Skip to main content

Simatic Wincc Runtime

12 CVEs product

Monthly

CVE-2022-30694 MEDIUM PATCH This Month

The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced Simatic Wincc Runtime 6Es7154 8Fb01 0Ab0 Firmware +109
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-40142 HIGH PATCH This Week

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Local Discover Server Simatic Process Historian Opc Ua Server Firmware Simatic Net Pc +4
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-10929 MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +16
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2019-10935 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Simatic Pcs 7 Simatic Wincc Simatic Wincc Runtime
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-6577 MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2019-6576 MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2019-6572 CRITICAL Act Now

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2018-13814 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-13813 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-13812 HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware +8
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2017-6867 MEDIUM This Month

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Siemens Simatic Wincc Simatic Wincc Tia Portal +1
NVD
CVSS 3.0
4.9
EPSS
0.6%
CVE-2016-7165 MEDIUM This Month

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14),. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Microsoft Primary Setup Tool Security Configuration Tool Simatic It Production Suite +15
NVD
CVSS 3.0
6.4
EPSS
0.4%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The login endpoint /FormLogin in affected web services does not apply proper origin checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced +111
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Local Discover Server +6
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Simatic Et 200Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2 Firmware +18
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Simatic Pcs 7 Simatic Wincc +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware +10
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware +10
NVD VulDB
EPSS 3% CVSS 9.1
CRITICAL Act Now

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware +10
NVD
EPSS 2% CVSS 8.1
HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware +10
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Simatic Hmi Comfort Panels Firmware Simatic Hmi Comfort Outdoor Panels Firmware +10
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Siemens +3
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14),. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Microsoft Primary Setup Tool +17
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy