Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-14 | CVE-2013-3959 | Information Exposure vulnerability in Siemens Simatic Pcs7 and Wincc The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters. | 4.0 |
| 2013-06-14 | CVE-2013-3958 | Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. | 7.5 |
| 2013-06-14 | CVE-2013-3957 | SQL Injection vulnerability in Siemens Simatic Pcs7 and Wincc SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-05-24 | CVE-2013-3634 | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SCALANCE X-200 switch family (incl. | 7.5 |
| 2013-05-24 | CVE-2013-3633 | Permissions, Privileges, and Access Controls vulnerability in Siemens products A vulnerability has been identified in SCALANCE X-200 switch family (incl. | 8.0 |
| 2013-04-22 | CVE-2013-2780 | Unspecified vulnerability in Siemens products Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port). | 7.8 |
| 2013-04-22 | CVE-2013-0700 | Unspecified vulnerability in Siemens products Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). | 7.8 |
| 2013-04-01 | CVE-2013-0659 | Unspecified vulnerability in Siemens products The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185. | 10.0 |
| 2013-03-21 | CVE-2013-0679 | Path Traversal vulnerability in Siemens Simatic Pcs7 and Wincc Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname. | 4.0 |
| 2013-03-21 | CVE-2013-0678 | Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query. | 4.0 |