Every CVE whose affected-product data names Siemens Wincc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2011-4514 — CVSS 10.0 (critical): The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and…
CVE-2011-4509 — CVSS 10.0 (critical): The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and…
CVE-2011-4513 — CVSS 10.0 (critical): Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC…
CVE-2011-4876 — CVSS 9.3 (critical): Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA…
CVE-2011-4875 — CVSS 9.3 (critical): Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA…
CVE-2011-4508 — CVSS 9.3 (critical): The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP…
CVE-2011-4879 — CVSS 8.5 (high): miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2…
CVE-2017-12069 — CVSS 8.2 (high): An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before…
CVE-2023-30897 — CVSS 7.8 (high): A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for…
CVE-2011-4878 — CVSS 7.8 (high): Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3…
CVE-2013-3957 — CVSS 7.5 (high): SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1…
CVE-2012-3032 — CVSS 7.5 (high): SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote…
CVE-2013-3958 — CVSS 7.5 (high): The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other…
CVE-2011-4877 — CVSS 7.1 (high): HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort…
CVE-2014-4686 — CVSS 6.8 (medium): The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption…
CVE-2012-3028 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other…
CVE-2013-0674 — CVSS 6.8 (medium): Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products…
CVE-2013-4911 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the…
CVE-2013-0675 — CVSS 6.1 (medium): Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1…
CVE-2014-4684 — CVSS 6.0 (medium): The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain…
CVE-2013-0677 — CVSS 5.8 (medium): The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain…
CVE-2013-4912 — CVSS 5.8 (medium): Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary…
CVE-2012-3003 — CVSS 5.8 (medium): Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect…
CVE-2012-2596 — CVSS 5.5 (medium): The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special…
CVE-2014-4682 — CVSS 5.0 (medium): The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain…
CVE-2015-1358 — CVSS 5.0 (medium): The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA…
CVE-2011-4512 — CVSS 5.0 (medium): CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA…
CVE-2012-3030 — CVSS 5.0 (medium): WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web…
CVE-2014-4683 — CVSS 4.9 (medium): The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain…
CVE-2014-4685 — CVSS 4.6 (medium): Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak…
CVE-2011-4511 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11…
CVE-2012-3034 — CVSS 4.3 (medium): WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a…
CVE-2011-4510 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11…
CVE-2012-2595 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote…
CVE-2012-3031 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other…
CVE-2012-2598 — CVSS 4.3 (medium): Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service…
CVE-2015-2822 — CVSS 4.3 (medium): Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13…
CVE-2013-0678 — CVSS 4.0 (medium): Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials…
CVE-2012-2597 — CVSS 4.0 (medium): Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary…
CVE-2013-0676 — CVSS 4.0 (medium): Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database…
CVE-2013-3959 — CVSS 4.0 (medium): The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different…
CVE-2013-0679 — CVSS 4.0 (medium): Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products…