Gleb Gritsay

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC (TIA Portal) versions prior to 13 SP1 Siemens SIMATIC WinCC flexible versions prior to 2008 SP3 Up7 **Description** The issue concerns the remote-management module in certain Siemens products, where credentials are not properly encrypted in transit. This makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. **Recommendations** For Siemens SIMATIC WinCC (TIA Portal) versions prior to 13 SP1, update to version 13 SP1 or later. For Siemens SIMATIC WinCC flexible versions prior to 2008 SP3 Up7, update to version 2008 SP3 Up7 or later.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC OA versions prior to 3.12 P002 January **Description** The issue is related to the use of a weak hash algorithm for passwords, making it easier for remote attackers to obtain access via a brute-force attack. This weakness allows an attacker to potentially elevate their privileges using a full brute-force method. **Recommendations** For versions prior to 3.12 P002 January, update to version 3.12 P002 January or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. Avoid using weak passwords and consider implementing additional security measures to prevent brute-force attacks.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC WinCC versions prior to 7.3 **Description** The issue allows remote authenticated users to gain privileges via a request to the TCP port 1433. It is related to errors that occur when processing a specially crafted command on the database server. This can be exploited by authorized users to elevate their privileges in the database. **Recommendations** For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP port 1433 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Invensys Wonderware Information Server (WIS) versions 4.0 SP1 through 5.0 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to unrestricted size and amount values. **Recommendations** For versions 4.0 SP1 through 5.0, restrict size and amount values to prevent remote attackers from executing arbitrary code or causing a denial of service.

**Name of the Vulnerable Software and Affected Versions** Invensys Wonderware Information Server (WIS) versions 4.0 SP1 through 5.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Invensys Wonderware Information Server (WIS) versions 4.0 SP1 through 5.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Invensys Wonderware Information Server (WIS) version 4.0 SP1 Invensys Wonderware Information Server (WIS) versions 4.5 through 5.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Invensys Wonderware Information Server (WIS) version 4.0 SP1, update to a version that includes a fix for this issue. For Invensys Wonderware Information Server (WIS) versions 4.5 through 5.0, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC versions prior to 7.2 SIMATIC PCS7 versions prior to 8.0 SP1 **Description** The issue is related to the improper representation of WebNavigator credentials in a database. This makes it easier for remote authenticated users to obtain sensitive information via a SQL query. **Recommendations** For Siemens WinCC versions prior to 7.2, update to version 7.2 or later. For SIMATIC PCS7 versions prior to 8.0 SP1, update to version 8.0 SP1 or later.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC versions prior to 7.2 SIMATIC PCS7 versions prior to 8.0 SP1 **Description** The issue is related to a buffer overflow in the RegReader ActiveX control. This allows remote attackers to execute arbitrary code via a long parameter. **Recommendations** For Siemens WinCC versions prior to 7.2, update to version 7.2 or later. For SIMATIC PCS7 versions prior to 8.0 SP1, update to version 8.0 SP1 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco SPA8000 and SPA8800 versions prior to 6.1.11 Cisco SPA2102 and SPA3102 versions prior to 5.2.13 Cisco SPA 500 series IP phones versions prior to 7.4.9 **Description** A cross-site scripting (XSS) issue exists in the SIP implementation, allowing remote attackers to inject arbitrary web script or HTML via the `FROM` field of an INVITE message. **Recommendations** For Cisco SPA8000 and SPA8800 versions prior to 6.1.11, update to version 6.1.11 or later. For Cisco SPA2102 and SPA3102 versions prior to 5.2.13, update to version 5.2.13 or later. For Cisco SPA 500 series IP phones versions prior to 7.4.9, update to version 7.4.9 or later.