Simatic Wincc Open Architecture
Monthly
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions),. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.