Filtered by vendor Siemens
Subscribe
Total
1853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28381 | 1 Siemens | 1 Solid Edge | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2019-17006 | 3 Mozilla, Netapp, Siemens | 21 Network Security Services, Hci Compute Node, Hci Management Node and 18 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | |||||
| CVE-2020-8287 | 5 Debian, Fedoraproject, Nodejs and 2 more | 5 Debian Linux, Fedora, Node.js and 2 more | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. | |||||
| CVE-2020-25238 | 1 Siemens | 2 Simatic Process Control System Neo, Totally Integrated Automation Portal | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. | |||||
| CVE-2020-25228 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port. | |||||
| CVE-2020-15794 | 1 Siemens | 1 Desigo Insight | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system. | |||||
| CVE-2020-26987 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017) | |||||
| CVE-2020-25245 | 1 Siemens | 1 Digsi 4 | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM. | |||||
| CVE-2019-19283 | 1 Siemens | 1 Xhq | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place. | |||||
| CVE-2019-19289 | 1 Siemens | 1 Xhq | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. | |||||
| CVE-2020-25229 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device. | |||||
| CVE-2020-8744 | 2 Intel, Siemens | 9 Converged Security And Management Engine, Server Platform Services, Trusted Execution Engine and 6 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-22884 | 5 Fedoraproject, Netapp, Nodejs and 2 more | 13 Fedora, Active Iq Unified Manager, E-series Performance Analyzer and 10 more | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
| Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. | |||||
| CVE-2020-15800 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-02-28 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily. | |||||
| CVE-2021-27290 | 3 Oracle, Siemens, Ssri Project | 3 Graalvm, Sinec Infrastructure Network Services, Ssri | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. | |||||
| CVE-2020-26989 | 1 Siemens | 3 Jt2go, Solid Edge, Teamcenter Visualization | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892) | |||||
| CVE-2020-28394 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283) | |||||
| CVE-2020-26990 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897) | |||||
| CVE-2019-19287 | 1 Siemens | 1 Xhq | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication. | |||||
| CVE-2021-22663 | 2 Hornerautomation, Siemens | 2 Cscape, Cscape | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||