VYPR

Vendor CVEs

Siemens Foundation

All CVEs

2,020 total · sorted by risk
  • CVE-2015-1049Feb 2, 2015
    risk 0.00cvss epss 0.02

    The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors.

  • CVE-2015-1048Jan 21, 2015
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2014-8479Jan 21, 2015
    risk 0.00cvss epss 0.01

    The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.

  • CVE-2014-8478Jan 21, 2015
    risk 0.00cvss epss 0.02

    The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.

  • CVE-2014-5233Jan 14, 2015
    risk 0.00cvss epss 0.00

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.

  • CVE-2014-5232Jan 14, 2015
    risk 0.00cvss epss 0.00

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.

  • CVE-2014-5231Jan 14, 2015
    risk 0.00cvss epss 0.00

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.

  • CVE-2014-8552Nov 26, 2014
    risk 0.00cvss epss 0.02

    The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

  • CVE-2014-8551Nov 26, 2014
    risk 0.00cvss epss 0.05

    The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

  • CVE-2014-4686Jul 24, 2014
    risk 0.00cvss epss 0.01

    The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then…

  • CVE-2014-4685Jul 24, 2014
    risk 0.00cvss epss 0.00

    Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.

  • CVE-2014-4684Jul 24, 2014
    risk 0.00cvss epss 0.01

    The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.

  • CVE-2014-4683Jul 24, 2014
    risk 0.00cvss epss 0.01

    The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.

  • CVE-2014-4682Jul 24, 2014
    risk 0.00cvss epss 0.02

    The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.

  • CVE-2014-2909Apr 25, 2014
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

  • CVE-2014-2733Apr 19, 2014
    risk 0.00cvss epss 0.03

    Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.

  • CVE-2014-2732Apr 19, 2014
    risk 0.00cvss epss 0.04

    Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.

  • CVE-2014-2731Apr 19, 2014
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.

  • CVE-2014-2590Apr 1, 2014
    risk 0.00cvss epss 0.02

    The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.

  • CVE-2014-2258Mar 24, 2014
    risk 0.00cvss epss 0.05

    Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.

  • CVE-2014-2254Mar 24, 2014
    risk 0.00cvss epss 0.05

    Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.

  • CVE-2014-2256Mar 24, 2014
    risk 0.00cvss epss 0.04

    Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.

  • CVE-2014-2252Mar 24, 2014
    risk 0.00cvss epss 0.01

    Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.

  • CVE-2014-2250Mar 24, 2014
    risk 0.00cvss epss 0.03

    The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different…

  • CVE-2014-2259Mar 16, 2014
    risk 0.00cvss epss 0.04

    Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.

  • CVE-2014-2257Mar 16, 2014
    risk 0.00cvss epss 0.03

    Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets.

  • CVE-2014-2255Mar 16, 2014
    risk 0.00cvss epss 0.04

    Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.

  • CVE-2014-2253Mar 16, 2014
    risk 0.00cvss epss 0.01

    Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.

  • CVE-2014-2251Mar 16, 2014
    risk 0.00cvss epss 0.03

    The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.

  • CVE-2014-2249Mar 16, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2014-2248Mar 16, 2014
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2014-2247Mar 16, 2014
    risk 0.00cvss epss 0.02

    The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.

  • CVE-2014-2246Mar 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-1966Feb 24, 2014
    risk 0.00cvss epss 0.02

    The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets.

  • CVE-2014-1699Feb 7, 2014
    risk 0.00cvss epss 0.02

    Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.

  • CVE-2014-1698Feb 7, 2014
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.

  • CVE-2014-1697Feb 7, 2014
    risk 0.00cvss epss 0.05

    The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.

  • CVE-2014-1696Feb 7, 2014
    risk 0.00cvss epss 0.02

    Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.

  • CVE-2013-6926Dec 17, 2013
    risk 0.00cvss epss 0.01

    The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.

  • CVE-2013-6925Dec 17, 2013
    risk 0.00cvss epss 0.02

    The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.

  • CVE-2013-6840Dec 10, 2013
    risk 0.00cvss epss 0.00

    Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.

  • CVE-2013-6920Dec 7, 2013
    risk 0.00cvss epss 0.03

    Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

  • CVE-2013-5944Oct 3, 2013
    risk 0.00cvss epss 0.02

    The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the…

  • CVE-2013-5709Sep 17, 2013
    risk 0.00cvss epss 0.03

    The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a…

  • CVE-2013-4943Aug 9, 2013
    risk 0.00cvss epss 0.00

    The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.

  • CVE-2013-4912Aug 1, 2013
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

  • CVE-2013-4911Aug 1, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

  • CVE-2013-4652Aug 1, 2013
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.

  • CVE-2013-4651Aug 1, 2013
    risk 0.00cvss epss 0.01

    Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust…

  • CVE-2013-4781Jul 18, 2013
    risk 0.00cvss epss 0.03

    core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors.