cbcvebase.

Siemens Simatic Wincc Open Architecture vulnerabilities

8 known vulnerabilities affecting siemens/simatic_wincc_open_architecture.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2018-3991P2CRITICALCVSS 9.8v3.14v3.15+1 more2019-02-05
CVE-2018-3991 [CRITICAL] CWE-787 CVE-2018-3991: An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network s An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.
nvd
CVE-2018-13799P3CRITICALCVSS 9.1≤ 3.142018-09-12
CVE-2018-13799 [CRITICAL] CWE-269 CVE-2018-13799: A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access
nvd
CVE-2014-1697P3HIGHCVSS 7.5≤ 3.122014-02-07
CVE-2014-1697 [HIGH] CVE-2014-1697: The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attacke The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.
nvd
CVE-2014-1698P3MEDIUMCVSS 5.0≤ 3.122014-02-07
CVE-2014-1698 [MEDIUM] CWE-22 CVE-2014-1698: Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.
nvd
CVE-2020-7580P4MEDIUMCVSS 6.7v3.16v3.172020-06-10
CVE-2020-7580 [MEDIUM] CWE-428 CVE-2020-7580: A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Softwa
nvd
CVE-2019-10929P4MEDIUMCVSS 5.9≤ 3.15v3.162019-08-13
CVE-2019-10929 [MEDIUM] CWE-327 CVE-2019-10929: A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Control A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versio
nvd
CVE-2014-1696P4MEDIUMCVSS 5.0≤ 3.122014-02-07
CVE-2014-1696 [MEDIUM] CWE-310 CVE-2014-1696: Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which ma Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.
nvd
CVE-2014-1699P4MEDIUMCVSS 5.0≤ 3.122014-02-07
CVE-2014-1699 [MEDIUM] CWE-399 CVE-2014-1699: Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of servi Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.
nvd
Siemens Simatic Wincc Open Architecture vulnerabilities | cvebase