Skip to main content

Simatic Step 7

17 CVEs product

Monthly

CVE-2023-25910 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Simatic Pcs 7 Simatic S7 Pm Simatic Step 7
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-7588 MEDIUM This Month

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Opcenter Execution Discrete Opcenter Execution Foundation Opcenter Execution Process +10
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2020-7587 HIGH This Week

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Opcenter Execution Discrete Opcenter Execution Foundation Opcenter Execution Process +10
NVD
CVSS 3.1
8.2
EPSS
2.5%
CVE-2020-7581 MEDIUM This Month

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Opcenter Execution Discrete Opcenter Execution Foundation Opcenter Execution Process +8
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-7586 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Simatic Pcs 7 Simatic Process Device Manager Simatic Step 7 +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7585 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Process Device Manager Simatic Step 7 Sinamics Starter
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-7580 MEDIUM This Month

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Simatic Automatic Tool Simatic Net Pc Simatic Pcs 7 Simatic Pcs Neo +13
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-10929 MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +16
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2016-7165 MEDIUM This Month

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14),. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Microsoft Primary Setup Tool Security Configuration Tool Simatic It Production Suite +15
NVD
CVSS 3.0
6.4
EPSS
0.4%
CVE-2016-7960 LOW PATCH Monitor

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 3.0
2.5
EPSS
0.1%
CVE-2016-7959 MEDIUM This Month

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2015-1602 LOW PATCH Monitor

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-1601 MEDIUM PATCH This Month

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-1594 MEDIUM This Month

Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Siemens Starter Simatic Prosave Simotion Scout +2
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-1356 MEDIUM This Month

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Siemens Simatic Step 7
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-1355 LOW Monitor

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-3015 MEDIUM This Month

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse. Rated medium severity (CVSS 6.9). No vendor patch available.

Siemens Information Disclosure Simatic Pcs7 Simatic Step 7
NVD
CVSS 2.0
6.9
EPSS
0.1%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Simatic Pcs 7 +2
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Opcenter Execution Discrete +12
NVD
EPSS 2% CVSS 8.2
HIGH This Week

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Opcenter Execution Discrete +12
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Opcenter Execution Discrete +10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Simatic Pcs 7 +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Simatic Pcs 7 Simatic Process Device Manager +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Simatic Automatic Tool Simatic Net Pc +15
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware +18
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14),. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Microsoft Primary Setup Tool +17
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Siemens Simatic Step 7
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Siemens Simatic Step 7
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Siemens Simatic Step 7
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Siemens Simatic Step 7
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and. Rated medium severity (CVSS 6.9). No vendor patch available.

Information Disclosure Siemens Starter +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Siemens Simatic Step 7
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Step 7
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse. Rated medium severity (CVSS 6.9). No vendor patch available.

Siemens Information Disclosure Simatic Pcs7 +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy