Filtered by vendor Siemens
Subscribe
Total
2107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27494 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2025-08-22 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2025-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | |||||
| CVE-2018-25032 | 12 Apple, Azul, Debian and 9 more | 39 Mac Os X, Macos, Zulu and 36 more | 2025-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | |||||
| CVE-2023-38533 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | N/A | 3.3 LOW |
| A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. | |||||
| CVE-2025-23365 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code. | |||||
| CVE-2025-23364 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | N/A | 6.2 MEDIUM |
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations. | |||||
| CVE-2025-40593 | 1 Siemens | 1 Simatic Cn 4100 | 2025-08-21 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition. | |||||
| CVE-2025-40738 | 1 Siemens | 1 Sinec Nms | 2025-08-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572). | |||||
| CVE-2025-40737 | 1 Siemens | 1 Sinec Nms | 2025-08-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571). | |||||
| CVE-2025-40736 | 1 Siemens | 1 Sinec Nms | 2025-08-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569). | |||||
| CVE-2025-40735 | 1 Siemens | 1 Sinec Nms | 2025-08-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | |||||
| CVE-2025-40741 | 1 Siemens | 1 Solid Edge | 2025-08-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2025-40740 | 1 Siemens | 1 Solid Edge | 2025-08-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2025-40739 | 1 Siemens | 1 Solid Edge | 2025-08-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-39567 | 1 Siemens | 1 Sinema Remote Connect Client | 2025-08-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. | |||||
| CVE-2025-30034 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2025-08-20 | N/A | 6.2 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition. | |||||
| CVE-2025-40746 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2025-08-20 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges. | |||||
| CVE-2025-40751 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2025-08-20 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. | |||||
| CVE-2025-40770 | 1 Siemens | 1 Sinec Traffic Analyzer | 2025-08-20 | N/A | 7.4 HIGH |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks. | |||||
| CVE-2024-32006 | 1 Siemens | 1 Sinema Remote Connect Client | 2025-08-20 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication. | |||||