Yuriy Goltsev

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1200 CPU PLC devices with firmware prior to 4.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in the device transitioning to defect mode, which lasts until a hardware reset is performed. This is achieved by sending specially crafted PROFINET packets. **Recommendations** For Siemens SIMATIC S7-1200 CPU PLC devices with firmware prior to 4.0, update the firmware to version 4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1500 CPU PLC devices versions prior to 1.5.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a defect-mode transition, by sending crafted Profinet packets. **Recommendations** For versions prior to 1.5.0, update the firmware to version 1.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1500 CPU PLC devices versions prior to 1.5.0 Siemens SIMATIC S7-1200 CPU PLC devices versions prior to 4.0 **Description** A cross-site request forgery (CSRF) issue affects the software, allowing remote attackers to hijack the authentication of victims via unknown vectors. The vulnerability is also described as affecting the embedded server of the Simatic S7-1200 programmable logic controller, specifically on port 80 TCP and port 443 TCP, enabling cross-site request forgery. **Recommendations** For Siemens SIMATIC S7-1500 CPU PLC devices versions prior to 1.5.0, update the firmware to version 1.5.0 or later. For Siemens SIMATIC S7-1200 CPU PLC devices versions prior to 4.0, update the firmware to version 4.0 or later.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1500 CPU PLC devices versions prior to 1.5.0 **Description** The issue allows remote attackers to inject headers via unspecified vectors, potentially affecting the integrated web server on the devices. **Recommendations** For versions prior to 1.5.0, update the firmware to version 1.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens SIMATIC S7-1500 CPU PLC devices versions prior to 1.5.0 **Description** The issue concerns the random-number generator, which lacks sufficient entropy. This weakness can be exploited by remote attackers to bypass cryptographic protection mechanisms and hijack sessions. **Recommendations** For versions prior to 1.5.0, update the firmware to version 1.5.0 or later to address the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC version 7.0 SP3 before Update 2 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. This can be achieved by including a malicious URL in the request. **Recommendations** For Siemens WinCC version 7.0 SP3 before Update 2, apply Update 2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC version 7.0 SP3 before Update 2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. **Recommendations** For Siemens WinCC version 7.0 SP3 before Update 2, apply Update 2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC version 7.0 SP3 before Update 2 **Description** The issue concerns the XPath functionality in web applications, which does not properly handle special characters in parameters. This allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. **Recommendations** For Siemens WinCC version 7.0 SP3 before Update 2, update to a version that includes Update 2 to resolve the issue. As a temporary workaround, consider restricting access to the XPath functionality to minimize the risk of exploitation. Avoid using special characters in parameters for the affected web applications until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC version 7.0 SP3 before Update 2 **Description** The issue allows remote authenticated users to read arbitrary files via a crafted parameter in a URL, due to multiple directory traversal vulnerabilities. **Recommendations** For Siemens WinCC version 7.0 SP3 before Update 2, apply Update 2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens WinCC versions 7.0 SP3 through Update 2 **Description** The issue is related to a buffer overflow in the DiagAgent web server, which can be exploited by remote attackers to cause a denial of service, resulting in an agent outage. This can be achieved by sending crafted input to the vulnerable server. **Recommendations** For versions 7.0 SP3 through Update 2, update to a version later than Update 2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Access Control Server (ACS) version 5.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine of Cisco Secure Access Control Server (ACS). These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Cisco Secure Access Control Server (ACS) version 5.2, update to a version that includes the fix for Bug ID CSCtr78192 to resolve the issue. As a temporary workaround, consider restricting access to the Solution Engine to minimize the risk of exploitation.