VYPR

Vendor CVEs

Siemens Foundation

All CVEs

2,015 total · sorted by risk
  • CVE-2017-2681MedMay 11, 2017
    risk 0.42cvss 6.5epss 0.01

    Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

  • CVE-2017-2680MedMay 11, 2017
    risk 0.42cvss 6.5epss 0.01

    Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

  • CVE-2017-2686MedMar 29, 2017
    risk 0.42cvss 6.5epss 0.01

    Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information.

  • CVE-2016-7165MedNov 15, 2016
    risk 0.42cvss 6.4epss 0.00

    A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS…

  • CVE-2016-8564MedOct 13, 2016
    risk 0.42cvss 6.5epss 0.01

    SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.

  • CVE-2016-2846MedMar 16, 2016
    risk 0.42cvss 6.5epss 0.02

    Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.

  • CVE-2026-35535HigApr 3, 2026
    risk 0.41cvss 7.4epss 0.00

    In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

  • CVE-2023-32737MedJul 9, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute…

  • CVE-2024-33497MedMay 14, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…

  • CVE-2024-33496MedMay 14, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…

  • CVE-2024-30208MedMay 14, 2024
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…

  • CVE-2023-46097MedNov 14, 2023
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.

  • CVE-2022-34464MedJul 12, 2022
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a…

  • CVE-2019-19294MedMar 10, 2020
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote…

  • CVE-2025-40808MedJun 9, 2026
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All…

  • CVE-2025-40753MedAug 12, 2025
    risk 0.40cvss 6.2epss 0.00

    A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER…

  • CVE-2025-40752MedAug 12, 2025
    risk 0.40cvss 6.2epss 0.00

    A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER…

  • CVE-2024-35295MedJun 11, 2025
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025). The maintenance connection of affected devices fails to protect access to the device's control unit configuration.…

  • CVE-2024-30190MedApr 9, 2024
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA…

  • CVE-2024-30189MedApr 9, 2024
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE…

  • CVE-2023-50821MedApr 9, 2024
    risk 0.40cvss 6.2epss 0.00

    A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All…

  • CVE-2023-39950MedAug 14, 2023
    risk 0.40cvss 6.1epss 0.00

    efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code…

  • CVE-2023-30757MedJun 13, 2023
    risk 0.40cvss 6.2epss 0.00

    A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated…

  • CVE-2023-23588MedApr 11, 2023
    risk 0.40cvss 6.2epss 0.00

    A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows),…

  • CVE-2022-46350MedDec 13, 2022
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All…

  • CVE-2022-44575MedDec 13, 2022
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into…

  • CVE-2022-40631MedOct 11, 2022
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE…

  • CVE-2022-32286MedJun 14, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is…

  • CVE-2022-32145MedJun 14, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could…

  • CVE-2022-25756MedApr 12, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE…

  • CVE-2021-44478MedMar 8, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker…

  • CVE-2021-41542MedMar 8, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to…

  • CVE-2021-41541MedMar 8, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to…

  • CVE-2022-23312MedFeb 9, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked…

  • CVE-2022-23102MedFeb 9, 2022
    risk 0.40cvss 6.1epss 0.05

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing…

  • CVE-2021-37195MedJan 11, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS…

  • CVE-2021-33710MedJul 13, 2021
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the…

  • CVE-2019-19288MedDec 14, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.

  • CVE-2020-15788MedSep 9, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web…

  • CVE-2020-10043MedJul 14, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.

  • CVE-2020-10041MedJul 14, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A stored Cross-Site-Scripting (XSS) vulnerability is present in different locations of the web application. An attacker might be able to take over a…

  • CVE-2020-7575MedApr 14, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow…

  • CVE-2020-7574MedApr 14, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the "Server Config" web interface of the affected devices that could…

  • CVE-2020-7579MedMar 10, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If…

  • CVE-2019-6585MedMar 10, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server…

  • CVE-2019-19293MedMar 10, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive…

  • CVE-2019-13943MedDec 12, 2019
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet…

  • CVE-2019-10933MedJul 11, 2019
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User…

  • CVE-2018-13809MedApr 17, 2019
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is…

  • CVE-2018-11450MedJul 9, 2018
    risk 0.40cvss 6.1epss 0.01

    A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal…

Page 23 of 41