Filtered by vendor Siemens
Subscribe
Total
2029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32741 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-08-26 | N/A | 10.0 CRITICAL |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device. | |||||
| CVE-2025-27392 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-08-25 | N/A | 7.2 HIGH |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. | |||||
| CVE-2024-51447 | 1 Siemens | 1 Polarion Alm | 2025-08-22 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames. | |||||
| CVE-2025-40566 | 1 Siemens | 1 Simatic Pcs Neo | 2025-08-22 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. | |||||
| CVE-2022-31807 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2025-08-22 | N/A | 6.2 MEDIUM |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly". | |||||
| CVE-2022-31812 | 1 Siemens | 1 Sipass Integrated | 2025-08-22 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition. | |||||
| CVE-2025-27393 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-08-22 | N/A | 7.2 HIGH |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. | |||||
| CVE-2025-27394 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-08-22 | N/A | 7.2 HIGH |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device. | |||||
| CVE-2025-27395 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-08-22 | N/A | 7.2 HIGH |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files. | |||||
| CVE-2025-27396 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-08-22 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges. | |||||
| CVE-2025-27397 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-08-22 | N/A | 3.8 LOW |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' . | |||||
| CVE-2025-27398 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-08-22 | N/A | 2.7 LOW |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem. | |||||
| CVE-2025-27493 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2025-08-22 | N/A | 8.2 HIGH |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2025-27494 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2025-08-22 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2025-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | |||||
| CVE-2018-25032 | 12 Apple, Azul, Debian and 9 more | 39 Mac Os X, Macos, Zulu and 36 more | 2025-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | |||||
| CVE-2023-38533 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | N/A | 3.3 LOW |
| A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. | |||||
| CVE-2025-23365 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code. | |||||
| CVE-2025-23364 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | N/A | 6.2 MEDIUM |
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations. | |||||
| CVE-2025-40593 | 1 Siemens | 1 Simatic Cn 4100 | 2025-08-21 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition. | |||||