New vulnerabilities/fixes in Siemens WinCC 7.0 SP3 Update 1
CVE-2013-0678/
MISSING ENCRYPTION OF SENSITIVE DATA
CVE-2013-0676
IMPROPER AUTHORIZATION
CVE-2013-0677 XXE OOB in project files
CVE-2013-0677 XXE OOB in project files
CVE-2013-0679
RELATIVE PATH TRAVERSAL
CVE-2013-0674,
CVE-2013-0675 BUFFER OVERFLOW
+ lot of good stuff for WinCC Flexible in
TIA Portal V11.
Thanks to Gleb
Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, Ilya Karpov,
Alexey Osipov, Sergey Gordeychik, Dmitry Nagibin and Siemens CERT/Product team.
SSA-212483
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf
SSA-714398
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf
ICSA-13-079-02
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf
Enjoy!
PS. Exploits for WinCC? No way! This is Out Of Band.
Hello Everybody,
ReplyDeleteMy name is Mrs Sharon Sim. I live in Singapore and i am a happy woman today? and i told my self that any lender that rescue my family from our poor situation, i will refer any person that is looking for loan to him, he gave me happiness to me and my family, i was in need of a loan of $250,000.00 to start my life all over as i am a single mother with 3 kids I met this honest and GOD fearing man loan lender that help me with a loan of $250,000.00 SG. Dollar, he is a GOD fearing man, if you are in need of loan and you will pay back the loan please contact him tell him that is Mrs Sharon, that refer you to him. contact Dr Purva Pius, call/whats-App Contact Number +918929509036 via email:(urgentloan22@gmail.com) Thank you.