Simatic Pcs7
CVEs (71)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-7586 | 0.00 | — | 0.00 | Jun 10, 2020 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All… | |||
| CVE-2020-7585 | 0.00 | — | 0.00 | Jun 10, 2020 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All… | |||
| CVE-2020-7580 | 0.00 | — | 0.00 | Jun 10, 2020 | A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All… | |||
| CVE-2019-19282 | 0.00 | — | 0.01 | Mar 10, 2020 | A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5),… | |||
| CVE-2019-10935 | 0.00 | — | 0.01 | Jul 11, 2019 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC… | |||
| CVE-2019-10916 | 0.00 | — | 0.02 | May 14, 2019 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC… | |||
| CVE-2019-10922 | 0.00 | — | 0.03 | May 14, 2019 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected… | |||
| CVE-2019-10917 | 0.00 | — | 0.00 | May 14, 2019 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC… | |||
| CVE-2019-10918 | 0.00 | — | 0.02 | May 14, 2019 | A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC… | |||
| CVE-2014-8552 | 0.00 | — | 0.02 | Nov 26, 2014 | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. | |||
| CVE-2014-8551 | 0.00 | — | 0.05 | Nov 26, 2014 | The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | |||
| CVE-2014-4686 | 0.00 | — | 0.01 | Jul 24, 2014 | The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then… | |||
| CVE-2014-4685 | 0.00 | — | 0.00 | Jul 24, 2014 | Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. | |||
| CVE-2014-4684 | 0.00 | — | 0.01 | Jul 24, 2014 | The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||
| CVE-2014-4683 | 0.00 | — | 0.01 | Jul 24, 2014 | The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. | |||
| CVE-2014-4682 | 0.00 | — | 0.02 | Jul 24, 2014 | The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. | |||
| CVE-2013-3959 | 0.00 | — | 0.01 | Jun 14, 2013 | The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account… | |||
| CVE-2013-3958 | 0.00 | — | 0.02 | Jun 14, 2013 | The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. | |||
| CVE-2013-3957 | 0.00 | — | 0.02 | Jun 14, 2013 | SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-0679 | 0.00 | — | 0.02 | Mar 21, 2013 | Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname. |
- CVE-2020-7586Jun 10, 2020risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All…
- CVE-2020-7585Jun 10, 2020risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All…
- CVE-2020-7580Jun 10, 2020risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All…
- CVE-2019-19282Mar 10, 2020risk 0.00cvss —epss 0.01
A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5),…
- CVE-2019-10935Jul 11, 2019risk 0.00cvss —epss 0.01
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC…
- CVE-2019-10916May 14, 2019risk 0.00cvss —epss 0.02
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC…
- CVE-2019-10922May 14, 2019risk 0.00cvss —epss 0.03
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected…
- CVE-2019-10917May 14, 2019risk 0.00cvss —epss 0.00
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC…
- CVE-2019-10918May 14, 2019risk 0.00cvss —epss 0.02
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC…
- CVE-2014-8552Nov 26, 2014risk 0.00cvss —epss 0.02
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.
- CVE-2014-8551Nov 26, 2014risk 0.00cvss —epss 0.05
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.
- CVE-2014-4686Jul 24, 2014risk 0.00cvss —epss 0.01
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then…
- CVE-2014-4685Jul 24, 2014risk 0.00cvss —epss 0.00
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
- CVE-2014-4684Jul 24, 2014risk 0.00cvss —epss 0.01
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.
- CVE-2014-4683Jul 24, 2014risk 0.00cvss —epss 0.01
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
- CVE-2014-4682Jul 24, 2014risk 0.00cvss —epss 0.02
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.
- CVE-2013-3959Jun 14, 2013risk 0.00cvss —epss 0.01
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account…
- CVE-2013-3958Jun 14, 2013risk 0.00cvss —epss 0.02
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
- CVE-2013-3957Jun 14, 2013risk 0.00cvss —epss 0.02
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-0679Mar 21, 2013risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.
Page 3 of 4