Detections
Analytics

Siemens SIMATIC TIA Portal Path Traversal (SSA-116924)

high Nessus Plugin ID 174624

Version 1.65

Oct 8, 2025, 9:19 AM

  • Logic Changes (Allow forking plugins to report all installs for structured vuln data.)

Plugin Feed: 202510080919

Version 1.64

Sep 30, 2025, 12:41 AM

  • Logic Changes (Add extra checks to see whether plugins should run. Modernisation of the HTTP/1 library. Various corrections and fixes for CPE related Flatline Test Failures. Remove spurious authentication header.)

Plugin Feed: 202509300041

Version 1.62

Jul 15, 2025, 2:39 AM

  • Logic Changes

Plugin Feed: 202507150239

Version 1.61

Jul 10, 2025, 5:41 PM

  • Logic Changes (Windows CA support)

Plugin Feed: 202507101741

Version 1.60

Jun 23, 2025, 9:47 PM

  • Logic Changes

Plugin Feed: 202506232147

Version 1.57

Feb 13, 2025, 12:29 PM

  • IAVM reference

Plugin Feed: 202502131229

Version 1.56

Feb 12, 2025, 3:29 PM

  • Logic Changes

Plugin Feed: 202502121529

Version 1.55

Feb 12, 2025, 1:58 AM

  • Logic Changes

Plugin Feed: 202502120158

Version 1.54

Feb 10, 2025, 4:00 PM

  • Logic Changes

Plugin Feed: 202502101600

Version 1.51

Jan 13, 2025, 10:27 PM

  • New

Plugin Feed: 202501132227

Version 1.50

Jan 13, 2025, 7:38 PM

  • Logic Changes (Add display fix to structured reporting.)

Plugin Feed: 202501131938

Version 1.46

Dec 24, 2024, 11:44 AM

  • New

Plugin Feed: 202412241144

Version 1.45

Nov 22, 2024, 6:54 PM

  • Logic Changes (Fixed installation reporting)

Plugin Feed: 202411221854

Version 1.44

Nov 12, 2024, 8:29 PM

  • Logic Changes (Adding installs report)

Plugin Feed: 202411122029

Version 1.42

Oct 29, 2024, 8:44 PM

  • Logic Changes (Extend structured reporting to vcf_extras)

Plugin Feed: 202410292044

Version 1.38

Oct 10, 2024, 11:57 PM

  • New

Plugin Feed: 202410102357

Version 1.37

Oct 9, 2024, 5:56 PM

  • Logic Changes (Corrects vulnerability-finding structured data tags to include the port.)

Plugin Feed: 202410091756

Version 1.33

Oct 3, 2024, 6:29 PM

  • Detection (Adding hardware constraint support to VCF and UCF)

Plugin Feed: 202410031829

Version 1.32

Oct 2, 2024, 4:10 PM

  • Logic Changes (Adds structured data reports to a subset of manual plugins.)

Plugin Feed: 202410021610

Version 1.27

Jul 17, 2024, 11:02 PM

  • Logic Changes

Plugin Feed: 202407172302

Version 1.23

May 20, 2024, 10:13 AM

  • Logic Changes

Plugin Feed: 202405201013

Version 1.20

Mar 19, 2024, 6:40 PM

  • Logic Changes (Improving logging to reduce disk space usage)

Plugin Feed: 202403191840

Version 1.17

Feb 9, 2024, 11:22 AM

  • New

Plugin Feed: 202402091122

Version 1.16

Jan 2, 2024, 2:43 PM

  • Logic Changes (typo)

Plugin Feed: 202401021443

Version 1.14

Nov 24, 2023, 10:09 AM

  • Logic Changes (add fixed version)

Plugin Feed: 202311241009

Version 1.12

Sep 26, 2023, 8:16 PM

  • Logic Changes

Plugin Feed: 202309262016

Version 1.11

Jul 17, 2023, 5:15 PM

  • Logic Changes (Make torture_cgi library PCP clean and consolidate utf16_to_ascii())

Plugin Feed: 202307171715

Version 1.10

Jun 20, 2023, 9:07 PM

  • Logic Changes (Temporarily limit debug logging)

Plugin Feed: 202306202107

Version 1.8

Jun 1, 2023, 5:27 AM

  • Logic Changes (Better logging)

Plugin Feed: 202306010527

Version 1.7

May 14, 2023, 10:07 AM

  • CVSS metrics ("CVSSv2 score" changed from 7.2 to 6.8. "CVSSv2 vector" changed from "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:P". "CVSSv3 score" changed from 7.8 to 7.3. "CVSSv3 vector" changed from "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L")
  • CVSSv2 severity (based on CVE-2023-26293, severity decreased from "High" to "Medium")
  • CVSSv3 score source (set to "CVE-2023-26293")
  • Exploit attributes ("Exploit available" set to "False")

Plugin Feed: 202305141007

Version 1.6

May 14, 2023, 6:02 AM

  • CVSSv2 severity (based on CVE-2023-26293, severity decreased from "High" to "Medium")
  • CVSS metrics ("CVSSv2 score" changed from 7.2 to 6.8. "CVSSv2 vector" changed from "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:P". "CVSSv3 score" changed from 7.8 to 7.3. "CVSSv3 vector" changed from "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L")
  • CVSSv3 score source (set to "CVE-2023-26293")
  • Exploit attributes ("Exploit available" set to "False")

Plugin Feed: 202305140602

Version 1.5

May 14, 2023, 2:08 AM

  • CVSSv3 score source (set to "CVE-2023-26293")
  • Exploit attributes ("Exploit available" set to "False")
  • CVSS metrics ("CVSSv2 score" changed from 7.2 to 6.8. "CVSSv2 vector" changed from "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:P". "CVSSv3 score" changed from 7.8 to 7.3. "CVSSv3 vector" changed from "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L")
  • CVSSv2 severity (based on CVE-2023-26293, severity decreased from "High" to "Medium")

Plugin Feed: 202305140208

Version 1.4

May 4, 2023, 4:01 PM

  • Detection (replaced inaccurate fixed_version)

Plugin Feed: 202305041601

Version 1.3

May 1, 2023, 9:07 PM

  • Detection (Make and use compatibility wrapper for running commands on scanner localhost to handle deprecation of pread().)

Plugin Feed: 202305012107

Version 1.1

Apr 24, 2023, 6:22 PM

  • Exploit attributes ("Exploit available" set to "False". "Exploit available" set to "False". "Exploit available" set to "False". "Exploitability ease" set to "No known exploits are available". "Exploitability ease" set to "No known exploits are available")
  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")

Plugin Feed: 202304241822

Version 1.0

Apr 21, 2023, 4:06 PM

  • New

Plugin Feed: 202304211606

* Changelogs are generally available for changes made after Nov 1, 2022