cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-46285,https://securityvulnerability.io/vulnerability/CVE-2023-46285,Input Validation Vulnerability in Siemens Automation Products,"An improper input validation vulnerability exists in various Siemens automation products. This flaw can be exploited by sending specially crafted messages to the service running on port 4004/tcp, potentially leading to a Denial-of-Service condition. Notably, the affected services are designed to auto-restart once a failure is detected, which may make detection of the attack more challenging.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46284,https://securityvulnerability.io/vulnerability/CVE-2023-46284,Out of Bounds Write Vulnerability in Siemens Automation Products,"A significant out of bounds write vulnerability exists in various Siemens automation products, including Opcenter Execution Foundation and the Totally Integrated Automation Portal. This vulnerability arises when specific requests are processed on designated TCP ports (4002 and 4004), leading to a potential application crash. The affected services are designed to auto-restart following a crash, which may allow an attacker to exploit the application further. Timely updates to the latest versions are crucial for mitigating this risk.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46283,https://securityvulnerability.io/vulnerability/CVE-2023-46283,Out of Bounds Write Vulnerability in Opcenter and TIA Portal by Siemens,"A vulnerability exists in various Siemens software products that allows for an out of bounds write, potentially leading an attacker to crash the application while processing specific requests on a designated TCP port. Following the crash, the affected service is configured to automatically restart, which could be exploited by an attacker for further malicious actions. It's crucial for users of Opcenter Execution Foundation, TIA Portal, and related products to ensure they are running the latest versions to mitigate this risk.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46282,https://securityvulnerability.io/vulnerability/CVE-2023-46282,Reflected Cross-Site Scripting Vulnerability in Siemens Automation Products,"A reflected cross-site scripting vulnerability has been found in various Siemens automation products, including the Opcenter Execution Foundation and the Totally Integrated Automation Portal. This flaw allows attackers to inject arbitrary JavaScript code into the web interface, which could subsequently be executed by another user, potentially compromising their session and leading to unauthorized actions. The affected versions span multiple platforms, necessitating immediate attention for users of these critical systems.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46281,https://securityvulnerability.io/vulnerability/CVE-2023-46281,CORS Misconfiguration in Siemens Web Interfaces,"A vulnerability exists in the web interfaces of several Siemens products, where an overly permissive CORS policy could allow an attacker to exploit this misconfiguration. By manipulating CORS settings, an attacker could deceive legitimate users into triggering unintended actions, which may compromise the security of the user's session or expose sensitive data.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",8.8,HIGH,0.0018500000005587935,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-30757,https://securityvulnerability.io/vulnerability/CVE-2023-30757,Know-How Protection Flaw in Siemens Totally Integrated Automation Portal Products,"A critical vulnerability exists within Siemens Totally Integrated Automation Portal products that impacts the know-how protection feature. When project files are updated, the encryption for existing program blocks is not properly refreshed, permitting attackers with access to the project files to retrieve older, unprotected versions of the project. This unauthorized access occurs without requiring the know-how protection password, posing a significant risk to the confidentiality and integrity of sensitive automation data.",Siemens,"Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19,Totally Integrated Automation Portal (tia Portal) V20",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2020-7580,https://securityvulnerability.io/vulnerability/CVE-2020-7580,,"A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.",Siemens,"Simatic Automation Tool,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Net Pc Software V16,Simatic Pcs Neo,Simatic Prosave,Simatic S7-1500 Software Controller,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simatic Step 7 V5,Simatic Wincc Oa V3.16,Simatic Wincc Oa V3.17,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc Runtime Professional V16,Simatic Wincc V7.4,Simatic Wincc V7.5,Sinamics Starter,Sinamics Startdrive,Sinec Nms,Sinema Server,Sinumerik One Virtual,Sinumerik Operate",6.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2020-06-10T00:00:00.000Z,0
CVE-2019-19282,https://securityvulnerability.io/vulnerability/CVE-2019-19282,,"A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.
Successful exploitation requires no system privileges and no user interaction.",Siemens,"Openpcs 7 V8.1,Openpcs 7 V8.2,Openpcs 7 V9.0,Simatic Batch V8.1,Simatic Batch V8.2,Simatic Batch V9.0,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Net Pc Software V16,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Route Control V8.1,Simatic Route Control V8.2,Simatic Route Control V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15.1,Simatic Wincc (tia Portal) V16,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.5,HIGH,0.0010600000387057662,false,,false,false,false,,false,false,2020-03-10T19:16:17.000Z,0
CVE-2019-10934,https://securityvulnerability.io/vulnerability/CVE-2019-10934,,"A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Tia Portal V14,Tia Portal V15,Tia Portal V16,Tia Portal V17",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2020-01-16T15:35:24.000Z,0
CVE-2019-10929,https://securityvulnerability.io/vulnerability/CVE-2019-10929,,"A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.",Siemens,"Simatic Cp 1626,Simatic Et 200sp Open Controller Cpu 1515sp Pc (incl. Siplus Variants),Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Hmi Panel (incl. Siplus Variants),Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic S7-1200 Cpu Family (incl. Siplus Variants),Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic S7-plcsim Advanced,Simatic Step 7 (tia Portal),Simatic Wincc (tia Portal),Simatic Wincc Oa,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Tim 1531 Irc (incl. Siplus Net Variants)",5.9,MEDIUM,0.002360000042244792,false,,false,false,false,,false,false,2019-08-13T18:55:57.000Z,0
CVE-2019-10935,https://securityvulnerability.io/vulnerability/CVE-2019-10935,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc Professional (tia Portal V13),Simatic Wincc Professional (tia Portal V14),Simatic Wincc Professional (tia Portal V15),Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.2,HIGH,0.0009200000204145908,false,,false,false,false,,false,false,2019-07-11T21:17:47.000Z,0
CVE-2019-10918,https://securityvulnerability.io/vulnerability/CVE-2019-10918,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009500000160187483,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0
CVE-2019-10917,https://securityvulnerability.io/vulnerability/CVE-2019-10917,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0
CVE-2019-10916,https://securityvulnerability.io/vulnerability/CVE-2019-10916,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009699999936856329,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0
CVE-2018-11454,https://securityvulnerability.io/vulnerability/CVE-2018-11454,,"A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.",Siemens,"Simatic Step 7 (tia Portal) And Wincc (tia Portal) V10, V11, V12, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V13, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V14, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V15",8.6,HIGH,0.0006900000153109431,false,,false,false,false,,false,false,2018-08-07T00:00:00.000Z,0
CVE-2018-11453,https://securityvulnerability.io/vulnerability/CVE-2018-11453,,"A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.",Siemens,"Simatic Step 7 (tia Portal) And Wincc (tia Portal) V10, V11, V12, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V13, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V14, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V15",7.8,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,2018-08-07T00:00:00.000Z,0
CVE-2017-6865,https://securityvulnerability.io/vulnerability/CVE-2017-6865,,"A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.",Siemens,"Primary Setup Tool (pst),Simatic Automation Tool,Simatic Net Pc-software,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 V5.x,Simatic Winac Rtx 2010 Sp2,Simatic Winac Rtx F 2010 Sp2,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc V7.2 And Prior,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc Flexible 2008,Sinaut St7cc,Sinema Server,Sinumerik 808d Programming Tool,Smart Pc Access,Step 7 - Micro/win Smart,Security Configuration Tool (sct)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2017-05-11T10:00:00.000Z,0