Dmitry Nagibin

Pesquisador dePositive Technologies Research Team
#14108de 53,639
19CVSS total
Vulnerabilidades · 3
Média
3
PT-2014-1221
6.2
2014-05-22
Emerson · Emerson Deltav · CVE-2014-2349
**Name of the Vulnerable Software and Affected Versions** Emerson DeltaV versions 10.3.1, 11.3, 11.3.1, and 12.3 **Description** The issue allows local users to modify or read configuration files by leveraging engineering-level privileges. It is related to errors that occur when processing a specially crafted configuration file, which can be exploited to elevate privileges and gain unauthorized access to confidential information. **Recommendations** For Emerson DeltaV version 10.3.1, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 11.3, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 11.3.1, update to a version that fixes the issue with configuration file handling. For Emerson DeltaV version 12.3, update to a version that fixes the issue with configuration file handling. As a temporary workaround, consider restricting access to configuration files to minimize the risk of exploitation.
PT-2014-1223
6.0
2014-01-08
Siemens · Simatic Wincc · CVE-2014-4684
**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC versions prior to 7.3 **Description** The issue allows remote authenticated users to gain privileges via a request to the TCP port 1433. It is related to errors that occur when processing a specially crafted command on the database server. This can be exploited by authorized users to elevate their privileges in the database. **Recommendations** For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 1433 to minimize the risk of exploitation.
PT-2013-2519
6.8
2013-03-21
Siemens · Siemens Wincc · CVE-2013-0674
**Name of the Vulnerable Software and Affected Versions** Siemens WinCC versions prior to 7.2 SIMATIC PCS7 versions prior to 8.0 SP1 **Description** The issue is related to a buffer overflow in the RegReader ActiveX control. This allows remote attackers to execute arbitrary code via a long parameter. **Recommendations** For Siemens WinCC versions prior to 7.2, update to version 7.2 or later. For SIMATIC PCS7 versions prior to 8.0 SP1, update to version 8.0 SP1 or later.