SCADA Software Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Advantech WebAccess159
Schneider Electric Modicon M34049
Schneider Electric Modicon Quantum34
Schneider Electric Modicon Premium31
Schneider Electric Modicon M58031

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix491
Temporary Fix0
Workaround53
Unavailable4
Not Defined508

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High13
Functional1
Proof-of-Concept37
Unproven7
Not Defined998

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical9
Local127
Adjacent144
Network776

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High14
Low321
None721

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required182
None874

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤37
≤475
≤595
≤6190
≤7291
≤8204
≤9134
≤1060

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤313
≤469
≤5107
≤6220
≤7290
≤8179
≤9125
≤1053

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤317
≤4112
≤5120
≤6293
≤7156
≤8265
≤933
≤1060

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤31
≤42
≤513
≤658
≤762
≤8237
≤969
≤10132

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤52
≤66
≤73
≤810
≤97
≤1013

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k155
<2k303
<5k402
<10k99
<25k89
<50k8
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k801
<2k132
<5k58
<10k31
<25k34
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (547): ABB CP635 HMI, ABB HMI, ABB MicroSCADA, ABB MicroSCADA Pro SYS600, ABB Programmable Logic Controller, Advantech HMI Designer, Advantech NMS, Advantech SCADA, Advantech WebAccess, Advantech WebAccess Dashboard, Advantech WebAccess HMI Designer, Advantech WebAccess Node, Advantech WebAccess SCADA, Advantech WebAccess Scada Node, AVEVA InduSoft Web Studio, AVEVA InTouch Access Anywhere, AVEVA InTouch Edge HMI, AVEVA Plant SCADA Access Anywhere, Aveva InTouch Edge HMI, BLF-Tech VisualView HMI, C-More HMI EA9, C3-ilex EOScada, Certec atvise scada, CirCarLife Scada, Citect CitectSCADA, CODESYS Control V3, CODESYS HMI V3, Controlmicrosystems ClearSCADA, Ecava IntegraXor, Ecava IntegraXor SCADA Server, Elcomplus SmartPTT SCADA Server, Emerson OpenEnterprise SCADA Server, Fernhill SCADA Server, FoxView HMI SCADA, FreyrSCADA IEC-60879-5-104 Server Simulator, Fultek WinTr Scada, GE Digital CIMPLICITY HMI-SCADA, GE Intelligent Platforms Proficy Hmi, GE Proficy HMI, GE SCADA-CIMPLICITY, GE scada Cimplicity, GE scada Ifix, General Electric Digital Proficy HMI, General Electric Proficy Historian, General Electric Proficy HMI, General Electric Proficy HMI-SCADA iFIX, General Electric SCADA CIMPLICITY, Geovap Reliance SCADA, GE Digital HMI-SCADA iFIX, HMI UCanCode, ICL ScadaFlex II SCADA Controller SC-1, ICL ScadaFlex II SCADA Controller SC-2, INDAS Web SCADA, InduSoft Web Studio, Intellicom Netbiter Webscada Ws200, LAquis SCADA, LAquis SCADA, LCDS LAquis SCADA, LCDS LTDA ME LAquis SCADA, LeviStudio HMI Editor, MatrikonOPC SCADA DNP3 OPC Server, Measuresoft ScadaPro, Measuresoft ScadaPro Server, Modicon , Modicon BMXNOR0200, Modicon Controller, Modicon EcoStruxure Control ExpertUnity Pro, Modicon Ethernet Module BMENOC0301, Modicon M218, Modicon M241, Modicon M251, Modicon M258, Modicon M340, Modicon M580, Modicon M580 CPU BMEP582040, Modicon Modicon M580, Modicon Premium, Modicon Quantum PLC, Modicon Quantum PLCs, mySCADA myDESIGNER, mySCADA myPRO, Nordex Control 2 SCADA, Nordex Nordex Control 2 Scada, Omron Ns12 Hmi Terminal, OpenPLC ScadaBR, Phoenix Contact Programmable Logic Controller, PNPSCADA, Rapid Scada, Red Lion HMI Panel, Reliance 4 HMI, Reliance 4 SCADA, RLE Nova-Wind Turbine HMI, Sauter NovaWeb web HMI, ScadaBR, Scadaengine BACnet OPC Client, Scadatec Procyon SCADA, SCADA Engine BACnet OPC, Schneider Electric 66074 MGE Network Management Card, Schneider Electric AccuSine PCS+, Schneider Electric AccuSine PCSn, Schneider Electric AccuSine PFV+, Schneider Electric Andover Continuum, Schneider Electric AP7xxxx, Schneider Electric AP8xxx, Schneider Electric APDU9xxx, Schneider Electric ATV IMC Drive Controller, Schneider Electric BMXNOR0200, Schneider Electric BMXNOR0200H Ethernet Serial RTU Module, Schneider Electric C-Bus Toolkit, Schneider Electric C-Gate Server, Schneider Electric CitectSCADA, Schneider Electric Citectscada Reports, Schneider Electric ClearSCADA, Schneider Electric Conext ComBox, Schneider Electric ConneXium, Schneider Electric ConneXium Network Manager, Schneider Electric ConneXium Tofino Firewall, Schneider Electric ConneXium Tofino OPCLSM, Schneider Electric Cove, Schneider Electric Device Type Manager, Schneider Electric Easergy P3, Schneider Electric Easergy P5, Schneider Electric Easergy P40, Schneider Electric Easergy T300, Schneider Electric Easergy T300 RTU, Schneider Electric EcoStruxure, Schneider Electric EcoStruxure Building Operation Enterprise Server Installer, Schneider Electric EcoStruxure Building Operation WebReports, Schneider Electric EcoStruxure Building Operation WebStation, Schneider Electric EcoStruxure Control Expert, Schneider Electric EcoStruxure Enterprise Central Installer, Schneider Electric EcoStruxure EV Charging Expert, Schneider Electric EcoStruxure Geo SCADA Expert, Schneider Electric EcoStruxure Geo SCADA Expert 2019, Schneider Electric EcoStruxure Geo SCADA Expert 2020, Schneider Electric EcoStruxure Machine Expert, Schneider Electric EcoStruxure Operator Terminal Expert, Schneider Electric EcoStruxure Power Build Rapsody, Schneider Electric EcoStruxure Power Monitoring Expert, Schneider Electric EcoStruxure Process Expert, Schneider Electric EER21000, Schneider Electric EER21001, Schneider Electric Enerlin'X Com'X 510, Schneider Electric ETG3000, Schneider Electric EVlink City, Schneider Electric EVlink City EVC1S7P4, Schneider Electric EVlink City EVC1S22P4, Schneider Electric EVlink Parking, Schneider Electric EVlink Parking EVF2, Schneider Electric EVlink Parking EVP2PE, Schneider Electric EVlink Parking EVW2, Schneider Electric EVlink Smart Wallbox, Schneider Electric EVlink Smart Wallbox EVB1A, Schneider Electric fellerLYnk, Schneider Electric FlexNet Publisher, Schneider Electric Floating License Manager, Schneider Electric Geo SCADA Mobile, Schneider Electric GP-Pro EX, Schneider Electric GUIcon, Schneider Electric Harmony, Schneider Electric HMI Panel HMIGTO, Schneider Electric HMI Panel HMIGTU, Schneider Electric HMI Panel HMIGTUX, Schneider Electric HMI Panel HMIGXO, Schneider Electric HMI Panel HMIGXU, Schneider Electric HMI Panel HMISCU, Schneider Electric HMI Panel HMISTO, Schneider Electric HMI Panel HMISTU, Schneider Electric HMI Panel XBTGH, Schneider Electric HMI Panel XBTGT, Schneider Electric homeLYnk, Schneider Electric IGSS Definition, Schneider Electric IGSS Mobile Application, Schneider Electric InduSoft Web Studio, Schneider Electric Interactive Graphical SCADA System, Schneider Electric Interactive Graphical SCADA System Data Collector, Schneider Electric Interactive Graphical SCADA System Data Server, Schneider Electric InTouch Machine Edition, Schneider Electric ION73XX, Schneider Electric ION75XX, Schneider Electric ION76XX, Schneider Electric ION8650, Schneider Electric ION8800, Schneider Electric IOS Smart Meter, Schneider Electric Kerweb, Schneider Electric LANDAC II-2, Schneider Electric Legacy Offers Modicon Quantum, Schneider Electric Magelis, Schneider Electric Magelis iPC, Schneider Electric Magelis XBT HMI, Schneider Electric MiCOM Px4x, Schneider Electric MiCOM S1 Studio, Schneider Electric Modbus Serial Driver, Schneider Electric ModiconPremium Legacy, Schneider Electric Modicon 140CRA, Schneider Electric Modicon BMENOC 0311, Schneider Electric Modicon BMENOC 0321, Schneider Electric Modicon BMxCRA, Schneider Electric Modicon BMXNOC0401, Schneider Electric Modicon BMXNOE0100, Schneider Electric Modicon BMXNOE0110, Schneider Electric Modicon BMXNOE0110H, Schneider Electric Modicon BMXNOR0200H, Schneider Electric Modicon BMXP342020, Schneider Electric Modicon BMXP342020H, Schneider Electric Modicon BMXP342030, Schneider Electric Modicon BMXP342030H, Schneider Electric Modicon BMXP3420302, Schneider Electric Modicon BMXP3420302H, Schneider Electric Modicon LMC058, Schneider Electric Modicon LMC078, Schneider Electric Modicon M100, Schneider Electric Modicon M200, Schneider Electric Modicon M218 Logic Controller, Schneider Electric Modicon M221, Schneider Electric Modicon M241, Schneider Electric Modicon M251, Schneider Electric Modicon M258, Schneider Electric Modicon M340, Schneider Electric Modicon M340 BMX, Schneider Electric Modicon M340 Communication Module, Schneider Electric Modicon M340 CPU, Schneider Electric Modicon M340 X80 Ethernet Communication Module, Schneider Electric Modicon M580, Schneider Electric Modicon M580 CPU, Schneider Electric Modicon Managed Switch MCSESM, Schneider Electric Modicon Managed Switch MCSESP, Schneider Electric Modicon MC80, Schneider Electric Modicon Modbus Protocol, Schneider Electric Modicon Momentum Ethernet CPU, Schneider Electric Modicon PLC, Schneider Electric Modicon PLC Ethernet module, Schneider Electric Modicon Premium, Schneider Electric Modicon Premium , Schneider Electric Modicon Premium Communication Module, Schneider Electric Modicon Premium CPU, Schneider Electric Modicon Premium Legacy, Schneider Electric Modicon Premium Processor, Schneider Electric Modicon Quantum, Schneider Electric Modicon Quantum 140 NOE771x1, Schneider Electric Modicon Quantum Communication Module, Schneider Electric Modicon Quantum CPU, Schneider Electric Modicon Quantum PLC, Schneider Electric Modicon Quantum Plc, Schneider Electric Modicon Quantum Processor, Schneider Electric Modicon TM221CE16R, Schneider Electric Modicon X80 BMXNOR0200H RTU, Schneider Electric NMC2 AOS, Schneider Electric NMC3 AOS, Schneider Electric OFS, Schneider Electric PacDrive Eco , Schneider Electric PacDrive Pro, Schneider Electric PacDrive Pro2, Schneider Electric Pelco Endura NET55XX Encoder, Schneider Electric Pelco Sarix Professional, Schneider Electric Pelco VideoXpert Enterprise, Schneider Electric PLC Simulator for EcoStruxure, Schneider Electric PM5XXX, Schneider Electric PowerChute Business Edition, Schneider Electric PowerLogic, Schneider Electric PowerLogic EGX100, Schneider Electric PowerLogic EGX300, Schneider Electric PowerLogic ION73xx, Schneider Electric PowerLogic ION83xx, Schneider Electric PowerLogic ION84xx, Schneider Electric PowerLogic ION85xx, Schneider Electric PowerLogic ION7400, Schneider Electric PowerLogic ION7650, Schneider Electric PowerLogic ION7700, Schneider Electric PowerLogic ION8600, Schneider Electric PowerLogic ION8650, Schneider Electric PowerLogic ION8800, Schneider Electric PowerLogic ION9000, Schneider Electric PowerLogic PM8ECC, Schneider Electric PowerLogic PM55xx, Schneider Electric PowerLogic PM800, Schneider Electric PowerLogic PM5560, Schneider Electric PowerLogic PM8000, Schneider Electric PowerSCADA Anywhere, Schneider Electric PowerTag, Schneider Electric Power SCADA Operation, Schneider Electric ProClima, Schneider Electric Programmable Logic Controller, Schneider Electric Quantum Ethernet Module 140noe77100, Schneider Electric Ritto Wiser Door, Schneider Electric SCADAPack 7x Remote Connect, Schneider Electric SCADAPack 312E, Schneider Electric SCADAPack 313E, Schneider Electric SCADAPack 314E, Schneider Electric SCADAPack 330E, Schneider Electric SCADAPack 333E, Schneider Electric SCADAPack 334E, Schneider Electric SCADAPack 337E, Schneider Electric SCADAPack 350E, Schneider Electric SCADAPack 357E, Schneider Electric SCADAPack RemoteConnect for x70, Schneider Electric SCADAPack Workbench, Schneider Electric SCADAPack x70 Security Administrator, Schneider Electric SCADA Expert ClearSCADA, Schneider Electric SCADA Software, Schneider Electric SCL, Schneider Electric SFAPV9601 APC Easy UPS On-Line Software, Schneider Electric Smartlink, Schneider Electric SmartStruxure, Schneider Electric SMC, Schneider Electric SMT, Schneider Electric SMTL, Schneider Electric SMX, Schneider Electric Software Update, Schneider Electric Software Update SUT Service, Schneider Electric Software Update Utility, Schneider Electric SoMachine, Schneider Electric SoMachine Basic, Schneider Electric SoMachine HVAC, Schneider Electric SoMove, Schneider Electric SoMove Software, Schneider Electric SoSafe Configurable, Schneider Electric spaceLYnk, Schneider Electric SRT, Schneider Electric StruxureOn Gateway, Schneider Electric StruxureWare Building Expert MPM, Schneider Electric StruxureWare Data Center Expert, Schneider Electric Tableau Desktop, Schneider Electric Tableau Server, Schneider Electric TCM, Schneider Electric Telemecanique Driver Pack, Schneider Electric Telvent Sage, Schneider Electric Telvent Sage 3030, Schneider Electric Triconex Model 3009 MP, Schneider Electric Triconex TCM 4351B, Schneider Electric Triconex Tricon MP 3008, Schneider Electric TriStation, Schneider Electric TriStation 1131, Schneider Electric Unity Pro, Schneider Electric VAMPSET, Schneider Electric Vijeo Citect, Schneider Electric Vijeo Designer, Schneider Electric Vijeo Designer Basic, Schneider Electric Wiser for KNX, Schneider Electric Wiser Series Gateway, Schneider Electric Wiser Smart, Schneider Electric Wonderware Historian, Schneider Electric Wonderware Historian Client, Schneider Electric Wonderware InTouch, Schneider Electric Wonderware System Platform, Schneider Electric ZelioSoft2, SDG Technologies Plug and Play SCADA, Sielco Sistemi Winlog Lite SCADA, Sielco Sistemi Winlog Pro SCADA, Siemens CP1604, Siemens CP1616, Siemens dp, Siemens dp Cpu, Siemens DP V7 CPU, Siemens HMI Mobile Panel, Siemens HMI Multi Panel, Siemens KTK ATE530S, Siemens L, Siemens LOGO CMR2020, Siemens LOGO CMR2040, Siemens Opcenter Execution Discrete, Siemens Opcenter Execution Foundation, Siemens Opcenter Execution Process, Siemens Opcenter Intelligence, Siemens Opcenter Quality, Siemens Opcenter RD, Siemens OpenPCS, Siemens OpenPCS 7, Siemens Programmable Logic Controller, Siemens RFID 181-EIP, Siemens RuggedCom WiMAX, Siemens SCALANCE, Siemens SCALANCE X-200, Siemens Scalance X-200, Siemens SCALANCE X-200IRT, Siemens Scalance X-200 IRT, Siemens Scalance X-204RNA, Siemens SCALANCE X-300, Siemens Scalance X-300, Siemens Scalance X-408, Siemens Scalance X-414, Siemens SCALANCE X-443-1, Siemens SIAMTIC RF185C, Siemens SIDOOR ATD430W, Siemens SIDOOR ATE530S COATED, Siemens SIDOOR ATE531S, Siemens SIMATIC, Siemens SIMATIC BATCH, Siemens SIMATIC CFU DIQ, Siemens SIMATIC CFU PA, Siemens SIMATIC CP343-1 Advanced, Siemens SIMATIC CP443-1, Siemens SIMATIC CP443-1 Advanced, Siemens SIMATIC CP443-1 OPC, Siemens SIMATIC CP443-1 OPC UA, Siemens SIMATIC CP 44x-1 RNA, Siemens SIMATIC CP 343-1, Siemens SIMATIC CP 343-1 Advanced, Siemens SIMATIC CP 343-1 ERPC, Siemens SIMATIC CP 343-1 Lean, Siemens SIMATIC CP 442-1 RNA, Siemens SIMATIC CP 443-1, Siemens SIMATIC CP 443-1 Advanced, Siemens SIMATIC CP 443-1 RNA, Siemens SIMATIC CP 1543-1, Siemens SIMATIC CP 1545-1, Siemens SIMATIC Drive Controller, Siemens SIMATIC eaSie PCS 7 Skill Package, Siemens SIMATIC Energy Manager Basic, Siemens SIMATIC Energy Manager PRO, Siemens SIMATIC ET, Siemens SIMATIC ET200MP IM155-5 PN HF, Siemens SIMATIC ET 200SP, Siemens SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF, Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC, Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2, Siemens SIMATIC ET 200 Open Controller CPU 1515SP PC2, Siemens SIMATIC ET 200 SP Open Controller CPU 1515SP PC, Siemens SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, Siemens SIMATIC HMI Basic Panel, Siemens SIMATIC HMI Comfort Outdoor Panel, Siemens SIMATIC HMI Comfort Outdoor Panels, Siemens SIMATIC HMI Comfort Panel, Siemens SIMATIC HMI Comfort Panels, Siemens SIMATIC HMI KTP700F Mobile Arctic, Siemens SIMATIC HMI KTP Mobile Panel, Siemens SIMATIC HMI KTP Mobile Panels, Siemens SIMATIC HMI Mobile Panel, Siemens SIMATIC HMI panel, Siemens SIMATIC HMI United Comfort Panel, Siemens SIMATIC Ident MV420, Siemens SIMATIC Ident MV440, Siemens SIMATIC IPC DiagMonitor, Siemens SIMATIC IT LMS, Siemens SIMATIC IT Production Suite, Siemens SIMATIC IT UADM, Siemens SIMATIC IT UA Discrete Manufacturing, Siemens SIMATIC Logon, Siemens SIMATIC MV400, Siemens SIMATIC NET CP 343-1, Siemens SIMATIC NET CP 343-1 Advanced, Siemens SIMATIC NET CP 343-1 Lean, Siemens SIMATIC NET PC-Software, Siemens SIMATIC NET PC Software, Siemens SIMATIC Notifier Server for Windows, Siemens SIMATIC PCS7, Siemens SIMATIC PCS 7, Siemens SIMATIC PCS neo, Siemens SIMATIC PDM, Siemens SIMATIC Process Historian 2013, Siemens SIMATIC Process Historian 2014, Siemens SIMATIC Process Historian 2019, Siemens SIMATIC Process Historian 2020, Siemens SIMATIC Prosave, Siemens SIMATIC RF-MANAGER 2008, Siemens SIMATIC RF166C, Siemens SIMATIC RF180C, Siemens SIMATIC RF182C, Siemens SIMATIC RF185C, Siemens SIMATIC RF186C, Siemens SIMATIC RF186CI, Siemens SIMATIC RF188C, Siemens SIMATIC RF188CI, Siemens Simatic RF192C, Siemens SIMATIC RF360R, Siemens SIMATIC RF600R, Siemens SIMATIC RF615R, Siemens SIMATIC RF680R, Siemens SIMATIC RF685R, Siemens SIMATIC RTLS Locating Manager, Siemens SIMATIC RTU 3000, Siemens SIMATIC S7, Siemens SIMATIC S7-200 SMART CPU, Siemens SIMATIC S7-300, Siemens SIMATIC S7-300 CPU, Siemens SIMATIC S7-300 Cpu, Siemens SIMATIC S7-300 PN, Siemens SIMATIC S7-300 PN-DP CPU, Siemens SIMATIC S7-400, Siemens SIMATIC S7-400H, Siemens SIMATIC S7-400H V6, Siemens SIMATIC S7-400 CPU, Siemens SIMATIC S7-400 Cpu 414-3 Pn, Siemens SIMATIC S7-400 Cpu 414f-3 Pn, Siemens SIMATIC S7-400 H V6 CPU, Siemens SIMATIC S7-400 PN, Siemens SIMATIC S7-400 PN-DP V7, Siemens SIMATIC S7-400 PN-DP V7 CPU, Siemens SIMATIC S7-410, Siemens SIMATIC S7-410 V8 CPU, Siemens SIMATIC S7-410 V10 CPU, Siemens SIMATIC S7-1200, Siemens SIMATIC S7-1200 CPU, Siemens SIMATIC S7-1200 PLC, Siemens SIMATIC S7-1200 Plc, Siemens SIMATIC S7-1500, Siemens SIMATIC S7-1500 CPU, Siemens SIMATIC S7-1500 Cpu, Siemens SIMATIC S7-1500 Software Controller, Siemens SIMATIC S7-1518-4 Pn, Siemens SIMATIC S7-PLCSIM, Siemens SIMATIC S7-PLCSIM Advanced, Siemens SIMATIC S7 1200 Cpu, Siemens SIMATIC S7 Cpu-1211c, Siemens SIMATIC S7 Cpu 1200, Siemens SIMATIC S7 PLCSIM, Siemens SIMATIC STEP 7, Siemens SIMATIC Step 7, Siemens SIMATIC TDC CP51M1, Siemens SIMATIC TDC CPU555, Siemens SIMATIC Tiaportal, Siemens SIMATIC WinAC RTX, Siemens SIMATIC WinCC, Siemens SIMATIC WinCC Flexible, Siemens SIMATIC WinCC OA, Siemens SIMATIC Wincc Open Architecture, Siemens SIMATIC WinCC Professional, Siemens SIMATIC Wincc Runtime, Siemens SIMATIC Wincc Runtime Advanced, Siemens SIMATIC WinCC Runtime Advanced, Siemens SIMATIC Wincc Runtime Professional, Siemens SIMATIC WinCC Runtime Professional, Siemens SIMATIC WinCC Sm@rtClient, Siemens SIMOCODE ES, Siemens SINAMICS, Siemens SINAMICS STARTER, Siemens SINEC, Siemens SINEMA, Siemens SINETPLAN, Siemens SINUMERIK, Siemens SINUMERIK 840D sl, Siemens Soft Starter ES, Siemens SPPA-T3000 MS3000 Migration Server, Siemens TIA Portal, Siemens TIM 1531 IRC, Siemens WinCC, SIMPlight SCADA Software, SpiderControl SCADA MicroBrowser, Trianglemicroworks SCADA Data Gateway, Triangle MicroWorks SCADA Data Gateway, Trihedral VTScada, WECON LeviStudio HMI, WECON LEVI Studio HMI Editor, WECON Technology PI Studio, WECON Technology PI Studio HMI, WellinTech KingSCADA, xArrow SCADA

PublishedBaseTempVulnerabilityProductExpRemCTICVE
06/24/20225.25.2Schneider Electric Geo SCADA Mobile exposure of resourceGeo SCADA MobileNot DefinedNot Defined1.65CVE-2022-32530
06/21/20226.36.3Siemens SIMATIC WinCC OA improper authenticationSIMATIC WinCC OANot DefinedNot Defined0.37CVE-2022-33139
06/03/20227.37.3Schneider Electric Wiser Smart/EER21000/EER21001 improper authenticationWiser Smart/EER21000/EER21001Not DefinedNot Defined0.03CVE-2022-30238
06/03/20227.77.7Schneider Electric Wiser Smart missing encryptionWiser SmartNot DefinedNot Defined0.03CVE-2022-30237
06/03/20226.46.4Schneider Electric Wiser Smart/EER21000/EER21001 input validationWiser Smart/EER21000/EER21001Not DefinedNot Defined0.03CVE-2022-30233
06/03/20227.77.7Schneider Electric Wiser Smart/EER21000/EER21001 resource transferWiser Smart/EER21000/EER21001Not DefinedNot Defined0.00CVE-2022-30236
06/03/20226.16.1Schneider Electric Wiser Smart/EER21000/EER21001 excessive authenticationWiser Smart/EER21000/EER21001Not DefinedNot Defined0.03CVE-2022-30235
06/03/20229.69.6Schneider Electric Wiser Smart/EER21000/EER21001 hard-coded credentialsWiser Smart/EER21000/EER21001Not DefinedNot Defined0.03CVE-2022-30234
06/03/20227.77.7Schneider Electric Wiser Smart/EER21000/EER21001 input validationWiser Smart/EER21000/EER21001Not DefinedNot Defined0.00CVE-2022-30232
05/26/20226.86.7LCDS LAquis SCADA Error Message cross site scriptingLAquis SCADANot DefinedNot Defined0.03CVE-2021-32989
05/24/20226.86.8AVEVA InTouch Access Anywhere Language Bar exposure of resourceInTouch Access Anywhere/Plant SCADA Access AnywhereNot DefinedWorkaround0.03CVE-2022-1467
05/20/20226.56.2Siemens SIMATIC CP 442-1 RNA/SIMATIC CP 443-1 RNA ARP Broadcast resource consumptionSIMATIC CP 442-1 RNA/SIMATIC CP 443-1 RNANot DefinedOfficial Fix0.09CVE-2022-27640
05/20/20225.55.5Siemens SIMATIC PCS 7 Kiosk Mode insecure default initialization of resourceSIMATIC PCS 7/SIMATIC Wincc Runtime Professional/SIMATIC WinCCNot DefinedNot Defined0.03CVE-2022-24287
05/17/20225.25.2xArrow SCADA xhisalarm.htm cross site scriptingSCADANot DefinedNot Defined0.09CVE-2021-33021
05/17/20225.25.2xArrow SCADA xhisvalue.htm cross site scriptingSCADANot DefinedNot Defined0.02CVE-2021-33001
05/17/20225.55.5xArrow SCADA Registry Key path traversalSCADANot DefinedNot Defined0.05CVE-2021-33025
05/13/20226.76.6mySCADA myPRO access controlmyPRONot DefinedOfficial Fix0.07CVE-2021-33013
05/13/20226.46.3mySCADA myPRO file information disclosuremyPRONot DefinedOfficial Fix0.04CVE-2021-27505
05/13/20227.47.2mySCADA myPRO unrestricted uploadmyPRONot DefinedOfficial Fix0.03CVE-2021-33009
05/13/20227.47.2mySCADA myPRO path traversalmyPRONot DefinedOfficial Fix0.03CVE-2021-33005
04/30/20225.95.8Elcomplus SmartPTT SCADA Server information disclosureSmartPTT SCADA ServerNot DefinedNot Defined0.03CVE-2021-43938
04/30/20225.95.8Elcomplus SmartPTT SCADA Server Web Application cross-site request forgerySmartPTT SCADA ServerNot DefinedOfficial Fix0.03CVE-2021-43937
04/13/20227.77.7Schneider Electric Software Update SUT Service deserializationSoftware Update SUT ServiceNot DefinedNot Defined0.03CVE-2019-6834
04/13/20228.18.1Schneider Electric StruxureWare Data Center Expert os command injectionStruxureWare Data Center ExpertNot DefinedNot Defined0.03CVE-2021-22795
04/13/20224.94.9Schneider Electric SCADAPack Workbench Solution File xml external entity referenceSCADAPack WorkbenchNot DefinedNot Defined0.07CVE-2022-0221
04/13/20227.07.0Schneider Electric SCADAPack RemoteConnect for x70 Project File path traversalEcoStruxure Control Expert/EcoStruxure Process Expert/SCADAPack RemoteConnect for x70Not DefinedNot Defined0.07CVE-2021-22797
04/13/20226.96.9Schneider Electric StruxureWare Data Center Expert path traversalStruxureWare Data Center ExpertNot DefinedNot Defined0.05CVE-2021-22794
04/12/20225.35.1Siemens SIMATIC Energy Manager Basic uncontrolled search pathSIMATIC Energy Manager Basic/SIMATIC Energy Manager PRONot DefinedOfficial Fix0.03CVE-2022-23449
04/12/20225.55.5Siemens SIMATIC STEP 7 Web Server access controlSIMATIC STEP 7Not DefinedNot Defined0.06CVE-2021-42029
04/12/20227.87.5Siemens SIMATIC Energy Manager Basic permission assignmentSIMATIC Energy Manager Basic/SIMATIC Energy Manager PRONot DefinedOfficial Fix0.05CVE-2022-23448
04/12/20226.56.2Siemens SIMATIC PCS neo/SINETPLAN/TIA Portal Service Port 8888 resource consumptionSIMATIC PCS neo/SINETPLAN/TIA PortalNot DefinedOfficial Fix0.03CVE-2022-27194
04/12/20229.89.4Siemens SIMATIC Energy Manager Basic Object deserializationSIMATIC Energy Manager Basic/SIMATIC Energy Manager PRONot DefinedOfficial Fix0.00CVE-2022-23450
04/12/20226.56.2Siemens SIMATIC S7-400 H V6 CPU Service Port 102 memory corruptionSIMATIC S7-400 H V6 CPU/SIMATIC S7-400 PN-DP V7 CPU/SIMATIC S7-410 V10 CPU/SIMATIC S7-410 V8 CPUNot DefinedOfficial Fix0.04CVE-2021-40368
04/12/20225.75.5Siemens SIMATIC CFU DIQ PROFINET Stack denial of serviceSIMATIC CFU DIQ/SIMATIC CFU PA/SIMATIC S7-1500 CPU/SIMATIC S7-300 CPU/SIMATIC S7-400 H V6 CPU/SIMATIC S7-400 PN/DP V7 CPU/SIMATIC S7-410 V10 CPU/SIMATIC S7-410 V8 CPU/SIMATIC TDC CP51M1/SIMATIC TDC CPU555/SIMATIC WinAC RTXNot DefinedOfficial Fix0.03CVE-2022-25622
04/01/20228.88.4mySCADA myPRO command injectionmyPRONot DefinedOfficial Fix0.16CVE-2022-0999
03/10/20226.56.4Schneider Electric Ritto Wiser Door Door Panel information disclosureRitto Wiser DoorNot DefinedOfficial Fix0.03CVE-2021-22783
03/10/20226.36.0Schneider Electric SMT/SMTL/SCL/SMX UPS authentication replaySMT/SMTL/SCL/SMXNot DefinedOfficial Fix0.18CVE-2022-22806
03/10/20226.36.0Schneider Electric SMT/SMC/SCL/SMX/SRT UPS improper authenticationSMT/SMC/SCL/SMX/SRTNot DefinedOfficial Fix0.10CVE-2022-0715
03/10/20225.35.2Schneider Electric EcoStruxure Process Expert Modbus Response unusual conditionEcoStruxure Process Expert/EcoStruxure Control ExpertNot DefinedOfficial Fix0.00CVE-2022-24323
03/10/20225.65.5Schneider Electric EcoStruxure Control Expert Modbus Response memory corruptionEcoStruxure Control ExpertNot DefinedOfficial Fix0.03CVE-2022-24322
03/10/20227.37.0Schneider Electric SMT/SMC/SMTL/SCL/SMX TLS Packet buffer overflowSMT/SMC/SMTL/SCL/SMXNot DefinedOfficial Fix0.14CVE-2022-22805
02/26/20227.37.3ICL ScadaFlex II SCADA Controller SC-2 Remote Code ExecutionScadaFlex II SCADA Controller SC-1/ScadaFlex II SCADA Controller SC-2Not DefinedNot Defined0.03CVE-2022-25359
02/12/20224.34.1Schneider Electric Interactive Graphical SCADA System Data Collector Network Message dc.exe buffer overflowInteractive Graphical SCADA System Data CollectorNot DefinedOfficial Fix0.08CVE-2021-22824
02/12/20226.36.0Schneider Electric Interactive Graphical SCADA System Data Collector dc.exe missing authenticationInteractive Graphical SCADA System Data CollectorNot DefinedOfficial Fix0.03CVE-2021-22823
02/12/20226.36.0Schneider Electric Interactive Graphical SCADA System Data Collector dc.exe missing authenticationInteractive Graphical SCADA System Data CollectorNot DefinedOfficial Fix0.03CVE-2021-22805
02/12/20225.55.3Schneider Electric ConneXium Network Manager Event Action privileges managementConneXium Network ManagerNot DefinedOfficial Fix0.06CVE-2021-22801
02/12/20223.53.4Schneider Electric Modicon M218 Logic Controller Service Port 1105 denial of serviceModicon M218 Logic ControllerNot DefinedOfficial Fix0.00CVE-2021-22800
02/12/20223.73.7Schneider Electric Conext ComBox cleartext transmissionConext ComBoxNot DefinedNot Defined0.04CVE-2021-22798
02/12/20225.55.3Schneider Electric Modicon M340 CPU Web Server out-of-bounds writeModicon M340 CPU/Modicon M340 X80 Ethernet Communication Module/Modicon Premium Processor/Modicon Quantum Processor/Modicon Quantum Communication Module/Modicon Premium Communication ModuleNot DefinedOfficial Fix0.02CVE-2021-22788
02/12/20223.53.4Schneider Electric Modicon M340 CPU Web Server denial of serviceModicon M340 CPU/Modicon M340 X80 Ethernet Communication Module/Modicon Premium Processor/Modicon Quantum Processor/Modicon Quantum Communication Module/Modicon Premium Communication ModuleNot DefinedOfficial Fix0.00CVE-2021-22787

1006 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!