Filtered by vendor Siemens
Subscribe
Total
1853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13099 | 3 Arubanetworks, Siemens, Wolfssl | 4 Instant, Scalance W1750d, Scalance W1750d Firmware and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." | |||||
| CVE-2017-6872 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. | |||||
| CVE-2017-12069 | 2 Ocpfoundation, Siemens | 4 Local Discovery Server, Ua .net, Simatic Pcs7 and 1 more | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
| An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. | |||||
| CVE-2017-12739 | 1 Siemens | 2 Sm-2556, Sm-2556 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device. | |||||
| CVE-2017-6869 | 1 Siemens | 1 Viewport For Web Office Portal | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. | |||||
| CVE-2017-9940 | 1 Siemens | 1 Sipass Integrated | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. | |||||
| CVE-2017-6866 | 1 Siemens | 1 Xhq Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. | |||||
| CVE-2017-12740 | 1 Siemens | 1 Logo\! Soft Comfort | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. | |||||
| CVE-2017-9944 | 1 Siemens | 2 7kt Pac1200 Data Manager, 7kt Pac1200 Data Manager Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. | |||||
| CVE-2017-5712 | 3 Asus, Intel, Siemens | 394 B150-a, B150-a Firmware, B150-plus and 391 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. | |||||
| CVE-2017-14023 | 1 Siemens | 2 Simatic Pcs7, Simatic Wincc | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. | |||||
| CVE-2017-9941 | 1 Siemens | 1 Sipass Integrated | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication. | |||||
| CVE-2017-9945 | 1 Siemens | 2 7km Pac Switched Ethernet Profinet Expansion Module, 7km Pac Switched Ethernet Profinet Expansion Module Firmware | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover. | |||||
| CVE-2017-6865 | 1 Siemens | 16 Pcs 7, Primary Setup Tool, Security Configuration Tool and 13 more | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover. | |||||
| CVE-2017-2684 | 1 Siemens | 1 Simatic Logon | 2024-02-28 | 6.8 MEDIUM | 9.0 CRITICAL |
| Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. | |||||
| CVE-2016-8561 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2024-02-28 | 6.0 MEDIUM | 6.6 MEDIUM |
| A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. | |||||
| CVE-2015-7977 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | |||||
| CVE-2016-9159 | 1 Siemens | 21 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 314, Simatic S7-300 Cpu 315-2 Dp and 18 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. | |||||
| CVE-2016-8672 | 1 Siemens | 8 Simatic Cp 343-1, Simatic Cp 343-1 Firmware, Simatic Cp 443-1 and 5 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission. | |||||
| CVE-2016-8566 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | |||||