VYPR

Wincc Tia Portal

by Siemens Foundation

CVEs (31)

  • CVE-2013-4912Aug 1, 2013
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

  • CVE-2013-4911Aug 1, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

  • CVE-2013-0672Mar 21, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.

  • CVE-2013-0671Mar 21, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.

  • CVE-2013-0670Mar 21, 2013
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

  • CVE-2013-0669Mar 21, 2013
    risk 0.00cvss epss 0.02

    The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.

  • CVE-2013-0668Mar 21, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2013-0667Mar 21, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2011-4515Mar 21, 2013
    risk 0.00cvss epss 0.00

    Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.

  • CVE-2011-4512Feb 3, 2012
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC…

  • CVE-2011-4508Feb 3, 2012
    risk 0.00cvss epss 0.03

    The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable…

Page 2 of 2