Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinema_server
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-09 | CVE-2020-25237 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054) | Sinec_network_management_system, Sinema_server | 8.1 | ||
| 2017-05-11 | CVE-2017-6865 | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010... | Pcs_7, Primary_setup_tool, Security_configuration_tool, Simatic_automation_tool, Simatic_net_pc\-Software, Simatic_step_7_\(Tia_portal\), Simatic_step_7_micro\/win_smart, Simatic_winac_rtx_2010, Simatic_winac_rtx_f_2010, Simatic_wincc, Simatic_wincc_\(Tia_portal\), Simatic_wincc_flexible_2008, Sinaut_st7cc, Sinema_server, Sinumerik_808d_programming_tool, Smart_pc_access | 6.5 | ||
| 2016-11-15 | CVE-2016-7165 | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic,... | Primary_setup_tool, Security_configuration_tool, Simatic_it_production_suite, Simatic_net_pc_software, Simatic_pcs7, Simatic_pcs_7, Simatic_step_7, Simatic_step_7_\(Tia_portal\), Simatic_winac_rtx_2010, Simatic_winac_rtx_f_2010, Simatic_wincc, Simatic_wincc_\(Tia_portal\), Simatic_wincc_runtime, Simit, Sinema_remote_connect, Sinema_server, Softnet_security_client, Telecontrol_basic | 6.4 | ||
| 2016-08-07 | CVE-2016-6486 | Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. | Sinema_server | 7.8 | ||
| 2014-04-19 | CVE-2014-2733 | Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80. | Sinema_server | N/A | ||
| 2014-04-19 | CVE-2014-2732 | Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. | Sinema_server | N/A | ||
| 2014-04-19 | CVE-2014-2731 | Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. | Sinema_server | N/A |