VYPR

Vendor CVEs

Siemens Foundation

All CVEs

2,020 total · sorted by risk
  • CVE-2018-16563Mar 21, 2019
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104…

  • CVE-2018-13804Dec 13, 2018
    risk 0.00cvss epss 0.03

    A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing…

  • CVE-2018-13815Dec 13, 2018
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation…

  • CVE-2018-16557Dec 13, 2018
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions…

  • CVE-2018-16556Dec 13, 2018
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions…

  • CVE-2018-13814Dec 13, 2018
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC…

  • CVE-2018-13811Dec 13, 2018
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker…

  • CVE-2018-13813Dec 13, 2018
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15…

  • CVE-2018-16555Dec 13, 2018
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks…

  • CVE-2018-11466Dec 12, 2018
    risk 0.00cvss epss 0.04

    A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially…

  • CVE-2018-11458Dec 12, 2018
    risk 0.00cvss epss 0.05

    A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a…

  • CVE-2018-13816Dec 12, 2018
    risk 0.00cvss epss 0.03

    A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user…

  • CVE-2018-11464Dec 12, 2018
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a…

  • CVE-2018-11465Dec 12, 2018
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local…

  • CVE-2018-11457Dec 12, 2018
    risk 0.00cvss epss 0.05

    A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a…

  • CVE-2018-11461Dec 12, 2018
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local…

  • CVE-2018-11459Dec 12, 2018
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local…

  • CVE-2018-11460Dec 12, 2018
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local…

  • CVE-2018-11463Dec 12, 2018
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer…

  • CVE-2018-13805Oct 10, 2018
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a…

  • CVE-2018-13801Oct 10, 2018
    risk 0.00cvss epss 0.03

    A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires…

  • CVE-2018-13800Oct 10, 2018
    risk 0.00cvss epss 0.01

    A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user…

  • CVE-2018-13802Oct 10, 2018
    risk 0.00cvss epss 0.04

    A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the…

  • CVE-2015-8214Nov 27, 2015
    risk 0.00cvss epss 0.02

    A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1…

  • CVE-2015-7836Oct 28, 2015
    risk 0.00cvss epss 0.01

    Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.

  • CVE-2015-6675Sep 11, 2015
    risk 0.00cvss epss 0.01

    Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.

  • CVE-2015-5717Aug 31, 2015
    risk 0.00cvss epss 0.01

    The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2015-5698Aug 30, 2015
    risk 0.00cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2015-5537Aug 3, 2015
    risk 0.00cvss epss 0.01

    The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

  • CVE-2015-5084Aug 3, 2015
    risk 0.00cvss epss 0.00

    The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-5386Jul 16, 2015
    risk 0.00cvss epss 0.03

    Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests.

  • CVE-2015-4174Jun 28, 2015
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2015-3610May 7, 2015
    risk 0.00cvss epss 0.00

    The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate.

  • CVE-2015-2823Apr 8, 2015
    risk 0.00cvss epss 0.02

    Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA…

  • CVE-2015-2822Apr 8, 2015
    risk 0.00cvss epss 0.02

    Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.

  • CVE-2015-1602Apr 6, 2015
    risk 0.00cvss epss 0.00

    Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these…

  • CVE-2015-1601Apr 6, 2015
    risk 0.00cvss epss 0.01

    Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.

  • CVE-2015-1599Mar 7, 2015
    risk 0.00cvss epss 0.00

    The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.

  • CVE-2015-1598Mar 7, 2015
    risk 0.00cvss epss 0.00

    The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.

  • CVE-2015-1597Mar 7, 2015
    risk 0.00cvss epss 0.01

    The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.

  • CVE-2015-1596Mar 7, 2015
    risk 0.00cvss epss 0.01

    The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2015-1595Mar 7, 2015
    risk 0.00cvss epss 0.01

    The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.

  • CVE-2015-1594Mar 7, 2015
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows…

  • CVE-2014-9369Mar 7, 2015
    risk 0.00cvss epss 0.02

    Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets.

  • CVE-2015-1358Feb 18, 2015
    risk 0.00cvss epss 0.03

    The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly…

  • CVE-2015-1356Feb 18, 2015
    risk 0.00cvss epss 0.01

    Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.

  • CVE-2015-1355Feb 18, 2015
    risk 0.00cvss epss 0.00

    Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.

  • CVE-2015-1449Feb 2, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32…

  • CVE-2015-1448Feb 2, 2015
    risk 0.00cvss epss 0.03

    The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote…

  • CVE-2015-1357Feb 2, 2015
    risk 0.00cvss epss 0.01

    Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover…

Page 38 of 41