Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-01-21 | CVE-2013-0656 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens Simatic Rf-Manager and Simatic Rf-Manager 2008 Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. | 6.8 |
| 2012-12-23 | CVE-2012-4698 | Information Exposure vulnerability in Siemens products Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. | 4.3 |
| 2012-10-10 | CVE-2012-3040 | Cross-site Scripting vulnerability in Siemens products Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | 4.3 |
| 2012-09-25 | CVE-2012-3037 | Improper Certificate Validation vulnerability in Siemens products The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. | 4.3 |
| 2012-09-18 | CVE-2012-3034 | Information Exposure vulnerability in Siemens Simatic Pcs7 and Wincc WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. | 4.3 |
| 2012-09-18 | CVE-2012-3031 | Cross-Site Scripting vulnerability in Siemens Simatic Pcs7 and Wincc Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. | 4.3 |
| 2012-09-18 | CVE-2012-3030 | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Pcs7 and Wincc WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. | 5.0 |
| 2012-09-18 | CVE-2012-3028 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Simatic Pcs7 and Wincc Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. | 6.8 |
| 2012-07-26 | CVE-2012-3015 | Unspecified vulnerability in Siemens Simatic Pcs7 and Simatic Step 7 Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. local siemens | 6.9 |
| 2012-06-08 | CVE-2012-3003 | Improper Input Validation vulnerability in Siemens Wincc 7.0 Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. | 5.8 |