Vulnerabilities > Siemens > Wincc TIA Portal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-21 | CVE-2013-0672 | Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0 Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. | 3.5 |
| 2013-03-21 | CVE-2013-0671 | Path Traversal vulnerability in Siemens Wincc TIA Portal 11.0 Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. | 4.0 |
| 2013-03-21 | CVE-2013-0670 | Improper Input Validation vulnerability in Siemens Wincc TIA Portal 11.0 CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | 4.3 |
| 2013-03-21 | CVE-2013-0669 | Improper Input Validation vulnerability in Siemens Wincc TIA Portal 11.0 The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. | 4.0 |
| 2013-03-21 | CVE-2013-0668 | Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0 Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2013-03-21 | CVE-2013-0667 | Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0 Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2013-03-21 | CVE-2011-4515 | Credentials Management vulnerability in Siemens Wincc TIA Portal 11.0 Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. | 4.6 |