threat
engine
.sh
Back
·
··:··
Home
/
Product
/
siemens simatic pcs 7
Product
siemens simatic pcs 7
48 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-48364
<= 9.1
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2
6.5
MEDIUM
CVE-2023-48363
<= 9.1
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2
6.5
MEDIUM
CVE-2023-28829
all versions
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIM
3.9
LOW
CVE-2023-25910
all versions
A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1),
10.0
CRITICAL
CVE-2022-24287
<= 9.0
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMAT
7.8
HIGH
CVE-2021-40363
<= 8.2
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (A
7.8
HIGH
CVE-2021-40360
<= 8.2
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (A
8.8
HIGH
CVE-2021-40364
<= 8.2
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMAT
5.5
MEDIUM
CVE-2021-40359
<= 8.2
A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (A
7.7
HIGH
CVE-2021-40358
all versions
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMAT
9.9
CRITICAL
CVE-2020-10048
all versions
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure p
5.5
MEDIUM
CVE-2020-7586
all versions
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3)
7.8
HIGH
CVE-2020-7585
all versions
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3)
7.8
HIGH
CVE-2020-7580
all versions
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions
6.7
MEDIUM
CVE-2019-19282
all versions
A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions
7.5
HIGH
CVE-2019-10935
all versions
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with
7.2
HIGH
CVE-2019-10922
<= 8.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions),
9.8
CRITICAL
CVE-2019-10918
<= 8.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with
8.8
HIGH
CVE-2019-10917
<= 8.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with
5.5
MEDIUM
CVE-2019-10916
<= 8.0
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with
8.8
HIGH
CVE-2018-4832
<= 7.1
A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (A
7.5
HIGH
CVE-2017-14023
all versions
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2
4.9
MEDIUM
CVE-2017-12069
<= 8.1
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS)
8.2
HIGH
CVE-2016-9160
<= 8.0
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS
8.1
HIGH
CVE-2016-7165
<= 7.1
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versio
6.4
MEDIUM
CVE-2014-8552
all versions
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through
CVE-2014-8551
all versions
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through
CVE-2014-4686
<= 8.0
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded en
CVE-2014-4685
<= 8.0
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak sys
CVE-2014-4684
<= 8.0
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to
CVE-2014-4683
<= 8.0
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users
CVE-2014-4682
<= 8.0
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain
CVE-2013-3959
<= 8.0
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits d
CVE-2013-3958
<= 8.0
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier an
CVE-2013-3957
<= 8.0
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7
CVE-2013-0679
<= 8.0
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other
CVE-2013-0678
<= 8.0
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator cred
CVE-2013-0677
<= 8.0
The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to
CVE-2013-0676
<= 8.0
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the d
CVE-2013-0675
<= 8.0
Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 befor
CVE-2013-0674
<= 8.0
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other pro
CVE-2012-3034
all versions
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover
CVE-2012-3032
all versions
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allo
CVE-2012-3031
all versions
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7
CVE-2012-3030
all versions
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under
CVE-2012-3028
all versions
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and
CVE-2012-3015
<= 7.1
Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other
CVE-2010-2772
all versions
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database an
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin