The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Siemens SIMATIC WinCC

vulnerability alert CVE-2016-8672 CVE-2016-8673

SIMATIC CP/S7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC CP/S7.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 22/11/2016.
Identifiers: CVE-2016-8672, CVE-2016-8673, SSA-603476, VIGILANCE-VUL-21171.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC CP/S7.

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2016-8673]

An attacker can bypass security features via Cookies, in order to obtain sensitive information. [severity:2/4; CVE-2016-8672]

An attacker can act as a Man-in-the-Middle via IKEv1 Cipher Suite, in order to read or write data in the session. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-8561 CVE-2016-8562

SIMATIC CP 1543-1: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC CP 1543-1.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 18/11/2016.
Identifiers: CERTFR-2016-AVI-384, CVE-2016-8561, CVE-2016-8562, SSA-672373, VIGILANCE-VUL-21158.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC CP 1543-1.

An attacker can bypass security features via TIA-Portal, in order to escalate his privileges. [severity:2/4; CVE-2016-8561]

An attacker can write variables via SNMP, in order to trigger a denial of service. [severity:2/4; CVE-2016-8562]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-7959 CVE-2016-7960

SIMATIC STEP 7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC STEP 7.
Impacted products: SIMATIC.
Severity: 1/4.
Creation date: 12/10/2016.
Identifiers: CERTFR-2016-AVI-347, CVE-2016-7959, CVE-2016-7960, SSA-869766, VIGILANCE-VUL-20845.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC STEP 7.

A local attacker can perform a brute-force, in order to obtain sensitive information about machine to machine communication. [severity:1/4; CVE-2016-7959]

An attacker can bypass security features via TIA Portal Project File, in order to obtain sensitive information. [severity:1/4; CVE-2016-7960]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-5874

SIMATIC NET PC-Software: denial of service via OPC-UA

Synthesis of the vulnerability

An attacker can send a malicious OPC-UA packet to SIMATIC NET PC-Software, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 25/07/2016.
Identifiers: CERTFR-2016-AVI-250, CVE-2016-5874, SSA-453276, VIGILANCE-VUL-20207.

Description of the vulnerability

The SIMATIC NET PC-Software product has a service to manage received OPC-UA packets on ports 55101-55105/tcp, 4845/tcp, and 4847-4850/tcp.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious OPC-UA packet to SIMATIC NET PC-Software, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-5743 CVE-2016-5744

SIMATIC WinCC: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC WinCC.
Impacted products: SIMATIC.
Severity: 3/4.
Creation date: 25/07/2016.
Identifiers: CERTFR-2016-AVI-250, CVE-2016-5743, CVE-2016-5744, SSA-378531, VIGILANCE-VUL-20206.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC WinCC.

An attacker can send a packet, in order to run code. [severity:3/4; CVE-2016-5743]

An attacker can traverse directories, in order to read a file outside the root path. [severity:2/4; CVE-2016-5744]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-3949

SIMATIC S7-300: denial of service via ISO-TSAP/Profibus

Synthesis of the vulnerability

An attacker can send a malicious ISO-TSAP/Profibus packet to SIMATIC S7-300, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 09/06/2016.
Identifiers: CERTFR-2016-AVI-196, CVE-2016-3949, SSA-818183, VIGILANCE-VUL-19848.

Description of the vulnerability

The SIMATIC S7-300 product has a service to manage received ISO-TSAP/Profibus packets.

However, when a malicious packet is received, a fatal error occurs.

An attacker can therefore send a malicious ISO-TSAP/Profibus packet to SIMATIC S7-300, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-2846

SIMATIC S7-1200 CPU: privilege escalation

Synthesis of the vulnerability

A network attacker can access to SIMATIC S7-1200 CPU, in order to escalate his privileges.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 15/03/2016.
Identifiers: CVE-2016-2846, SSA-833048, VIGILANCE-VUL-19172.

Description of the vulnerability

The SIMATIC S7-1200 CPU product has access protections.

However, an attacker can bypass these protections. Technical details are unknown.

A worm uses this vulnerability (VIGILANCE-ACTU-5186).

A network attacker can therefore access to SIMATIC S7-1200 CPU, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-2200 CVE-2016-2201

Siemens SIMATIC S7-1500 CPU: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Siemens SIMATIC S7-1500 CPU.
Impacted products: SIMATIC.
Severity: 3/4.
Creation date: 09/02/2016.
Identifiers: CERTFR-2016-AVI-062, CVE-2016-2200, CVE-2016-2201, SSA:2016-039-02, SSA-253230, VIGILANCE-VUL-18895.

Description of the vulnerability

Several vulnerabilities were announced in Siemens SIMATIC S7-1500 CPU.

An attacker can send a malicious ISO/TSAP packet, in order to trigger a denial of service. [severity:3/4; CVE-2016-2200]

An attacker can partially bypass the integrity check of ISO/TSAP flows, in order to corrupt exchanged data. [severity:1/4; CVE-2016-2201]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-8214

Siemens SIMATIC: code execution via Communication Processor

Synthesis of the vulnerability

An unauthenticated attacker can access to the port 102/tcp of Siemens SIMATIC Communication Processor, in order to execute privileged commands.
Impacted products: SIMATIC.
Severity: 3/4.
Creation date: 30/11/2015.
Identifiers: CVE-2015-8214, SSA-763427, VIGILANCE-VUL-18395.

Description of the vulnerability

The Siemens SIMATIC Communication Processor product is used by:
 - SIMATIC CP 343-1 Standard / Advanced / Lean
 - SIMATIC CP 443-1 Standard / Advanced
 - SIMATIC TIM 3V-IE Standard / Advanced / DNP3
 - SIMATIC TIM 4R-IE Standard / DNP3

It listens on port 102/tcp. However, when the configuration is stored in the CPU, an attacker can connect to the port 102/tcp, in order to perform administrative operations.

An unauthenticated attacker can therefore access to the port 102/tcp of Siemens SIMATIC Communication Processor, in order to execute privileged commands.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-5698

Siemens SIMATIC S7-1200: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Siemens SIMATIC S7-1200, in order to force the victim to perform operations.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 28/08/2015.
Identifiers: CERTFR-2015-AVI-364, CVE-2015-5698, SSA-134003, VIGILANCE-VUL-17767.

Description of the vulnerability

The Siemens SIMATIC S7-1200 product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Siemens SIMATIC S7-1200, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Siemens SIMATIC WinCC: