Filtered by vendor Siemens
Subscribe
Total
1893 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41904 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys. | |||||
| CVE-2024-41903 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 7.2 HIGH |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption. | |||||
| CVE-2024-41683 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user passwords. | |||||
| CVE-2024-41682 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords. | |||||
| CVE-2024-41681 | 1 Siemens | 1 Location Intelligence | 2024-08-14 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device. | |||||
| CVE-2024-36398 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | |||||
| CVE-2024-41941 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization. | |||||
| CVE-2024-41940 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | |||||
| CVE-2024-41939 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. | |||||
| CVE-2024-41938 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | N/A | 3.8 LOW |
| A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. | |||||
| CVE-2024-41907 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. | |||||
| CVE-2024-41906 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. | |||||
| CVE-2024-41905 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. | |||||