VYPR

Vendor CVEs

Siemens Foundation

All CVEs

2,020 total · sorted by risk
  • CVE-2025-40761HigAug 12, 2025
    risk 0.49cvss 7.6epss 0.00

    A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX…

  • CVE-2024-52504HigAug 12, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions <…

  • CVE-2025-24007HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password…

  • CVE-2024-23815HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within…

  • CVE-2025-24811HigFeb 11, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC…

  • CVE-2024-54089HigFeb 11, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an…

  • CVE-2024-54015HigFeb 11, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89…

  • CVE-2024-43647HigSep 10, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20…

  • CVE-2024-39888HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. …

  • CVE-2024-22044HigMar 12, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create…

  • CVE-2024-22041HigMar 12, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200…

  • CVE-2024-22040HigMar 12, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200…

  • CVE-2022-40227HigOct 11, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions <…

  • CVE-2022-36324HigAug 10, 2022
    risk 0.49cvss 7.5epss 0.01

    Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

  • CVE-2021-27386HigMay 12, 2021
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels…

  • CVE-2021-27385HigMay 12, 2021
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels…

  • CVE-2021-27383HigMay 12, 2021
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels…

  • CVE-2021-25662HigMay 12, 2021
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels…

  • CVE-2021-25661HigMay 12, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels…

  • CVE-2021-25660HigMay 12, 2021
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels…

  • CVE-2020-15783HigNov 12, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a…

  • CVE-2019-18336HigMar 10, 2020
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK…

  • CVE-2019-10953HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.04

    ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

  • CVE-2019-6575HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC…

  • CVE-2018-16561HigApr 17, 2019
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful…

  • CVE-2018-11452HigJul 23, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3…

  • CVE-2018-11451HigJul 23, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3…

  • CVE-2018-4850HigMay 16, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected…

  • CVE-2018-4832HigApr 24, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions),…

  • CVE-2014-8421HigApr 12, 2018
    risk 0.49cvss 7.5epss 0.02

    Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4)…

  • CVE-2018-4840HigMar 8, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus…

  • CVE-2018-4838HigMar 8, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions),…

  • CVE-2018-4837HigJan 25, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server…

  • CVE-2017-12741HigDec 26, 2017
    risk 0.49cvss 7.5epss 0.03

    Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

  • CVE-2017-12734HigAug 30, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface.…

  • CVE-2017-9938HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically.

  • CVE-2016-7987HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect…

  • CVE-2016-9154HigDec 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U,…

  • CVE-2016-9158HigDec 17, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7…

  • CVE-2016-8563HigOct 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.

  • CVE-2016-7113HigSep 6, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03;…

  • CVE-2016-5874HigJul 22, 2016
    risk 0.49cvss 7.5epss 0.04

    Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.

  • CVE-2016-5744HigJul 22, 2016
    risk 0.49cvss 7.5epss 0.04

    Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.

  • CVE-2016-3949HigJun 27, 2016
    risk 0.49cvss 7.5epss 0.04

    Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus…

  • CVE-2016-2200HigFeb 8, 2016
    risk 0.49cvss 7.5epss 0.06

    Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.

  • CVE-2025-40800HigDec 9, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002),…

  • CVE-2011-20002HigOct 14, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.2), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.2). Affected controllers are vulnerable to capture-replay in the communication with…

  • CVE-2025-40769HigAug 12, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts,…

  • CVE-2024-56841HigJan 14, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.

  • CVE-2024-50302MedKEVNov 19, 2024
    risk 0.48cvss 5.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak…

Page 4 of 41