Siemens Ag Sinema Server vulnerabilities

CVE-2019-10940 [CRITICAL] CWE-266 CVE-2019-10940: A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network acce

CVE-2017-6865 [MEDIUM] CWE-20 CVE-2017-6865: A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC A A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal)