Filtered by vendor Siemens
Subscribe
Total
1893 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0675 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 6.1 MEDIUM | N/A |
| Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet. | |||||
| CVE-2011-3321 | 1 Siemens | 2 Simatic Wincc Flexible Runtime, Simatic Wincc Runtime | 2025-04-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308. | |||||
| CVE-2012-3009 | 1 Siemens | 1 Comos | 2025-04-11 | 8.5 HIGH | N/A |
| Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls. | |||||
| CVE-2013-0671 | 1 Siemens | 1 Wincc Tia Portal | 2025-04-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. | |||||
| CVE-2011-4876 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. | |||||
| CVE-2014-1699 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | 5.0 MEDIUM | N/A |
| Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. | |||||
| CVE-2010-2772 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2025-04-11 | 6.9 MEDIUM | 7.8 HIGH |
| Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | |||||
| CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | |||||
| CVE-2011-4508 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2011-4511 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. | |||||
| CVE-2011-4514 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. | |||||
| CVE-2013-3957 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2022-31766 | 1 Siemens | 32 Ruggedcom Rm1224, Ruggedcom Rm1224 Firmware, Scalance M804pb and 29 more | 2025-04-10 | N/A | 8.6 HIGH |
| A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.1.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.1.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.1.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.1.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.1.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.1.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.1.2), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions >= V1.1.0 < V3.0.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources. | |||||
| CVE-2023-28831 | 1 Siemens | 156 Simatic Cloud Connect 7 Cc712, Simatic Cloud Connect 7 Cc712 Firmware, Simatic Cloud Connect 7 Cc716 and 153 more | 2025-04-10 | N/A | 7.5 HIGH |
| The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. | |||||
| CVE-2022-22965 | 5 Cisco, Oracle, Siemens and 2 more | 39 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 36 more | 2025-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | |||||
| CVE-2007-1918 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2009-1152 | 1 Siemens | 1 Gigaset Se461 Wimax Router | 2025-04-09 | 7.3 HIGH | N/A |
| Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection. | |||||
| CVE-2008-6916 | 2 John Doe, Siemens | 2 Netport Software, Speedstream 5200 | 2025-04-09 | 10.0 HIGH | N/A |
| Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. | |||||
| CVE-2008-2235 | 2 Opensc-project, Siemens | 2 Opensc, Cardos | 2025-04-09 | 4.9 MEDIUM | N/A |
| OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. | |||||
| CVE-2009-3322 | 1 Siemens | 1 Gigaset Se361 Wlan Router | 2025-04-09 | 7.8 HIGH | N/A |
| The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723. | |||||