfort Outdoor Panels 7"" & 15"", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",7.5,HIGH,0.0017500000540167093,false,,false,false,false,,,false,false,,2018-12-13T16:00:00.000Z,0
CVE-2018-13814,https://securityvulnerability.io/vulnerability/CVE-2018-13814,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"", Simatic Hmi Comfort Outdoor Panels 7"" & 15"", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",8.8,HIGH,0.0020800000056624413,false,,false,false,false,,,false,false,,2018-12-13T16:00:00.000Z,0
CVE-2018-13813,https://securityvulnerability.io/vulnerability/CVE-2018-13813,,"A vulnerability has been identified in SIMATIC HMI Comfort Panels 4"" - 22"" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Simatic Hmi Comfort Panels 4"" - 22"", Simatic Hmi Comfort Outdoor Panels 7"" & 15"", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)",8.1,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2018-12-13T16:00:00.000Z,0
CVE-2018-4832,https://securityvulnerability.io/vulnerability/CVE-2018-4832,,"A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Openpcs 7 V7.1 And Earlier,Openpcs 7 V8.0,Openpcs 7 V8.1,Openpcs 7 V8.2,Openpcs 7 V9.0,Simatic Batch V7.1 And Earlier,Simatic Batch V8.0,Simatic Batch V8.1,Simatic Batch V8.2,Simatic Batch V9.0,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Pcs 7 V7.1 And Earlier,Simatic Pcs 7 V8.0,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Route Control V7.1 And Earlier,Simatic Route Control V8.0,Simatic Route Control V8.1,Simatic Route Control V8.2,Simatic Route Control V9.0,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Sppa-t3000 Application Server",7.5,HIGH,0.004120000172406435,false,,false,false,false,,,false,false,,2018-04-24T17:00:00.000Z,0