The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Siemens SIMATIC WinCC

vulnerability announce CVE-2016-2846

SIMATIC S7-1200 CPU: privilege escalation

Synthesis of the vulnerability

A network attacker can access to SIMATIC S7-1200 CPU, in order to escalate his privileges.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 15/03/2016.
Identifiers: CVE-2016-2846, SSA-833048, VIGILANCE-VUL-19172.

Description of the vulnerability

The SIMATIC S7-1200 CPU product has access protections.

However, an attacker can bypass these protections. Technical details are unknown.

A worm uses this vulnerability (VIGILANCE-ACTU-5186).

A network attacker can therefore access to SIMATIC S7-1200 CPU, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-2200 CVE-2016-2201

Siemens SIMATIC S7-1500 CPU: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Siemens SIMATIC S7-1500 CPU.
Impacted products: SIMATIC.
Severity: 3/4.
Creation date: 09/02/2016.
Identifiers: CERTFR-2016-AVI-062, CVE-2016-2200, CVE-2016-2201, SSA:2016-039-02, SSA-253230, VIGILANCE-VUL-18895.

Description of the vulnerability

Several vulnerabilities were announced in Siemens SIMATIC S7-1500 CPU.

An attacker can send a malicious ISO/TSAP packet, in order to trigger a denial of service. [severity:3/4; CVE-2016-2200]

An attacker can partially bypass the integrity check of ISO/TSAP flows, in order to corrupt exchanged data. [severity:1/4; CVE-2016-2201]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-8214

Siemens SIMATIC: code execution via Communication Processor

Synthesis of the vulnerability

An unauthenticated attacker can access to the port 102/tcp of Siemens SIMATIC Communication Processor, in order to execute privileged commands.
Impacted products: SIMATIC.
Severity: 3/4.
Creation date: 30/11/2015.
Identifiers: CVE-2015-8214, SSA-763427, VIGILANCE-VUL-18395.

Description of the vulnerability

The Siemens SIMATIC Communication Processor product is used by:
 - SIMATIC CP 343-1 Standard / Advanced / Lean
 - SIMATIC CP 443-1 Standard / Advanced
 - SIMATIC TIM 3V-IE Standard / Advanced / DNP3
 - SIMATIC TIM 4R-IE Standard / DNP3

It listens on port 102/tcp. However, when the configuration is stored in the CPU, an attacker can connect to the port 102/tcp, in order to perform administrative operations.

An unauthenticated attacker can therefore access to the port 102/tcp of Siemens SIMATIC Communication Processor, in order to execute privileged commands.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-5698

Siemens SIMATIC S7-1200: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Siemens SIMATIC S7-1200, in order to force the victim to perform operations.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 28/08/2015.
Identifiers: CERTFR-2015-AVI-364, CVE-2015-5698, SSA-134003, VIGILANCE-VUL-17767.

Description of the vulnerability

The Siemens SIMATIC S7-1200 product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Siemens SIMATIC S7-1200, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-5084

SIMATIC WinCC Sm@rtClient for Android: information disclosure

Synthesis of the vulnerability

A local attacker can read passwords of SIMATIC WinCC Sm@rtClient for Android, in order to access to user's account.
Impacted products: SIMATIC.
Severity: 1/4.
Creation date: 22/07/2015.
Identifiers: CVE-2015-5084, SSA-267489, VIGILANCE-VUL-17475.

Description of the vulnerability

The SIMATIC WinCC Sm@rtClient for Android product stores user's passwords.

However, an attacker who has an access to victim's mobile device can read there passwords.

A local attacker can therefore read passwords of SIMATIC WinCC Sm@rtClient for Android, in order to access to user's account.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-2823

Siemens SIMATIC PCS 7: authenticating via Password Hashes

Synthesis of the vulnerability

An attacker can use the password hash on Siemens SIMATIC PCS 7, in order to authenticate on the service.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 24/04/2015.
Identifiers: CVE-2015-2823, SSA-237894, VIGILANCE-VUL-16708.

Description of the vulnerability

The Siemens SIMATIC PCS 7 product allows SIMATIC WinCC users to authenticate on the service.

However, if an attacker obtained the hash of a password of a WinCC user, he can use it to directly authenticate.

An attacker can therefore use the password hash on Siemens SIMATIC PCS 7, in order to authenticate on the service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-1601 CVE-2015-2822 CVE-2015-2823

Siemens SIMATIC: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Siemens SIMATIC.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 08/04/2015.
Identifiers: CERTFR-2015-AVI-138, CVE-2015-1601, CVE-2015-2822, CVE-2015-2823, SSA-487246, VIGILANCE-VUL-16557.

Description of the vulnerability

Several vulnerabilities were announced in Siemens SIMATIC.

An attacker can act as a Man-in-the-middle, in order to alter data of port 102/tcp. [severity:2/4; CVE-2015-1601]

An attacker can act as a Man-in-the-middle between an HMI panel and a PLC, in order to alter data of port 102/tcp. [severity:2/4; CVE-2015-2822]

An attacker can use hashes of SIMATIC WinCC password, in order to replay them to authenticate. [severity:2/4; CVE-2015-2823]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-1594

SIMATIC: code execution via a DLL

Synthesis of the vulnerability

An attacker can create a malicious DLL, and store it in a directory and invite the victim to open a SIMATIC document from this directory, in order to execute code.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 05/03/2015.
Identifiers: CERTFR-2015-AVI-090, CVE-2015-1594, SSA-451236, VIGILANCE-VUL-16331.

Description of the vulnerability

The following products can be installed on Windows:
 - SIMATIC ProSave
 - SIMATIC CFC
 - SIMATIC STEP 7
 - SIMATIC PCS 7

They use a DLL. However, the access path to this DLL is not fully specified, so the DLL is first loaded from the current directory (VIGILANCE-VUL-9879).

An attacker can therefore create a malicious DLL, and store it in a directory and invite the victim to open a SIMATIC document from this directory, in order to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-2177

SIMATIC S7-300: denial of service via ISO-TSAP/Profibus

Synthesis of the vulnerability

An attacker can send a malicious ISO-TSAP packet to SIMATIC S7-300, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 05/03/2015.
Identifiers: CERTFR-2015-AVI-090, CVE-2015-2177, SSA-987029, VIGILANCE-VUL-16330.

Description of the vulnerability

The SIMATIC S7-300 product has a service to manage messages received via ISO-TSAP (102/tcp) or Profibus.

However, when a malicious message is received, a fatal error occurs.

An attacker can therefore send a malicious ISO-TSAP/Profibus message to SIMATIC S7-300, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-1601 CVE-2015-1602

SIMATIC STEP 7: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC STEP 7.
Impacted products: SIMATIC.
Severity: 2/4.
Creation date: 17/02/2015.
Identifiers: CVE-2015-1601, CVE-2015-1602, SSA-315836, VIGILANCE-VUL-16208.

Description of the vulnerability

Several vulnerabilities were announced in SIMATIC STEP 7.

An attacker can act as a Man-in-the-middle, in order to alter data of port 102/tcp. [severity:2/4; CVE-2015-1601]

An attacker can read a TIA Portal project file, in order to obtain the password. [severity:2/4; CVE-2015-1602]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Siemens SIMATIC WinCC: