VYPR

Vendor CVEs

Siemens Foundation

All CVEs

2,015 total · sorted by risk
  • CVE-2023-44374MedNov 14, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router…

  • CVE-2022-46144MedDec 13, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All…

  • CVE-2022-46140MedDec 13, 2022
    risk 0.42cvss 6.5epss 0.00

    Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.

  • CVE-2022-40225MedNov 10, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an…

  • CVE-2022-30694MedNov 8, 2022
    risk 0.42cvss 6.5epss 0.00

    The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

  • CVE-2022-34467MedJul 12, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may…

  • CVE-2022-32260MedJun 14, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in…

  • CVE-2022-32259MedJun 14, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture…

  • CVE-2022-32252MedJun 14, 2022
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to…

  • CVE-2022-29034MedJun 14, 2022
    risk 0.42cvss 6.1epss 0.28

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site…

  • CVE-2022-29880MedMay 20, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged…

  • CVE-2022-29877MedMay 20, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions <…

  • CVE-2022-27640MedMay 20, 2022
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by…

  • CVE-2022-24045MedMay 20, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets…

  • CVE-2022-24041MedMay 10, 2022
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived…

  • CVE-2022-24040MedMay 10, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper…

  • CVE-2022-28662MedApr 12, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability…

  • CVE-2022-28329MedApr 12, 2022
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed…

  • CVE-2021-41543MedMar 8, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could…

  • CVE-2021-45106MedFeb 9, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database.

  • CVE-2021-37196MedJan 11, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1…

  • CVE-2021-42023MedDec 14, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property…

  • CVE-2021-42022MedDec 14, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location…

  • CVE-2021-31882MedNov 9, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK…

  • CVE-2021-33727MedOct 12, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.

  • CVE-2021-33723MedOct 12, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.

  • CVE-2021-22946HigSep 29, 2021
    risk 0.42cvss 7.5epss 0.04

    A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed…

  • CVE-2021-37183MedSep 14, 2021
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these…

  • CVE-2021-37177MedSep 14, 2021
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.

  • CVE-2021-33716MedSep 14, 2021
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

  • CVE-2020-26141MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2…

  • CVE-2020-26140MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

  • CVE-2020-28388MedFeb 9, 2021
    risk 0.42cvss 6.5epss 0.02

    A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All…

  • CVE-2020-26981MedJan 12, 2021
    risk 0.42cvss 6.5epss 0.03

    A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially…

  • CVE-2019-19287MedDec 14, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication.

  • CVE-2020-15791MedSep 9, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The…

  • CVE-2020-7592MedJul 14, 2020
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI…

  • CVE-2019-19290MedMar 10, 2020
    risk 0.42cvss 6.5epss 0.02

    A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and…

  • CVE-2019-19277MedMar 10, 2020
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not…

  • CVE-2019-13929MedOct 10, 2019
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter…

  • CVE-2019-10927MedAug 13, 2019
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may…

  • CVE-2019-6576MedMay 14, 2019
    risk 0.42cvss 6.5epss 0.02

    A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions <…

  • CVE-2018-13810MedApr 17, 2019
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link.…

  • CVE-2018-4855MedJul 3, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.

  • CVE-2018-4843MedMar 20, 2018
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions <…

  • CVE-2017-9945MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.01

    In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart…

  • CVE-2017-6872MedAug 8, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.

  • CVE-2017-6866MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.

  • CVE-2015-5219HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.06

    The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

  • CVE-2017-6865MedMay 11, 2017
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC…

Page 22 of 41