Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sinema_server
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-14 | CVE-2019-10941 | A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges. | Sinema_server | 5.3 | ||
| 2020-01-16 | CVE-2019-10940 | A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use... | Sinema_server | 9.9 | ||
| 2021-02-09 | CVE-2020-25237 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054) | Sinec_network_management_system, Sinema_server | 8.1 | ||
| 2017-05-11 | CVE-2017-6865 | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010... | Pcs_7, Primary_setup_tool, Security_configuration_tool, Simatic_automation_tool, Simatic_net_pc\-Software, Simatic_step_7_\(Tia_portal\), Simatic_step_7_micro\/win_smart, Simatic_winac_rtx_2010, Simatic_winac_rtx_f_2010, Simatic_wincc, Simatic_wincc_\(Tia_portal\), Simatic_wincc_flexible_2008, Sinaut_st7cc, Sinema_server, Sinumerik_808d_programming_tool, Smart_pc_access | 6.5 | ||
| 2016-11-15 | CVE-2016-7165 | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic,... | Primary_setup_tool, Security_configuration_tool, Simatic_it_production_suite, Simatic_net_pc_software, Simatic_pcs7, Simatic_pcs_7, Simatic_step_7, Simatic_step_7_\(Tia_portal\), Simatic_winac_rtx_2010, Simatic_winac_rtx_f_2010, Simatic_wincc, Simatic_wincc_\(Tia_portal\), Simatic_wincc_runtime, Simit, Sinema_remote_connect, Sinema_server, Softnet_security_client, Telecontrol_basic | 6.4 | ||
| 2016-08-07 | CVE-2016-6486 | Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. | Sinema_server | 7.8 | ||
| 2014-04-19 | CVE-2014-2733 | Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80. | Sinema_server | N/A | ||
| 2014-04-19 | CVE-2014-2732 | Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. | Sinema_server | N/A | ||
| 2014-04-19 | CVE-2014-2731 | Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. | Sinema_server | N/A |