cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2017-6865,https://securityvulnerability.io/vulnerability/CVE-2017-6865,,"A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.",Siemens,"Primary Setup Tool (pst),Simatic Automation Tool,Simatic Net Pc-software,Simatic Pcs 7 V8.1,Simatic Pcs 7 V8.2,Simatic Step 7 (tia Portal) V13,Simatic Step 7 (tia Portal) V14,Simatic Step 7 V5.x,Simatic Winac Rtx 2010 Sp2,Simatic Winac Rtx F 2010 Sp2,Simatic Wincc (tia Portal) V13,Simatic Wincc (tia Portal) V14,Simatic Wincc V7.2 And Prior,Simatic Wincc V7.3,Simatic Wincc V7.4,Simatic Wincc Flexible 2008,Sinaut St7cc,Sinema Server,Sinumerik 808d Programming Tool,Smart Pc Access,Step 7 - Micro/win Smart,Security Configuration Tool (sct)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2017-05-11T10:00:00.000Z,0
CVE-2011-4508,https://securityvulnerability.io/vulnerability/CVE-2011-4508,,"The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.",Siemens,Wincc Flexible,,,0.0044200001284480095,false,,false,false,false,,false,false,2012-02-03T20:55:00.000Z,0
CVE-2011-4513,https://securityvulnerability.io/vulnerability/CVE-2011-4513,,"Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.",Siemens,Wincc Flexible,,,0.010830000042915344,false,,false,false,false,,false,false,2012-02-03T20:55:00.000Z,0
CVE-2011-4509,https://securityvulnerability.io/vulnerability/CVE-2011-4509,,"The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.",Siemens,Wincc Flexible,,,0.004120000172406435,false,,false,false,false,,false,false,2012-02-03T20:55:00.000Z,0
CVE-2011-4514,https://securityvulnerability.io/vulnerability/CVE-2011-4514,,"The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.",Siemens,Wincc Flexible,,,0.0044200001284480095,false,,false,false,false,,false,false,2012-02-03T20:55:00.000Z,0
CVE-2011-4510,https://securityvulnerability.io/vulnerability/CVE-2011-4510,,"Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511.",Siemens,Wincc Flexible,,,0.001550000044517219,false,,false,false,false,,false,false,2012-02-03T20:55:00.000Z,0
CVE-2011-4511,https://securityvulnerability.io/vulnerability/CVE-2011-4511,,"Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510.",Siemens,Wincc Flexible,,,0.001550000044517219,false,,false,false,false,,false,false,2012-02-03T20:55:00.000Z,0
CVE-2011-4512,https://securityvulnerability.io/vulnerability/CVE-2011-4512,,"CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.",Siemens,Wincc Flexible,,,0.001930000027641654,false,,false,false,false,,false,false,2012-02-03T20:55:00.000Z,0
CVE-2011-4875,https://securityvulnerability.io/vulnerability/CVE-2011-4875,,"Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.",Siemens,Wincc Flexible,,,0.34330999851226807,false,,false,false,false,,false,false,2012-02-03T20:00:00.000Z,0
CVE-2011-4876,https://securityvulnerability.io/vulnerability/CVE-2011-4876,,"Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.",Siemens,Wincc Flexible,,,0.03254000097513199,false,,false,false,false,,false,false,2012-02-03T20:00:00.000Z,0
CVE-2011-4877,https://securityvulnerability.io/vulnerability/CVE-2011-4877,,"HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.",Siemens,Wincc Flexible,,,0.04276999831199646,false,,false,false,false,,false,false,2012-02-03T20:00:00.000Z,0
CVE-2011-4878,https://securityvulnerability.io/vulnerability/CVE-2011-4878,,"Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.",Siemens,Wincc Flexible,,,0.010859999805688858,false,,false,false,false,,false,false,2012-02-03T20:00:00.000Z,0
CVE-2011-4879,https://securityvulnerability.io/vulnerability/CVE-2011-4879,,"miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.",Siemens,Wincc Flexible,,,0.022180000320076942,false,,false,false,false,,false,false,2012-02-03T20:00:00.000Z,0
CVE-2011-3321,https://securityvulnerability.io/vulnerability/CVE-2011-3321,,"Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.",Siemens,"Simatic Wincc Runtime,Simatic Wincc Flexible Runtime",,,0.041189998388290405,false,,false,false,false,,false,false,2011-09-16T12:35:00.000Z,0