The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Siemens SIMATIC

vulnerability bulletin CVE-2019-10935

Siemens SIMATIC PCS7/WinCC: file upload via DataMonitor

Synthesis of the vulnerability

An attacker can upload a malicious file via DataMonitor on Siemens SIMATIC PCS7/WinCC, in order for example to upload a Trojan.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 10/07/2019.
Identifiers: CERTFR-2019-AVI-311, CVE-2019-10935, SSA-121293, VIGILANCE-VUL-29733.

Description of the vulnerability

An attacker can upload a malicious file via DataMonitor on Siemens SIMATIC PCS7/WinCC, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-10925 CVE-2019-10926

SIMATIC Ident: information disclosure via Web Session

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Web Session of SIMATIC Ident, in order to obtain sensitive information.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/06/2019.
Identifiers: CERTFR-2019-AVI-256, CVE-2019-10925, CVE-2019-10926, SSA-816980, VIGILANCE-VUL-29519.

Description of the vulnerability

An attacker can bypass access restrictions to data via Web Session of SIMATIC Ident, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Impacted products: XenServer, Debian, Fedora, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, HP ProLiant, Linux, McAfee Email Gateway, McAfee NSM, McAfee NSP, McAfee NTBA, McAfee Web Gateway, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 2019, Windows 7, Windows 8, Windows RT, OpenBSD, openSUSE Leap, PAN-OS, pfSense, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, ESXi, vCenter Server, VMware vSphere Hypervisor, Xen.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, HPESBHF03933, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, openSUSE-SU-2019:1805-1, openSUSE-SU-2019:1806-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SB10292, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:14133-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, SUSE-SU-2019:1909-1, SUSE-SU-2019:1910-1, SUSE-SU-2019:1954-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.

Description of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-9169

glibc: out-of-bounds memory reading via proceed_next_node

Synthesis of the vulnerability

An attacker can force a read at an invalid address via proceed_next_node() of glibc, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: BIG-IP Hardware, TMOS, McAfee Web Gateway, SIMATIC, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/04/2019.
Identifiers: CVE-2019-9169, K54823184, SB10278, SSB-439005, SUSE-SU-2019:1102-1, SUSE-SU-2019:14084-1, SUSE-SU-2019:1877-1, SUSE-SU-2019:1958-1, SUSE-SU-2019:1958-2, VIGILANCE-VUL-28995.

Description of the vulnerability

An attacker can force a read at an invalid address via proceed_next_node() of glibc, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-18605 CVE-2018-18606 CVE-2018-18607

GNU Binutils: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of GNU Binutils.
Impacted products: Data ONTAP 7-Mode, SIMATIC.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/03/2019.
Identifiers: CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, NTAP-20190307-0003, SSB-439005, VIGILANCE-VUL-28696.

Description of the vulnerability

An attacker can use several vulnerabilities of GNU Binutils.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-3989 CVE-2018-3990 CVE-2018-3991

Siemens SIMATIC WinCC OA: multiple vulnerabilities via WibuKey DRM

Synthesis of the vulnerability

An attacker can use several vulnerabilities via WibuKey DRM of Siemens SIMATIC WinCC OA.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/02/2019.
Identifiers: CERTFR-2019-AVI-078, CVE-2018-3989, CVE-2018-3990, CVE-2018-3991, SSA-844562, VIGILANCE-VUL-28614.

Description of the vulnerability

An attacker can use several vulnerabilities via WibuKey DRM of Siemens SIMATIC WinCC OA.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Impacted products: SDS, SES, SNS, Blue Coat CAS, Debian, AIX, IBM i, Rational ClearCase, Tivoli Storage Manager, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Oracle Identity Management, Solaris, WebLogic, Percona Server, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, cpujul2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, ibm10876638, ibm10886237, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, RHSA-2019:2304-01, RHSA-2019:2471-01, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, SYMSA1490, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-20784

Linux kernel: infinite loop via update_blocked_averages

Synthesis of the vulnerability

An attacker can trigger an infinite loop via update_blocked_averages() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, RHEL, SIMATIC, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/02/2019.
Identifiers: CERTFR-2019-AVI-361, CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CVE-2018-20784, RHSA-2019:1959-01, RHSA-2019:1971-01, SSB-439005, USN-4115-1, USN-4115-2, USN-4118-1, VIGILANCE-VUL-28593.

Description of the vulnerability

An attacker can trigger an infinite loop via update_blocked_averages() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-7664 CVE-2019-7665

Elfutils: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Elfutils.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/02/2019.
Identifiers: CVE-2019-7664, CVE-2019-7665, DLA-1689-1, FEDORA-2019-44a9d99647, openSUSE-SU-2019:1590-1, RHSA-2019:2197-01, SSB-439005, SUSE-SU-2019:1486-1, SUSE-SU-2019:1733-1, USN-4012-1, VIGILANCE-VUL-28528.

Description of the vulnerability

An attacker can use several vulnerabilities of Elfutils.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-7146 CVE-2019-7148 CVE-2019-7149

Elfutils: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Elfutils.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, SIMATIC, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/02/2019.
Identifiers: CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150, DLA-1689-1, FEDORA-2019-44a9d99647, openSUSE-SU-2019:1590-1, RHSA-2019:2197-01, SSB-439005, SUSE-SU-2019:1486-1, SUSE-SU-2019:1733-1, USN-4012-1, VIGILANCE-VUL-28527.

Description of the vulnerability

An attacker can use several vulnerabilities of Elfutils.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Siemens SIMATIC: