Vulnerabilities (CVE)

Filtered by vendor Siemens Subscribe
Total 1889 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-1597 1 Siemens 1 Spcanywhere 2024-11-21 6.8 MEDIUM N/A
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.
CVE-2015-1596 1 Siemens 1 Spcanywhere 2024-11-21 5.8 MEDIUM N/A
The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-1595 1 Siemens 1 Spcanywhere 2024-11-21 4.3 MEDIUM N/A
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.
CVE-2015-1594 1 Siemens 5 Simatic Cfc, Simatic Prosave, Simatic Step 7 and 2 more 2024-11-21 6.9 MEDIUM N/A
Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.
CVE-2015-1449 1 Siemens 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more 2024-11-21 10.0 HIGH N/A
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-1448 1 Siemens 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more 2024-11-21 10.0 HIGH N/A
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.
CVE-2015-1358 1 Siemens 1 Wincc 2024-11-21 5.0 MEDIUM N/A
The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.
CVE-2015-1357 1 Siemens 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more 2024-11-21 5.0 MEDIUM N/A
Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs.
CVE-2015-1356 1 Siemens 1 Simatic Step 7 2024-11-21 4.4 MEDIUM N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.
CVE-2015-1355 1 Siemens 1 Simatic Step 7 2024-11-21 2.1 LOW N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.
CVE-2015-1049 1 Siemens 10 Scalance X-200 Series Firmware, Scalance X201-3p Irt Pro, Scalance X201-3pirt and 7 more 2024-11-21 6.8 MEDIUM N/A
The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors.
CVE-2015-1048 1 Siemens 2 Simatic S7 1200 Cpu, Simatic S7 1200 Cpu Firmware 2024-11-21 4.3 MEDIUM N/A
Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2014-9369 1 Siemens 6 Spc4000, Spc4000 Firmware, Spc5000 and 3 more 2024-11-21 7.8 HIGH N/A
Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets.
CVE-2014-8552 1 Siemens 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more 2024-11-21 5.0 MEDIUM N/A
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.
CVE-2014-8551 1 Siemens 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more 2024-11-21 10.0 HIGH N/A
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.
CVE-2014-8479 1 Siemens 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more 2024-11-21 6.8 MEDIUM N/A
The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.
CVE-2014-8478 1 Siemens 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more 2024-11-21 7.8 HIGH N/A
The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.
CVE-2014-5233 2 Apple, Siemens 2 Iphone Os, Simatic Wincc Sm\@rtclient 2024-11-21 1.9 LOW N/A
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.
CVE-2014-5232 2 Apple, Siemens 2 Iphone Os, Simatic Wincc Sm\@rtclient 2024-11-21 1.9 LOW N/A
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.
CVE-2014-5231 2 Apple, Siemens 2 Iphone Os, Simatic Wincc Sm\@rtclient 2024-11-21 2.1 LOW N/A
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.