Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-18 | CVE-2012-3031 | Cross-Site Scripting vulnerability in Siemens Simatic Pcs7 and Wincc Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. | 4.3 |
| 2012-09-18 | CVE-2012-3030 | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Pcs7 and Wincc WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. | 5.0 |
| 2012-09-18 | CVE-2012-3028 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Simatic Pcs7 and Wincc Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. | 6.8 |
| 2012-08-16 | CVE-2012-3009 | Permissions, Privileges, and Access Controls vulnerability in Siemens Comos 10.0/9.1/9.2 Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls. | 8.5 |
| 2012-08-06 | CVE-2012-3020 | Credentials Management vulnerability in Siemens products The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. | 7.5 |
| 2012-07-31 | CVE-2012-3017 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets. | 7.8 |
| 2012-07-31 | CVE-2012-3016 | Unspecified vulnerability in Siemens products Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. | 7.8 |
| 2012-07-26 | CVE-2012-3015 | Unspecified vulnerability in Siemens Simatic Pcs7 and Simatic Step 7 Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. local siemens | 6.9 |
| 2012-06-08 | CVE-2012-3003 | Improper Input Validation vulnerability in Siemens Wincc 7.0 Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. | 5.8 |
| 2012-06-08 | CVE-2012-2598 | Buffer Errors vulnerability in Siemens Wincc 7.0 Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. | 4.3 |