Siemens Simatic Wincc vulnerabilities
38 known vulnerabilities affecting siemens/simatic_wincc.
Total CVEs
38
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH21MEDIUM12
Vulnerabilities
Page 2 of 2
CVE-2019-10917MEDIUMCVSS 5.5≤ 7.2v7.3+5 more2019-05-14
CVE-2019-10917 [MEDIUM] CWE-248 CVE-2019-10917: A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC Wi
nvd
CVE-2019-6576MEDIUMCVSS 6.5fixed in 15.12019-05-14
CVE-2019-6576 [MEDIUM] CWE-310 CVE-2019-6576: A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Upd
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update
nvd
CVE-2018-13814HIGHCVSS 8.8fixed in 14.02018-12-13
CVE-2018-13814 [HIGH] CWE-113 CVE-2018-13814: A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIM
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All
nvd
CVE-2018-13813HIGHCVSS 8.1≤ 15.02018-12-13
CVE-2018-13813 [HIGH] CWE-601 CVE-2018-13813: A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Updat
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMA
nvd
CVE-2018-13812HIGHCVSS 7.5≤ 15.02018-12-13
CVE-2018-13812 [HIGH] CWE-22 CVE-2018-13812: A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Updat
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMAT
nvd
CVE-2018-11453HIGHCVSS 7.8v10.0v11.0+4 more2018-08-07
CVE-2018-11453 [HIGH] CWE-276 CVE-2018-11453: A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11,
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15
nvd
CVE-2018-11454HIGHCVSS 8.6v10.0v11.0+4 more2018-08-07
CVE-2018-11454 [HIGH] CWE-276 CVE-2018-11454: A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11,
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15
nvd
CVE-2018-4832HIGHCVSS 7.5fixed in 7.2v7.2+2 more2018-04-24
CVE-2018-4832 [HIGH] CWE-20 CVE-2018-4832: A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (Al
A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All ver
nvd
CVE-2017-14023MEDIUMCVSS 4.9v7.32017-11-06
CVE-2017-14023 [MEDIUM] CWE-20 CVE-2017-14023: An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 wi
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted me
nvd
CVE-2017-6867MEDIUMCVSS 4.9v7.3v7.4+2 more2017-05-11
CVE-2017-6867 [MEDIUM] CWE-787 CVE-2017-6867: A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SI
A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash ser
nvd
CVE-2017-6865MEDIUMCVSS 6.5v13.0v14.02017-05-11
CVE-2017-6865 [MEDIUM] CWE-20 CVE-2017-6865: A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC A
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal)
nvd
CVE-2016-9160HIGHCVSS 8.1≤ 7.12016-12-17
CVE-2016-9160 [HIGH] CWE-111 CVE-2016-9160: A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.
nvd
CVE-2016-7165MEDIUMCVSS 6.4≤ 7.0v7.0+4 more2016-11-15
CVE-2016-7165 [MEDIUM] CWE-254 CVE-2016-7165: A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC I
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMA
nvd
CVE-2016-5743CRITICALCVSS 9.8≤ 7.3≤ 7.42016-07-22
CVE-2016-5743 [CRITICAL] CWE-20 CVE-2016-5743: Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Upd
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professio
nvd
CVE-2016-5744HIGHCVSS 7.5v7.0v7.22016-07-22
CVE-2016-5744 [HIGH] CWE-200 CVE-2016-5744: Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC statio
Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.
nvd
CVE-2014-8551CRITICALCVSS 10.0v7.0v7.2+1 more2014-11-26
CVE-2014-8551 [CRITICAL] CWE-94 CVE-2014-8551: The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Updat
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.
nvd
CVE-2014-8552MEDIUMCVSS 5.0v7.0v7.2+1 more2014-11-26
CVE-2014-8552 [MEDIUM] CWE-200 CVE-2014-8552: The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Updat
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.
nvd
CVE-2010-2772HIGHCVSS 7.8Exploitedv6.2v7.02010-07-22
CVE-2010-2772 [HIGH] CVE-2010-2772: Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
nvd
← Previous2 / 2