Filtered by vendor Siemens
Subscribe
Total
1901 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39865 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution. | |||||
| CVE-2024-39571 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges. | |||||
| CVE-2024-39570 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges. | |||||
| CVE-2024-39569 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-11-21 | N/A | 6.6 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system. | |||||
| CVE-2024-39568 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. | |||||
| CVE-2024-37999 | 1 Siemens | 1 Medicalis Workflow Orchestrator | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges. | |||||
| CVE-2024-35208 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. | |||||
| CVE-2024-35207 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | |||||
| CVE-2024-33654 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-33653 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-32056 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-24925 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060) | |||||
| CVE-2024-24924 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059) | |||||
| CVE-2024-24923 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055) | |||||
| CVE-2024-24922 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715) | |||||
| CVE-2024-24921 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712) | |||||
| CVE-2024-24920 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710) | |||||
| CVE-2024-23816 | 1 Siemens | 1 Location Intelligence | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | |||||
| CVE-2024-23813 | 1 Siemens | 1 Polarion Alm | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code. | |||||
| CVE-2024-23812 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | N/A | 8.0 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. | |||||