The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SIMATIC

computer vulnerability bulletin CVE-2017-2684

Siemens SIMATIC: privilege escalation via SIMATIC Logon

Synthesis of the vulnerability

An attacker can bypass the authentication to the Logon module of Siemens SIMATIC, in order to escalate his privileges.
Severity: 3/4.
Creation date: 14/02/2017.
Identifiers: CERTFR-2017-AVI-049, CVE-2017-2684, SSA-931064, VIGILANCE-VUL-21828.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Siemens SIMATIC product includes a component for centralized user management.

However, one can bypass the user authentication knowing only a valid username.

An attacker can therefore bypass the authentication to the Logon module of Siemens SIMATIC, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2016-9160

SIMATIC WinCC, PCS 7: out-of-bounds memory reading via ActiveX

Synthesis of the vulnerability

An attacker can force a read at an invalid address via ActiveX of SIMATIC WinCC, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 09/12/2016.
Identifiers: CERTFR-2016-AVI-405, CVE-2016-9160, SSA-693129, VIGILANCE-VUL-21346.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The SIMATIC WinCC product, included in PCS 7, offers a web service.

However, it tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via ActiveX of SIMATIC WinCC, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2016-9158 CVE-2016-9159

SIMATIC S7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC S7.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2016.
Identifiers: CERTFR-2016-AVI-405, CVE-2016-9158, CVE-2016-9159, SSA-731239, VIGILANCE-VUL-21345.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC S7.

An attacker can send malicious HTTP packets, in order to trigger a denial of service. [severity:2/4; CVE-2016-9158]

An attacker can bypass security features via ISO-TSAP, in order to escalate his privileges. [severity:2/4; CVE-2016-9159]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-8672 CVE-2016-8673

SIMATIC CP/S7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC CP/S7.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 22/11/2016.
Identifiers: CVE-2016-8672, CVE-2016-8673, SSA-603476, VIGILANCE-VUL-21171.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC CP/S7.

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2016-8673]

An attacker can bypass security features via Cookies, in order to obtain sensitive information. [severity:2/4; CVE-2016-8672]

An attacker can act as a Man-in-the-Middle via IKEv1 Cipher Suite, in order to read or write data in the session. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-8561 CVE-2016-8562

SIMATIC CP 1543-1: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC CP 1543-1.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/11/2016.
Identifiers: CERTFR-2016-AVI-384, CVE-2016-8561, CVE-2016-8562, SSA-672373, VIGILANCE-VUL-21158.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC CP 1543-1.

An attacker can bypass security features via TIA-Portal, in order to escalate his privileges. [severity:2/4; CVE-2016-8561]

An attacker can write variables via SNMP, in order to trigger a denial of service. [severity:2/4; CVE-2016-8562]
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2016-7165

Siemens SIMATIC: privilege escalation via Windows

Synthesis of the vulnerability

An attacker can bypass restrictions via Windows of Siemens SIMATIC, in order to escalate his privileges.
Severity: 2/4.
Creation date: 08/11/2016.
Identifiers: CERTFR-2016-AVI-369, CVE-2016-7165, SSA-701708, VIGILANCE-VUL-21059.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Windows of Siemens SIMATIC, in order to escalate his privileges. The vulnerability exists only if the program has been installed in a different folder than the default one.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2016-7959 CVE-2016-7960

SIMATIC STEP 7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC STEP 7.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/10/2016.
Identifiers: CERTFR-2016-AVI-347, CVE-2016-7959, CVE-2016-7960, SSA-869766, VIGILANCE-VUL-20845.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC STEP 7.

A local attacker can perform a brute-force, in order to obtain sensitive information about machine to machine communication. [severity:1/4; CVE-2016-7959]

An attacker can bypass security features via TIA Portal Project File, in order to obtain sensitive information. [severity:1/4; CVE-2016-7960]
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2016-2183 CVE-2016-6329

Blowfish, Triple-DES: algorithms too weak, SWEET32

Synthesis of the vulnerability

An attacker can create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/08/2016.
Identifiers: 1610582, 1991866, 1991867, 1991870, 1991871, 1991875, 1991876, 1991878, 1991880, 1991882, 1991884, 1991885, 1991886, 1991887, 1991889, 1991892, 1991894, 1991896, 1991902, 1991903, 1991951, 1991955, 1991959, 1991960, 1991961, 1992681, 1993777, 1994375, 1995099, 1995922, 1998797, 1999054, 1999421, 2000209, 2000212, 2000370, 2000544, 2001608, 2002021, 2002335, 2002336, 2002479, 2002537, 2002870, 2002897, 2002991, 2003145, 2003480, 2003620, 2003673, 2004036, 2008828, 523628, 9010102, bulletinapr2017, c05349499, c05369403, c05369415, c05390849, CERTFR-2017-AVI-012, CERTFR-2019-AVI-049, CERTFR-2019-AVI-311, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpujul2017, cpujul2019, cpuoct2017, CVE-2016-2183, CVE-2016-6329, DSA-2018-124, DSA-2019-131, DSA-3673-1, DSA-3673-2, FEDORA-2016-7810e24465, FEDORA-2016-dc2cb4ad6b, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, FG-IR-17-173, HPESBGN03697, HPESBGN03765, HPESBUX03725, HPSBGN03690, HPSBGN03694, HPSBHF03674, ibm10718843, java_jan2017_advisory, JSA10770, KM03060544, NTAP-20160915-0001, openSUSE-SU-2016:2199-1, openSUSE-SU-2016:2391-1, openSUSE-SU-2016:2407-1, openSUSE-SU-2016:2496-1, openSUSE-SU-2016:2537-1, openSUSE-SU-2017:1638-1, openSUSE-SU-2018:0458-1, RHSA-2017:0336-01, RHSA-2017:0337-01, RHSA-2017:0338-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2017:3239-01, RHSA-2017:3240-01, RHSA-2018:2123-01, SA133, SA40312, SB10171, SB10186, SB10197, SB10215, SOL13167034, SP-CAAAPUE, SPL-129207, SSA:2016-266-01, SSA:2016-363-01, SSA-556833, SUSE-SU-2016:2387-1, SUSE-SU-2016:2394-1, SUSE-SU-2016:2458-1, SUSE-SU-2016:2468-1, SUSE-SU-2016:2469-1, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2017:1444-1, SUSE-SU-2017:2838-1, SUSE-SU-2017:3177-1, SWEET32, TNS-2016-16, USN-3087-1, USN-3087-2, USN-3270-1, USN-3339-1, USN-3339-2, USN-3372-1, VIGILANCE-VUL-20473.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Blowfish and Triple-DES symetric encryption algorithms use 64 bit blocks.

However, if they are used in CBC mode, a collision occurs after 785 GB transferred, and it is then possible to decrypt blocks with an attack lasting two days.

An attacker can therefore create a TLS/VPN session with a Blowfish/Triple-DES algorithm, and perform a two days attack, in order to decrypt data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5874

SIMATIC NET PC-Software: denial of service via OPC-UA

Synthesis of the vulnerability

An attacker can send a malicious OPC-UA packet to SIMATIC NET PC-Software, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 25/07/2016.
Identifiers: CERTFR-2016-AVI-250, CVE-2016-5874, SSA-453276, VIGILANCE-VUL-20207.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The SIMATIC NET PC-Software product has a service to manage received OPC-UA packets on ports 55101-55105/tcp, 4845/tcp, and 4847-4850/tcp.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious OPC-UA packet to SIMATIC NET PC-Software, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2016-5743 CVE-2016-5744

SIMATIC WinCC: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC WinCC.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/07/2016.
Identifiers: CERTFR-2016-AVI-250, CVE-2016-5743, CVE-2016-5744, SSA-378531, VIGILANCE-VUL-20206.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC WinCC.

An attacker can send a packet, in order to run code. [severity:3/4; CVE-2016-5743]

An attacker can traverse directories, in order to read a file outside the root path. [severity:2/4; CVE-2016-5744]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SIMATIC: