cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-30757,https://securityvulnerability.io/vulnerability/CVE-2023-30757,Know-How Protection Flaw in Siemens Totally Integrated Automation Portal Products,"A critical vulnerability exists within Siemens Totally Integrated Automation Portal products that impacts the know-how protection feature. When project files are updated, the encryption for existing program blocks is not properly refreshed, permitting attackers with access to the project files to retrieve older, unprotected versions of the project. This unauthorized access occurs without requiring the know-how protection password, posing a significant risk to the confidentiality and integrity of sensitive automation data.",Siemens,"Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19,Totally Integrated Automation Portal (tia Portal) V20",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-26293,https://securityvulnerability.io/vulnerability/CVE-2023-26293,Path Traversal Vulnerability in Siemens Totally Integrated Automation Portal,"A path traversal vulnerability has been discovered in Siemens' Totally Integrated Automation Portal, impacting various versions. This flaw could allow an attacker to write or modify arbitrary files within the engineering system. If users inadvertently open a compromised PC system configuration file, it may lead to unauthorized code execution, posing significant security risks.",Siemens,"Totally Integrated Automation Portal (tia Portal) V15,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.3,HIGH,0.0006200000061653554,false,,false,false,false,,false,false,2023-04-11T10:15:00.000Z,0
CVE-2021-42029,https://securityvulnerability.io/vulnerability/CVE-2021-42029,Privilege Escalation in Siemens SIMATIC STEP 7 Engineering Software,"A vulnerability has been identified in Siemens SIMATIC STEP 7 (TIA Portal) affecting versions V15, V16 prior to Update 5, and V17 prior to Update 2. This vulnerability allows an attacker with direct access to the impacted web server to escalate their privileges on the engineering system software. Improper access controls can enable malicious users to gain unauthorized access, posing significant security risks to affected systems.",Siemens,"Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simatic Step 7 (tia Portal) V17",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2022-04-12T09:07:30.000Z,0
CVE-2020-7588,https://securityvulnerability.io/vulnerability/CVE-2020-7588,,"A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.",Siemens,"Opcenter Execution Discrete,Opcenter Execution Foundation,Opcenter Execution Process,Opcenter Intelligence,Opcenter Quality,Opcenter Rd&l,Simatic It Lms,Simatic It Production Suite,Simatic Notifier Server For Windows,Simatic Pcs Neo,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simocode Es V15.1,Simocode Es V16,Soft Starter Es V15.1,Soft Starter Es V16",5.3,MEDIUM,0.0010999999940395355,false,,false,false,false,,false,false,2020-07-14T13:18:05.000Z,0
CVE-2020-7587,https://securityvulnerability.io/vulnerability/CVE-2020-7587,,"A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.",Siemens,"Opcenter Execution Discrete,Opcenter Execution Foundation,Opcenter Execution Process,Opcenter Intelligence,Opcenter Quality,Opcenter Rd&l,Simatic It Lms,Simatic It Production Suite,Simatic Notifier Server For Windows,Simatic Pcs Neo,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simocode Es V15.1,Simocode Es V16,Soft Starter Es V15.1,Soft Starter Es V16",8.2,HIGH,0.002460000105202198,false,,false,false,false,,false,false,2020-07-14T13:18:05.000Z,0
CVE-2020-7581,https://securityvulnerability.io/vulnerability/CVE-2020-7581,,"A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.",Siemens,"Opcenter Execution Discrete,Opcenter Execution Foundation,Opcenter Execution Process,Opcenter Intelligence,Opcenter Quality,Opcenter Rd&l,Simatic Notifier Server For Windows,Simatic Pcs Neo,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simocode Es V15.1,Simocode Es V16,Soft Starter Es V15.1,Soft Starter Es V16",6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,2020-07-14T13:18:05.000Z,0
CVE-2020-7580,https://securityvulnerability.io/vulnerability/CVE-2020-7580,,"A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.",Siemens,"Simatic Automation Tool,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Net Pc Software V16,Simatic Pcs Neo,Simatic Prosave,Simatic S7-1500 Software Controller,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simatic Step 7 V5,Simatic Wincc Oa V3.16,Simatic Wincc Oa V3.17,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc Runtime Professional V16,Simatic Wincc V7.4,Simatic Wincc V7.5,Sinamics Starter,Sinamics Startdrive,Sinec Nms,Sinema Server,Sinumerik One Virtual,Sinumerik Operate",6.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2020-06-10T00:00:00.000Z,0
CVE-2019-19282,https://securityvulnerability.io/vulnerability/CVE-2019-19282,,"A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.
Successful exploitation requires no system privileges and no user interaction.",Siemens,"Openpcs 7 V8.1,Openpcs 7 V8.2,Openpcs 7 V9.0,Simatic Batch V8.1,Simatic Batch V8.2,Simatic Batch V9.0,Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic Net Pc Software V16,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Route Control V8.1,Simatic Route Control V8.2,Simatic Route Control V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15.1,Simatic Wincc (tia Portal) V16,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.5,HIGH,0.0010600000387057662,false,,false,false,false,,false,false,2020-03-10T19:16:17.000Z,0
CVE-2019-10934,https://securityvulnerability.io/vulnerability/CVE-2019-10934,,"A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Tia Portal V14,Tia Portal V15,Tia Portal V16,Tia Portal V17",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2020-01-16T15:35:24.000Z,0
CVE-2019-10929,https://securityvulnerability.io/vulnerability/CVE-2019-10929,,"A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.",Siemens,"Simatic Cp 1626,Simatic Et 200sp Open Controller Cpu 1515sp Pc (incl. Siplus Variants),Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants),Simatic Hmi Panel (incl. Siplus Variants),Simatic Net Pc Software V14,Simatic Net Pc Software V15,Simatic S7-1200 Cpu Family (incl. Siplus Variants),Simatic S7-1500 Cpu Family (incl. Related Et200 Cpus And Siplus Variants),Simatic S7-1500 Software Controller,Simatic S7-plcsim Advanced,Simatic Step 7 (tia Portal),Simatic Wincc (tia Portal),Simatic Wincc Oa,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional,Tim 1531 Irc (incl. Siplus Net Variants)",5.9,MEDIUM,0.002360000042244792,false,,false,false,false,,false,false,2019-08-13T18:55:57.000Z,0
CVE-2019-10935,https://securityvulnerability.io/vulnerability/CVE-2019-10935,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc Professional (tia Portal V13),Simatic Wincc Professional (tia Portal V14),Simatic Wincc Professional (tia Portal V15),Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",7.2,HIGH,0.0009200000204145908,false,,false,false,false,,false,false,2019-07-11T21:17:47.000Z,0
CVE-2019-10916,https://securityvulnerability.io/vulnerability/CVE-2019-10916,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009699999936856329,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0
CVE-2019-10917,https://securityvulnerability.io/vulnerability/CVE-2019-10917,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0
CVE-2019-10918,https://securityvulnerability.io/vulnerability/CVE-2019-10918,,"A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens Ag,"Simatic Pcs 7 V8.0 And Earlier,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Pcs 7 V9.0,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc (tia Portal) V15,Simatic Wincc Runtime Professional V13,Simatic Wincc Runtime Professional V14,Simatic Wincc Runtime Professional V15,Simatic Wincc V7.2 And Earlier,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc V7.5",8.8,HIGH,0.0009500000160187483,false,,false,false,false,,false,false,2019-05-14T19:54:48.000Z,0
CVE-2018-11454,https://securityvulnerability.io/vulnerability/CVE-2018-11454,,"A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.",Siemens,"Simatic Step 7 (tia Portal) And Wincc (tia Portal) V10, V11, V12, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V13, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V14, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V15",8.6,HIGH,0.0006900000153109431,false,,false,false,false,,false,false,2018-08-07T00:00:00.000Z,0
CVE-2018-11453,https://securityvulnerability.io/vulnerability/CVE-2018-11453,,"A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.",Siemens,"Simatic Step 7 (tia Portal) And Wincc (tia Portal) V10, V11, V12, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V13, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V14, Simatic Step 7 (tia Portal) And Wincc (tia Portal) V15",7.8,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,2018-08-07T00:00:00.000Z,0