Skip to main content

Simatic Pcs7

25 CVEs product

Monthly

CVE-2017-14023 MEDIUM This Month

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Pcs7 Simatic Wincc
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2017-12069 HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 Wincc Local Discovery Server +1
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2016-7165 MEDIUM This Month

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14),. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Microsoft Primary Setup Tool Security Configuration Tool Simatic It Production Suite +15
NVD
CVSS 3.0
6.4
EPSS
0.4%
CVE-2014-8552 MEDIUM This Month

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs 7 Simatic Pcs7 Simatic Tiaportal +1
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-8551 CRITICAL Act Now

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Siemens Simatic Pcs 7 Simatic Pcs7 +2
NVD
CVSS 2.0
10.0
EPSS
5.8%
CVE-2014-4686 MEDIUM This Month

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4685 MEDIUM This Month

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4684 MEDIUM This Month

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-4683 MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-4682 MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-3959 MEDIUM This Month

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Information Disclosure Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-3958 HIGH This Week

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 Wincc
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3957 HIGH This Week

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens SQLi Simatic Pcs7 Wincc
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-0679 MEDIUM This Month

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-0678 MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0677 MEDIUM This Month

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Denial Of Service Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-0676 MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0675 MEDIUM This Month

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Siemens Denial Of Service Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2013-0674 MEDIUM This Month

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Siemens RCE Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2012-3034 MEDIUM PATCH This Month

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Siemens Information Disclosure Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-3032 HIGH PATCH This Week

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens SQLi Simatic Pcs7 Wincc
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-3031 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Siemens XSS Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-3030 MEDIUM PATCH This Month

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-3028 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Siemens Denial Of Service Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-3015 MEDIUM This Month

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse. Rated medium severity (CVSS 6.9). No vendor patch available.

Siemens Information Disclosure Simatic Pcs7 Simatic Step 7
NVD
CVSS 2.0
6.9
EPSS
0.1%
EPSS 3% CVSS 4.9
MEDIUM This Month

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Pcs7 +1
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 +3
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14),. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Microsoft Primary Setup Tool +17
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs 7 +3
NVD
EPSS 6% CVSS 10.0
CRITICAL Act Now

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Siemens +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Information Disclosure Simatic Pcs7 +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens SQLi Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Denial Of Service +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Siemens Denial Of Service +2
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Siemens RCE +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Siemens Information Disclosure Simatic Pcs7 +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens SQLi Simatic Pcs7 +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Siemens XSS Simatic Pcs7 +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Siemens Denial Of Service +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse. Rated medium severity (CVSS 6.9). No vendor patch available.

Siemens Information Disclosure Simatic Pcs7 +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy