Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wincc vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-1698
Directory traversal vulnerability in Siemens SIMATIC WinCC OA prior to 3.12 P002 January allows remote malicious users to read arbitrary files via crafted packets to TCP port 4999.
Siemens Simatic Wincc Open Architecture
5
CVSSv2
CVE-2014-1699
Siemens SIMATIC WinCC OA prior to 3.12 P002 January allows remote malicious users to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.
Siemens Simatic Wincc Open Architecture
4
CVSSv2
CVE-2013-0669
The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.
Siemens Wincc Tia Portal 11.0
4.6
CVSSv2
CVE-2011-4515
Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.
Siemens Wincc Tia Portal 11.0
3.8
CVSSv2
CVE-2018-4844
A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folde...
Siemens Simatic Wincc Oa Ui
1 Github repository
5.8
CVSSv2
CVE-2017-6870
A vulnerability exists in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an malicious user to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack.
Siemens Simatic Wincc Sm\\@rtclient
2.1
CVSSv2
CVE-2018-4847
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mob...
Siemens Simatic Wincc Oa Operator -
1 Github repository
3.5
CVSSv2
CVE-2013-0672
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.
Siemens Wincc Tia Portal 11.0
4.3
CVSSv2
CVE-2013-0667
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Siemens Wincc Tia Portal 11.0
4.3
CVSSv2
CVE-2013-0668
Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Siemens Wincc Tia Portal 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »