Filtered by vendor Siemens
Subscribe
Total
2123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9947 | 1 Siemens | 8 Apogee Pxc, Apogee Pxc Firmware, Apogee Pxc Modular and 5 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. | |||||
| CVE-2017-6870 | 1 Siemens | 1 Simatic Wincc Sm\@rtclient | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack. | |||||
| CVE-2017-12740 | 1 Siemens | 1 Logo\! Soft Comfort | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. | |||||
| CVE-2017-12734 | 1 Siemens | 2 Logo\!8 Bm Fs-05, Logo\!8 Bm Fs-05 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks. | |||||
| CVE-2017-5711 | 3 Asus, Intel, Siemens | 394 B150-a, B150-a Firmware, B150-plus and 391 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. | |||||
| CVE-2017-6871 | 1 Siemens | 2 Simatic Wincc Sm\@rtclient, Simatic Wincc Sm\@rtclient Lite | 2025-04-20 | 4.6 MEDIUM | 5.4 MEDIUM |
| A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions. | |||||
| CVE-2017-9944 | 1 Siemens | 2 7kt Pac1200 Data Manager, 7kt Pac1200 Data Manager Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. | |||||
| CVE-2017-6865 | 1 Siemens | 16 Pcs 7, Primary Setup Tool, Security Configuration Tool and 13 more | 2025-04-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover. | |||||
| CVE-2017-2686 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. | |||||
| CVE-2017-13099 | 3 Arubanetworks, Siemens, Wolfssl | 4 Instant, Scalance W1750d, Scalance W1750d Firmware and 1 more | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
| wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." | |||||
| CVE-2016-7987 | 1 Siemens | 8 Eta2 Firmware, Eta4 Firmware, Sicam Ak and 5 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability. | |||||
| CVE-2017-9946 | 1 Siemens | 8 Apogee Pxc, Apogee Pxc Firmware, Apogee Pxc Modular and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. | |||||
| CVE-2017-12735 | 1 Siemens | 2 Logo\!, Logo\! 8 Bm Firmware | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. | |||||
| CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |||||
| CVE-2017-14023 | 1 Siemens | 2 Simatic Pcs7, Simatic Wincc | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. | |||||
| CVE-2017-2689 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | |||||
| CVE-2017-6864 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | |||||
| CVE-2016-3949 | 1 Siemens | 4 Simatic S7-300 With Profitnet Support, Simatic S7-300 With Profitnet Support Firmware, Simatic S7-300 Without Profitnet Support and 1 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets. | |||||
| CVE-2015-7836 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-12 | 3.3 LOW | N/A |
| Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. | |||||
| CVE-2015-1599 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | 2.1 LOW | N/A |
| The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | |||||