cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-35796,https://securityvulnerability.io/vulnerability/CVE-2023-35796,Stored Cross-Site Scripting Vulnerability in SINEMA Server by Siemens,"A vulnerability exists in SINEMA Server V14, where certain SNMP configuration data fetched from monitored devices is not properly sanitized. This imperfection allows an attacker with access to those devices to carry out a stored cross-site scripting (XSS) attack. Successful exploitation of this vulnerability could enable the attacker to execute arbitrary code with SYSTEM privileges on the application server, potentially resulting in severe security implications.",Siemens,Sinema Server V14,8.3,HIGH,0.0009200000204145908,false,,false,false,false,,false,false,2023-10-10T11:15:00.000Z,0
CVE-2022-24281,https://securityvulnerability.io/vulnerability/CVE-2022-24281,,"A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.",Siemens,"Sinec Nms,Sinema Server V14",7.2,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2022-03-08T00:00:00.000Z,0
CVE-2022-24282,https://securityvulnerability.io/vulnerability/CVE-2022-24282,,"A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.",Siemens,"Sinec Nms,Sinema Server V14",7.2,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2022-03-08T00:00:00.000Z,0
CVE-2022-25311,https://securityvulnerability.io/vulnerability/CVE-2022-25311,,"A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.",Siemens,"Sinec Nms,Sinema Server V14",7.3,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2022-03-08T00:00:00.000Z,0
CVE-2020-7580,https://securityvulnerability.io/vulnerability/CVE-2020-7580,,"A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.",Siemens,"Simatic Automation Tool,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Net Pc Software V16,Simatic Pcs Neo,Simatic Prosave,Simatic S7-1500 Software Controller,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simatic Step 7 V5,Simatic Wincc Oa V3.16,Simatic Wincc Oa V3.17,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc Runtime Professional V16,Simatic Wincc V7.4,Simatic Wincc V7.5,Sinamics Starter,Sinamics Startdrive,Sinec Nms,Sinema Server,Sinumerik One Virtual,Sinumerik Operate",6.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2020-06-10T00:00:00.000Z,0
CVE-2019-6575,https://securityvulnerability.io/vulnerability/CVE-2019-6575,,"A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4"" - 22"" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.",Siemens,"Simatic Cp 443-1 Opc Ua,Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels 7"" & 15"" (incl. Siplus Variants),Simatic Hmi Comfort Panels 4"" - 22"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Ipc Diagmonitor,Simatic Net Pc Software V13,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Rf188c,Simatic Rf600r Family,Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic Wincc Oa,Simatic Wincc Runtime Advanced,Sinec Nms,Sinema Server,Sinumerik Opc Ua Server,Telecontrol Server Basic",7.5,HIGH,0.0017900000093504786,false,,false,false,false,,false,false,2019-04-17T13:40:24.000Z,0
CVE-2017-6865,https://securityvulnerability.io/vulnerability/CVE-2017-6865,,"A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.",Siemens,"Primary Setup Tool (pst),Simatic Automation Tool,Simatic Net Pc-software,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 V5.x,Simatic Winac Rtx 2010 Sp2,Simatic Winac Rtx F 2010 Sp2,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc V7.2 And Prior,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc Flexible 2008,Sinaut St7cc,Sinema Server,Sinumerik 808d Programming Tool,Smart Pc Access,Step 7 - Micro/win Smart,Security Configuration Tool (sct)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2017-05-11T10:00:00.000Z,0