SIMATIC STEP7

CVEs (22)

• CVE-2024-54678HigAug 12, 2025
  Siemens Foundation

  Wincc
  risk 0.53cvss 8.2epss 0.00

  A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions),…

• CVE-2025-40759HigAug 12, 2025
  Siemens Foundation

  Simotion Scout
  risk 0.51cvss 7.8epss 0.00

  A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17…

• CVE-2024-49849HigDec 10, 2024
  Siemens Foundation

  SIMATIC WinCC Unified V19
  risk 0.51cvss 7.8epss 0.00

  A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety…

• CVE-2022-45147HigJul 9, 2024
  Siemens Foundation

  Simatic Pcs7
  risk 0.51cvss 7.8epss 0.00

  A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when…

• CVE-2024-52051HigDec 10, 2024
  Siemens Foundation

  SIMATIC WinCC Unified V19
  risk 0.47cvss 7.3epss 0.00

  A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC…

• CVE-2023-32736HigNov 12, 2024
  Siemens Foundation

  SIMATIC S7-PLCSIM V17
  risk 0.47cvss 7.3epss 0.00

  A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC…

• CVE-2023-32735MedJul 9, 2024
  Siemens Foundation

  SIMATIC WinCC Unified V19
  risk 0.42cvss 6.5epss 0.00

  A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2), SIMATIC STEP 7 V16 (All versions < V16 Update 7), SIMATIC STEP 7 V17…

• CVE-2023-32737MedJul 9, 2024
  Siemens Foundation

  SIMATIC STEP7
  risk 0.41cvss 6.3epss 0.00

  A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute…

• CVE-2016-7959MedOct 13, 2016
  Siemens Foundation

  SIMATIC STEP7
  risk 0.31cvss 4.7epss 0.00

  Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.

• CVE-2016-7960LowOct 13, 2016
  Siemens Foundation

  Simatic Step 7 \(tia Portal\)
  risk 0.16cvss 2.5epss 0.00

  Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.

• CVE-2023-25910Jun 13, 2023
  Siemens Foundation

  Simatic Pcs7
  risk 0.00cvss —epss 0.01

  A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that…

• CVE-2021-31894Jul 13, 2021
  Siemens Foundation

  Simatic Pcs7
  risk 0.00cvss —epss 0.00

  A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions <…

• CVE-2021-31893Jul 13, 2021
  Siemens Foundation

  Simatic Pcs7
  risk 0.00cvss —epss 0.00

  A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All…

• CVE-2020-7586Jun 10, 2020
  Siemens Foundation

  Simatic Pcs7
  risk 0.00cvss —epss 0.00

  A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All…

• CVE-2020-7585Jun 10, 2020
  Siemens Foundation

  Simatic Pcs7
  risk 0.00cvss —epss 0.00

  A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All…

• CVE-2020-7580Jun 10, 2020
  Siemens Foundation

  Simatic Wincc Runtime
  risk 0.00cvss —epss 0.00

  A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All…

• CVE-2015-1602Apr 6, 2015
  Siemens Foundation

  Simatic Step 7 \(tia Portal\)
  risk 0.00cvss —epss 0.00

  Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these…

• CVE-2015-1601Apr 6, 2015
  Siemens Foundation

  Simatic Step 7 \(tia Portal\)
  risk 0.00cvss —epss 0.00

  Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.

• CVE-2015-1594Mar 7, 2015
  Siemens Foundation

  Starter
  risk 0.00cvss —epss 0.00

  Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows…

• CVE-2015-1356Feb 18, 2015
  Siemens Foundation

  Simatic Step 7 \(tia Portal\)
  risk 0.00cvss —epss 0.00

  Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.