Vulnerabilities > Siemens > Wincc > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2023-30897 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Wincc A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). | 7.8 |
| 2013-06-14 | CVE-2013-3958 | Credentials Management vulnerability in Siemens Simatic Pcs7 and Wincc The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. | 7.5 |
| 2013-06-14 | CVE-2013-3957 | SQL Injection vulnerability in Siemens Simatic Pcs7 and Wincc SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-09-18 | CVE-2012-3032 | SQL Injection vulnerability in Siemens Simatic Pcs7 and Wincc SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. | 7.5 |
| 2012-02-03 | CVE-2011-4879 | Improper Input Validation vulnerability in Siemens products miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. | 8.5 |
| 2012-02-03 | CVE-2011-4878 | Path Traversal vulnerability in Siemens products Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. | 7.8 |
| 2012-02-03 | CVE-2011-4877 | Improper Input Validation vulnerability in Siemens products HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP. | 7.1 |