cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-24287,https://securityvulnerability.io/vulnerability/CVE-2022-24287,Vulnerability in Siemens SIMATIC Products Allows Kiosk Mode Escape,"A security flaw in Siemens' SIMATIC products allows an authenticated attacker to bypass the Kiosk Mode due to a missing printer configuration on the host. This vulnerability affects various versions of the SIMATIC PCS 7 and WinCC products, which could potentially lead to unauthorized access and manipulation of the systems. It is critical for users to ensure correct printer configurations to mitigate this risk effectively.",Siemens,"Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Pcs 7 V9.1,Simatic Wincc Runtime Professional V16 And Earlier,Simatic Wincc Runtime Professional V17,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-20T13:15:00.000Z,0
CVE-2019-19282,https://securityvulnerability.io/vulnerability/CVE-2019-19282,Denial of Service Vulnerability in OpenPCS and SIMATIC Products by Siemens,"A vulnerability exists in various versions of OpenPCS and SIMATIC products that allows an attacker with network access to send specially crafted messages over encrypted communication. This flaw can lead to a Denial-of-Service condition, compromising system availability without the need for system privileges or user interaction.",Siemens,"Openpcs 7 V8.1,Openpcs 7 V8.2,Openpcs 7 V9.0,Simatic Batch V8.1,Simatic Batch V8.2,Simatic Batch V9.0,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Net Pc Software V16,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Route Control V8.1,Simatic Route Control V8.2,Simatic Route Control V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15.1,Simatic Wincc (tia Portal) V16,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2020-03-10T19:16:17.000Z,0
CVE-2019-10935,https://securityvulnerability.io/vulnerability/CVE-2019-10935,Code Injection Vulnerability in Siemens SIMATIC WinCC and PCS 7 Products,"A vulnerability in various Siemens SIMATIC WinCC and PCS 7 products allows authenticated attackers to upload arbitrary ASPX code via the WinCC DataMonitor web application. This security issue necessitates network access but does not require user interaction, thereby posing a significant risk to the confidentiality, integrity, and availability of the affected systems. No public exploitation has been reported as of the advisory's release.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc Professional (tia Portal V13),Simatic Wincc Professional (tia Portal V14),Simatic Wincc Professional (tia Portal V15),Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.2,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2019-07-11T21:17:47.000Z,0
CVE-2019-10918,https://securityvulnerability.io/vulnerability/CVE-2019-10918,Remote Code Execution Vulnerability in Siemens SIMATIC Products,"A remote code execution vulnerability has been identified in various versions of Siemens SIMATIC PCS 7 and WinCC products. An authenticated attacker with network access can exploit this vulnerability through the DCOM interface, enabling them to execute arbitrary commands with SYSTEM privileges. This can significantly compromise the confidentiality, integrity, and availability of the affected systems. Successful exploitation requires only low-privileged user credentials and eliminates the need for user interaction. As of the latest advisory publication, no public exploitation of this security vulnerability has been reported.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2019-10916,https://securityvulnerability.io/vulnerability/CVE-2019-10916,Arbitrary Command Execution in Siemens SIMATIC Products,"A vulnerability exists in several Siemens SIMATIC products that allows an attacker with access to the project file to execute arbitrary system commands. This can be done with the privileges of the local database server, potentially impacting the confidentiality, integrity, and availability of the affected systems. No public exploitation has been reported at this time.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2019-10922,https://securityvulnerability.io/vulnerability/CVE-2019-10922,Arbitrary Code Execution Vulnerability in Siemens SIMATIC Products,"An identified vulnerability in Siemens SIMATIC PCS 7 and WinCC products allows an attacker with network access to execute arbitrary code on affected systems. This particularly impacts installations not configured for encrypted communication, enabling unauthorized, unauthenticated access that potentially compromises the integrity, confidentiality, and availability of the device. Mitigations should be implemented to secure affected installations from this risk.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1 And Newer,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3 And Newer",9.8,CRITICAL,0.00686000008136034,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2019-10917,https://securityvulnerability.io/vulnerability/CVE-2019-10917,Denial-of-Service Vulnerability in SIMATIC PCS 7 and WinCC Products by Siemens,"A vulnerability in Siemens SIMATIC PCS 7 and WinCC products allows an attacker with local access to a project file to trigger a Denial-of-Service condition during the loading process. This could compromise the availability of the affected systems. Exploitation requires access to the project file, and there were no known public exploits at the time of the advisory publication.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-14T19:54:48.000Z,0
CVE-2018-4832,https://securityvulnerability.io/vulnerability/CVE-2018-4832,,"A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Openpcs 7 V7.1 And Earlier,Openpcs 7 V8.0,Openpcs 7 V8.1,Openpcs 7 V8.2,Openpcs 7 V9.0,Simatic Batch V7.1 And Earlier,Simatic Batch V8.0,Simatic Batch V8.1,Simatic Batch V8.2,Simatic Batch V9.0,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Pcs 7 V7.1 And Earlier,Simatic Pcs 7 V8.0,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Route Control V7.1 And Earlier,Simatic Route Control V8.0,Simatic Route Control V8.1,Simatic Route Control V8.2,Simatic Route Control V9.0,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Sppa-t3000 Application Server",7.5,HIGH,0.004120000172406435,false,,false,false,false,,,false,false,,2018-04-24T17:00:00.000Z,0
CVE-2017-6865,https://securityvulnerability.io/vulnerability/CVE-2017-6865,,"A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.",Siemens,"Primary Setup Tool (pst),Simatic Automation Tool,Simatic Net Pc-software,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 V5.x,Simatic Winac Rtx 2010 Sp2,Simatic Winac Rtx F 2010 Sp2,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc V7.2 And Prior,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc Flexible 2008,Sinaut St7cc,Sinema Server,Sinumerik 808d Programming Tool,Smart Pc Access,Step 7 - Micro/win Smart,Security Configuration Tool (sct)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2017-05-11T10:00:00.000Z,0