319
CVEs
32
Critical
119
High
1
KEV
11
PoC
109
Unpatched C/H
23.2%
Patch Rate
1.7%
Avg EPSS
Severity Breakdown
CRITICAL
32
HIGH
119
MEDIUM
145
LOW
23
Monthly CVE Trend
Affected Products (30)
Wincc
30
Simatic Pcs7
24
Scalance Lpe9403 Firmware
16
Simatic S7 1500 Cpu Firmware
12
Scalance M874 3 Firmware
10
Scalance M876 4 Firmware
10
Scalance M874 2 Firmware
10
Scalance S615 Firmware
10
Scalance M804Pb Firmware
10
Scalance X308 2M Firmware
10
Scalance M876 3 Firmware
10
Scalance Mum856 1 Eu Firmware
9
Scalance X308 2Ld Firmware
9
Scalance M816 1 Annex B Firmware
9
Siplus Net Scalance X308 2 Firmware
9
Scalance X304 2Fe Firmware
9
Scalance M816 1 Annex A Firmware
9
Scalance M876 4 Nam Firmware
9
Scalance X310 Firmware
9
Scalance X408 2 Firmware
9
Scalance Xr324 4M Poe Firmware
9
Scalance X307 3 Firmware
9
Scalance Xr324 12M Firmware
9
Scalance Mum856 1 A1 Firmware
9
Scalance X306 1Ldfe Firmware
9
Scalance Mum856 1 B1 Firmware
9
Scalance Mum856 1 Row Firmware
9
Scalance Mum853 1 A1 Firmware
9
Scalance X307 2Eec Firmware
9
Scalance X308 2Lh Firmware
9
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2010-2568 | Remote code execution in Windows Shell across XP through Windows 7 via malicious .LNK or .PIF shortcut files automatically processed when displayed in Windows Explorer. Confirmed actively exploited (CISA KEV) in 2010 Stuxnet campaign targeting Siemens WinCC SCADA systems, with 92.13% EPSS score reflecting historical widespread exploitation. Public exploits available. Originally weaponized as zero-day before Microsoft MS10-046 patch release. | HIGH | 7.8 | 92.1% | 226 |
KEV
PoC
|
| CVE-2014-2908 | Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.0%. | MEDIUM | 4.3 | 68.0% | 110 |
PoC
No patch
|
| CVE-2015-2177 | Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.6%. | HIGH | 7.5 | 50.6% | 108 |
PoC
No patch
|
| CVE-2012-5409 | AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%. | CRITICAL | 10.0 | 35.4% | 105 |
PoC
No patch
|
| CVE-2014-5074 | Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.9%. | HIGH | 7.1 | 12.9% | 68 |
PoC
|
| CVE-2016-5743 | Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.8% and no vendor patch available. | CRITICAL | 9.8 | 17.8% | 67 |
No patch
|
| CVE-2013-4652 | Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 9.7% | 60 |
No patch
|
| CVE-2017-9946 | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 0.6% | 58 |
PoC
No patch
|
| CVE-2015-1449 | Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 7.6% | 58 |
No patch
|
| CVE-2014-8551 | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 5.8% | 56 |
No patch
|
| CVE-2017-9947 | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 5.3 | 8.5% | 55 |
PoC
No patch
|
| CVE-2013-4781 | core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 3.8% | 54 |
No patch
|
| CVE-2015-1448 | The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 3.4% | 53 |
No patch
|
| CVE-2016-3963 | Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 5.3 | 6.5% | 53 |
PoC
No patch
|
| CVE-2017-12739 | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 3.1% | 52 |
No patch
|