cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-44102,https://securityvulnerability.io/vulnerability/CVE-2024-44102,Serielization Vulnerability in TeleControl Server Basic Could Allow Arbitrary Code Execution,"A vulnerability in Siemens TeleControl Server products has been identified that allows remote attackers to exploit insecure deserialization mechanisms. Specifically, all versions of the TeleControl Server Basic products (Basic 8 to 5000 V3.1) and related upgrades that are below version V3.1.2.1, when configured with redundancy, are affected. An unauthenticated attacker can send specially crafted serialized objects to the affected systems, potentially leading to arbitrary code execution with SYSTEM privileges. This presents a significant security risk, necessitating immediate action to protect deployed systems.",Siemens,"Pp Telecontrol Server Basic 1000 To 5000 V3.1,Pp Telecontrol Server Basic 256 To 1000 V3.1,Pp Telecontrol Server Basic 32 To 64 V3.1,Pp Telecontrol Server Basic 64 To 256 V3.1,Pp Telecontrol Server Basic 8 To 32 V3.1,Telecontrol Server Basic 1000 V3.1,Telecontrol Server Basic 256 V3.1,Telecontrol Server Basic 32 V3.1,Telecontrol Server Basic 5000 V3.1,Telecontrol Server Basic 64 V3.1,Telecontrol Server Basic 8 V3.1,Telecontrol Server Basic Serv Upgr,Telecontrol Server Basic Upgr V3.1",10,CRITICAL,0.0006000000284984708,false,,false,false,false,,false,false,2024-11-12T12:49:33.464Z,0
CVE-2022-43514,https://securityvulnerability.io/vulnerability/CVE-2022-43514,Directory Traversal Vulnerability in Siemens Automation License Manager and TeleControl Server,"A directory traversal vulnerability exists in various versions of Siemens Automation License Manager and TeleControl Server. This flaw allows an unauthenticated remote attacker to manipulate file and folder structures beyond the designated root directory. By exploiting this vulnerability, an attacker could execute unauthorized file operations, potentially leading to serious security breaches. When combined with another vulnerability, there is a risk of remote code execution, endangering the integrity of the overall system.",Siemens,"Automation License Manager V5,Automation License Manager V6,Telecontrol Server Basic V3",7.7,HIGH,0.014510000124573708,false,,false,false,false,,false,false,2023-01-10T11:39:39.909Z,0
CVE-2022-43513,https://securityvulnerability.io/vulnerability/CVE-2022-43513,Unauthorized File Manipulation in Siemens Automation License Manager and TeleControl Server,"A vulnerability exists in Siemens Automation License Manager and TeleControl Server that permits an unauthenticated remote attacker to manipulate license files. The affected versions allow users to rename files using their input without proper authentication checks. This flaw can lead to unauthorized alterations performed at the system level, potentially compromising system integrity and leading to further exploitation.",Siemens,"Automation License Manager V5,Automation License Manager V6,Telecontrol Server Basic V3",8.2,HIGH,0.002099999925121665,false,,false,false,false,,false,false,2023-01-10T11:39:38.879Z,0
CVE-2019-6575,https://securityvulnerability.io/vulnerability/CVE-2019-6575,,"A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7"" & 15"" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4"" - 22"" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.",Siemens,"Simatic Cp 443-1 Opc Ua,Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Hmi Comfort Outdoor Panels 7"" & 15"" (incl. Siplus Variants),Simatic Hmi Comfort Panels 4"" - 22"" (incl. Siplus Variants),Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 And Ktp900f,Simatic Ipc Diagmonitor,Simatic Net Pc Software V13,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Rf188c,Simatic Rf600r Family,Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic Wincc Oa,Simatic Wincc Runtime Advanced,Sinec Nms,Sinema Server,Sinumerik Opc Ua Server,Telecontrol Server Basic",7.5,HIGH,0.0017900000093504786,false,,false,false,false,,false,false,2019-04-17T13:40:24.000Z,0
CVE-2018-4836,https://securityvulnerability.io/vulnerability/CVE-2018-4836,,A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.,Siemens,Telecontrol Server Basic,8.8,HIGH,0.0019099999917671084,false,,false,false,false,,false,false,2018-01-25T00:00:00.000Z,0
CVE-2018-4835,https://securityvulnerability.io/vulnerability/CVE-2018-4835,,A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.,Siemens,Telecontrol Server Basic,5.3,MEDIUM,0.0012799999676644802,false,,false,false,false,,false,false,2018-01-25T00:00:00.000Z,0
CVE-2018-4837,https://securityvulnerability.io/vulnerability/CVE-2018-4837,,A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.,Siemens,Telecontrol Server Basic,7.5,HIGH,0.0021299999207258224,false,,false,false,false,,false,false,2018-01-25T00:00:00.000Z,0
CVE-2016-7165,https://securityvulnerability.io/vulnerability/CVE-2016-7165,,"A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (""C:\Program Files\*"" or the localized equivalent).",Siemens,"Simatic Wincc,Simatic Wincc Runtime,Simatic Wincc \(tia Portal\),Simit,Simatic Pcs7,Simatic Step 7 \(tia Portal\),Simatic Pcs 7,Sinema Remote Connect,Simatic Step 7,Simatic Winac Rtx 2010,Softnet Security Client,Simatic Net Pc Software,Simatic It Production Suite,Telecontrol Basic,Security Configuration Tool,Primary Setup Tool,Sinema Server,Simatic Winac Rtx F 2010",6.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2016-11-15T19:00:00.000Z,0