Vulnerabilities > Siemens > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-06-08 | CVE-2012-3003 | Improper Input Validation vulnerability in Siemens Wincc 7.0 Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. | 5.8 |
2012-06-08 | CVE-2012-2598 | Buffer Errors vulnerability in Siemens Wincc 7.0 Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. | 4.3 |
2012-06-08 | CVE-2012-2597 | Path Traversal vulnerability in Siemens Wincc 7.0 Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. | 4.0 |
2012-06-08 | CVE-2012-2596 | Code Injection vulnerability in Siemens Wincc 7.0 The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. | 5.5 |
2012-06-08 | CVE-2012-2595 | Cross-Site Scripting vulnerability in Siemens Wincc 7.0 Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. | 4.3 |
2012-04-18 | CVE-2012-1800 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. | 6.1 |
2012-02-03 | CVE-2011-4512 | Code Injection vulnerability in Siemens products CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.0 |
2012-02-03 | CVE-2011-4511 | Cross-Site Scripting vulnerability in Siemens products Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. | 4.3 |
2012-02-03 | CVE-2011-4510 | Cross-Site Scripting vulnerability in Siemens products Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511. | 4.3 |
2012-01-08 | CVE-2011-4532 | Path Traversal vulnerability in Siemens Automation License Manager 5.1 Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. | 5.0 |