The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Siemens SIMATIC WinCC

computer vulnerability CVE-2016-7959 CVE-2016-7960

SIMATIC STEP 7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC STEP 7.
Impacted products: SIMATIC.
Severity: 1/4.
Creation date: 12/10/2016.
Identifiers: CERTFR-2016-AVI-347, CVE-2016-7959, CVE-2016-7960, SSA-869766, VIGILANCE-VUL-20845.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC STEP 7.

A local attacker can perform a brute-force, in order to obtain sensitive information about machine to machine communication. [severity:1/4; CVE-2016-7959]

An attacker can bypass security features via TIA Portal Project File, in order to obtain sensitive information. [severity:1/4; CVE-2016-7960]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-5874

SIMATIC NET PC-Software: denial of service via OPC-UA

Synthesis of the vulnerability

An attacker can send a malicious OPC-UA packet to SIMATIC NET PC-Software, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 25/07/2016.
Identifiers: CERTFR-2016-AVI-250, CVE-2016-5874, SSA-453276, VIGILANCE-VUL-20207.

Description of the vulnerability

The SIMATIC NET PC-Software product has a service to manage received OPC-UA packets on ports 55101-55105/tcp, 4845/tcp, and 4847-4850/tcp.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious OPC-UA packet to SIMATIC NET PC-Software, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-5743 CVE-2016-5744

SIMATIC WinCC: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC WinCC.
Impacted products: SIMATIC.
Severity: 3/4.
Creation date: 25/07/2016.
Identifiers: CERTFR-2016-AVI-250, CVE-2016-5743, CVE-2016-5744, SSA-378531, VIGILANCE-VUL-20206.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC WinCC.

An attacker can send a packet, in order to run code. [severity:3/4; CVE-2016-5743]

An attacker can traverse directories, in order to read a file outside the root path. [severity:2/4; CVE-2016-5744]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-3949

SIMATIC S7-300: denial of service via ISO-TSAP/Profibus

Synthesis of the vulnerability

An attacker can send a malicious ISO-TSAP/Profibus packet to SIMATIC S7-300, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 09/06/2016.
Identifiers: CERTFR-2016-AVI-196, CVE-2016-3949, SSA-818183, VIGILANCE-VUL-19848.

Description of the vulnerability

The SIMATIC S7-300 product has a service to manage received ISO-TSAP/Profibus packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious ISO-TSAP/Profibus packet to SIMATIC S7-300, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-2846

SIMATIC S7-1200 CPU: privilege escalation

Synthesis of the vulnerability

A network attacker can access to SIMATIC S7-1200 CPU, in order to escalate his privileges.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 15/03/2016.
Identifiers: CVE-2016-2846, SSA-833048, VIGILANCE-VUL-19172.

Description of the vulnerability

The SIMATIC S7-1200 CPU product has access protections.

However, an attacker can bypass these protections. Technical details are unknown.

A worm uses this vulnerability (VIGILANCE-ACTU-5186).

A network attacker can therefore access to SIMATIC S7-1200 CPU, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-2200 CVE-2016-2201

Siemens SIMATIC S7-1500 CPU: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Siemens SIMATIC S7-1500 CPU.
Impacted products: SIMATIC.
Severity: 3/4.
Creation date: 09/02/2016.
Identifiers: CERTFR-2016-AVI-062, CVE-2016-2200, CVE-2016-2201, SSA:2016-039-02, SSA-253230, VIGILANCE-VUL-18895.

Description of the vulnerability

Several vulnerabilities were announced in Siemens SIMATIC S7-1500 CPU.

An attacker can send a malicious ISO/TSAP packet, in order to trigger a denial of service. [severity:3/4; CVE-2016-2200]

An attacker can partially bypass the integrity check of ISO/TSAP flows, in order to corrupt exchanged data. [severity:1/4; CVE-2016-2201]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-8214

Siemens SIMATIC: code execution via Communication Processor

Synthesis of the vulnerability

An unauthenticated attacker can access to the port 102/tcp of Siemens SIMATIC Communication Processor, in order to execute privileged commands.
Impacted products: SIMATIC.
Severity: 3/4.
Creation date: 30/11/2015.
Identifiers: CVE-2015-8214, SSA-763427, VIGILANCE-VUL-18395.

Description of the vulnerability

The Siemens SIMATIC Communication Processor product is used by:
 - SIMATIC CP 343-1 Standard / Advanced / Lean
 - SIMATIC CP 443-1 Standard / Advanced
 - SIMATIC TIM 3V-IE Standard / Advanced / DNP3
 - SIMATIC TIM 4R-IE Standard / DNP3

It listens on port 102/tcp. However, when the configuration is stored in the CPU, an attacker can connect to the port 102/tcp, in order to perform administrative operations.

An unauthenticated attacker can therefore access to the port 102/tcp of Siemens SIMATIC Communication Processor, in order to execute privileged commands.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-5698

Siemens SIMATIC S7-1200: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Siemens SIMATIC S7-1200, in order to force the victim to perform operations.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 28/08/2015.
Identifiers: CERTFR-2015-AVI-364, CVE-2015-5698, SSA-134003, VIGILANCE-VUL-17767.

Description of the vulnerability

The Siemens SIMATIC S7-1200 product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Siemens SIMATIC S7-1200, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-5084

SIMATIC WinCC Sm@rtClient for Android: information disclosure

Synthesis of the vulnerability

A local attacker can read passwords of SIMATIC WinCC Sm@rtClient for Android, in order to access to user's account.
Impacted products: SIMATIC.
Severity: 1/4.
Creation date: 22/07/2015.
Identifiers: CVE-2015-5084, SSA-267489, VIGILANCE-VUL-17475.

Description of the vulnerability

The SIMATIC WinCC Sm@rtClient for Android product stores user's passwords.

However, an attacker who has an access to victim's mobile device can read there passwords.

A local attacker can therefore read passwords of SIMATIC WinCC Sm@rtClient for Android, in order to access to user's account.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-2823

Siemens SIMATIC PCS 7: authenticating via Password Hashes

Synthesis of the vulnerability

An attacker can use the password hash on Siemens SIMATIC PCS 7, in order to authenticate on the service.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 24/04/2015.
Identifiers: CVE-2015-2823, SSA-237894, VIGILANCE-VUL-16708.

Description of the vulnerability

The Siemens SIMATIC PCS 7 product allows SIMATIC WinCC users to authenticate on the service.

However, if an attacker obtained the hash of a password of a WinCC user, he can use it to directly authenticate.

An attacker can therefore use the password hash on Siemens SIMATIC PCS 7, in order to authenticate on the service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Siemens SIMATIC WinCC: