Filtered by vendor Siemens
Subscribe
Total
1853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37191 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-02-28 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. | |||||
| CVE-2021-44018 | 1 Siemens | 3 Jt2go, Solid Edge, Teamcenter Visualization | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112) | |||||
| CVE-2021-44005 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2021-37734 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | |||||
| CVE-2021-37727 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | |||||
| CVE-2021-45034 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. | |||||
| CVE-2021-37207 | 1 Siemens | 1 Sentron Powermanager 3 | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2020-10053 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. | |||||
| CVE-2021-37206 | 1 Siemens | 3 Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. | |||||
| CVE-2021-41538 | 1 Siemens | 13 Nx 1957, Nx 1957 Firmware, Nx 1961 and 10 more | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770). | |||||
| CVE-2021-46152 | 1 Siemens | 1 Simcenter Femap | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183) | |||||
| CVE-2021-44449 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830) | |||||
| CVE-2022-0155 | 2 Follow-redirects Project, Siemens | 2 Follow-redirects, Sinec Ins | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | |||||
| CVE-2021-33625 | 3 Insyde, Netapp, Siemens | 34 Insydeh2o, Fas\/aff Bios, Ruggedcom Ape1808 and 31 more | 2024-02-28 | 6.9 MEDIUM | 7.5 HIGH |
| An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. | |||||
| CVE-2021-37174 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access. | |||||
| CVE-2021-41991 | 4 Debian, Fedoraproject, Siemens and 1 more | 46 Debian Linux, Fedora, Cp 1543-1 and 43 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. | |||||
| CVE-2021-37195 | 1 Siemens | 1 Comos | 2024-02-28 | 2.6 LOW | 6.1 MEDIUM |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. | |||||
| CVE-2021-37190 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-02-28 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. | |||||
| CVE-2021-33728 | 1 Siemens | 1 Sinec Nms | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges. | |||||
| CVE-2021-37186 | 1 Siemens | 12 Logo\! Cmr2020, Logo\! Cmr2020 Firmware, Logo\! Cmr2040 and 9 more | 2024-02-28 | 4.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information. | |||||