Siemens SIMATIC S7-300 CPU suffers from a denial of service vulnerability.
afae74f6c927aaed832e67208dcc0484a377f93c907966f4d2b1a577e4eb09d5Siemens SIMATIC S7-1200 CPU start/stop command cross site request forgery exploit. This older issue elaborates on t4rkd3vilz's CVE-2015-5698 by issuing a POST command to a specified web server path.
bec31b24b62a934362f2aebf30a3c1bbbc8f1ca87a9670d278c3773413280b4cSiemens SIMATIC S7-1200 CPU suffers from a cross site scripting vulnerability.
1702461e2f3509bc3cc061c3ff42fe5455c97f574a8755c76dd490aab176cbbfSiemens SIMATIC S7-1200 suffers from a CPU functionality related cross site request forgery vulnerability.
8c2e5fb98b7508c36b55a7b3e06dc592c881362ae41570c7b65c00ae8e74bb36Multiple Siemens SIMATIC panels suffer from cross site request forgery and cross site scripting vulnerabilities.
da0552546acfe55d2b43aca2a3821b58dfac3d6a8a188c97da184d13ae5d5031The SIMATIC CP 343-1 Advanced product allows configuration of the IKEv1 cipher suite configuration, which specifies the IKE and Encapsulating Security Payload (ESP) supported algorithms, with one cipher for each setting. It is evaluated that the configuration is not consistent with the supported ciphers that are eventually applied on the IPSec responder of the SIMATIC CP 343-1 Advanced. In fact, regardless of the selected choice for the ESP cipher, it is always possible for the IPSec client to propose, and successfully use, DES, 3DES, AES128 and AES256. This invalidates the potential desire to enforce a stronger cipher, as the client can always decide to use weaker. Siemens SIMATIC CP 343-1 Advanced tested with fw V3.0.44 is affected.
9250759f60c9b83870733f1e01826fa5ac1417d8f1d85e6505d03aeac9bf419cMultiple versions of Siemens SIMATIC suffer from a cross site request forgery vulnerability and poor cookie security settings.
26301c53dda7cca8354b059c0a9195478bf2208f7195cb4e264aa05d0d411026Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded encryption key vulnerabilities.
7b2386094198c589bb175e6f6352b3527830abc474c16d1dbe09639309362020ICS-CERT Advisory 13-079-02 - This advisory provides mitigation details for vulnerabilities that impact the Siemens SIMATIC WinCC. Independent researcher Sergey Gordeychik of Positive Technologies and Siemens ProductCERT have identified multiple vulnerabilities in the Siemens SIMATIC WinCC, which is used to configure SIMATIC operator devices. Siemens has produced a software update that fully resolves these vulnerabilities. Exploitation of these vulnerabilities could allow a denial of service (DoS) condition, unauthorized read access to files, or remote code execution. This could affect multiple industries, including food and beverage, water and wastewater, oil and gas, and chemical sectors worldwide. These vulnerabilities could be exploited remotely.
e86d7625da69e96f25c03a09637a085e26ecba22b2bf0dd2a1cd0873bb1460d9This is a SCADA security hardening guide for Siemens Simatic WinCC version 7.x.
1f64be3d914e4a288a0197041552ae70d5dca310f320329c7321f28520e5cbf3Siemens Simatic WinCC Flexible 2008 security hardening guide.
cd89bd1a113448a177132b9cbddb4efcf520c705c18777b21fc760d3018bb5a4Secunia Security Advisory - A vulnerability has been reported in Siemens SIMATIC RF Manager, which can be exploited by malicious people to compromise a user's system.
faacb39d6a3cac8c7d70e42393bf2e09cf9409b060a0b1b339d78007c78d2addSiemens SIMATIC S7-1200 PLCs, version 2 and higher, allow device management over TCP port 102 (ISO-TSAP) and retrieving status information over UDP port 161 (SNMP). It is possible to cause the device to go into defect mode by sending specially crafted packets to these ports.
679ddc6a6dfabb319c2d94eaa550f322d746da693bd83835da6ccdc4172e3a1fSecunia Security Advisory - A vulnerability has been reported in Siemens SIMATIC S7-1200, which can be exploited by malicious people to conduct cross-site scripting attacks.
53b953a5e2e223e910e4e4057dbc63440dc65640989745a53c6b6aa8104f3581Secunia Security Advisory - A security issue has been reported in Siemens SIMATIC S7-1200, which can be exploited by malicious people to conduct spoofing attacks.
2763624813a56ed46860856311b9ebb3439d2d6f011205811b386a35a013d083Secunia Security Advisory - Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
cb1763504e1b13afe46b5eb8fdaaab47993d82b00e7965ea3d58953a960c5f02Secunia Security Advisory - A vulnerability has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site request forgery attacks.
045abbc490356d4d390ffe1508ed7175b2a36216abfecb48f6e801eff26000a9Secunia Security Advisory - A vulnerability has been reported in some Siemens SIMATIC S7-400 products, which can be exploited by malicious people to cause a DoS (Denial of Service).
7e6de2ddf3fb5ed462927c692e3498ebfefceb678564ff4a79eebd1f01044e88Secunia Security Advisory - A vulnerability has been reported in Siemens SIMATIC STEP 7 and PCS 7, which can be exploited by malicious people to compromise a user's system.
55b6f4b5015cc7685bd570063e2404af7e53be2c9b25de5f8c07a8e37d48d05aThe Siemens Simatic S7-1200 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC.
209515171372e815da32934ab41fdd5f1c336d22022bec1c97308a5b5097d4c3The Siemens Simatic S7-300/400 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC.
e012c156c46c53f51452c321377eed31d2bcff3d14db2c6ffe938003af648fc7Secunia Security Advisory - A vulnerability has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to cause a DoS (Denial of Service).
6d8835af6ac9f5281147ff750dbfd970bf39e06ec87b496601b705390e24dd9eSecunia Security Advisory - A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
b61756e3e7d99978d09677771aea54c7ffae75f572ab7adb1572fc2ce0119f01Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in Siemens SIMATIC WinCC Flexible, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
ef0bd80742863d9390beef99101a5572bc1fc990288fb26bc0ed7904418615b0Siemens SIMATIC WinCC Flexible suffers from stack overflow, directory traversal, denial of service and arbitrary memory read access vulnerabilities.
ac12fa0c1d674d87df9e9af74d9ed93fa0067b7b9acdb1061dde4681e09149b1Secunia Security Advisory - A vulnerability has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to potentially compromise a vulnerable system.
4e89ffc0941db9521dcecbde0ab3c997e39f621d86ca283d29065ef4c6b20323
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed