Skip to main content

Wincc

31 CVEs product

Monthly

CVE-2023-30897 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Wincc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-12069 HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 Wincc Local Discovery Server +1
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2015-2823 MEDIUM PATCH This Month

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Siemens Authentication Bypass Wincc
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-2822 MEDIUM PATCH This Month

Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Siemens Wincc
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-1358 MEDIUM This Month

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Wincc
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-4686 MEDIUM This Month

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4685 MEDIUM This Month

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4684 MEDIUM This Month

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-4683 MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.9
EPSS
0.2%
CVE-2014-4682 MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-4912 MEDIUM This Month

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Open Redirect Wincc
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-4911 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Siemens Wincc
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-3959 MEDIUM This Month

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Information Disclosure Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-3958 HIGH This Week

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 Wincc
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-3957 HIGH This Week

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens SQLi Simatic Pcs7 Wincc
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-0679 MEDIUM This Month

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-0678 MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0677 MEDIUM This Month

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Denial Of Service Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-0676 MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-0675 MEDIUM This Month

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Siemens Denial Of Service Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2013-0674 MEDIUM This Month

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Siemens RCE Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2012-3034 MEDIUM PATCH This Month

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Siemens Information Disclosure Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-3032 HIGH PATCH This Week

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens SQLi Simatic Pcs7 Wincc
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-3031 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Siemens XSS Simatic Pcs7 Wincc
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-3030 MEDIUM PATCH This Month

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Siemens Simatic Pcs7 Wincc
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-3028 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Siemens Denial Of Service Simatic Pcs7 Wincc
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-3003 MEDIUM This Month

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Open Redirect Wincc
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-2598 MEDIUM This Month

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Siemens Denial Of Service Wincc
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-2597 MEDIUM This Month

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Wincc
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2012-2596 MEDIUM This Month

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Code Injection RCE Wincc
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2012-2595 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Wincc
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Wincc
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 +3
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Siemens Authentication Bypass Wincc
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Siemens Wincc
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Wincc
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Pcs7 +1
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Open Redirect Wincc
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Siemens Wincc
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Information Disclosure Simatic Pcs7 +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens SQLi Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Simatic Pcs7 +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Simatic Pcs7 +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Denial Of Service +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Siemens Denial Of Service +2
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Siemens RCE +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Siemens Information Disclosure Simatic Pcs7 +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens SQLi Simatic Pcs7 +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Siemens XSS Simatic Pcs7 +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Siemens Simatic Pcs7 +1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Siemens Denial Of Service +2
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Open Redirect Wincc
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Siemens Denial Of Service +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Wincc
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Code Injection RCE +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Wincc
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy