Skip to main content

Siemens

319 CVEs vendor

Monthly

CVE-2026-47192 PyPI LOW PATCH GHSA Monitor

Late signature validation in Siemens kas (pip/kas >= 4.8, < 5.3) allows an attacker who has already compromised a referenced upstream repository to substitute the cryptographic key used to validate that repository's tag signatures, effectively bypassing integrity checks entirely. Because kas processes and applies configuration includes from external repositories before verifying their signatures, a malicious repository can redirect the signature-validation key to one under attacker control. No public exploit code has been identified at time of analysis, and exploitation requires a highly specific multi-condition scenario including prior supply-chain access to a referenced upstream repo. Vendor-released patch version 5.3 resolves all related attack vectors.

Information Disclosure Jwt Attack Siemens
NVD GitHub
EPSS
0.0%
CVE-2026-47191 PyPI LOW PATCH GHSA Monitor

Integrity bypass in Siemens kas (pip/kas < 5.3) allows an attacker who controls a referenced external git repository to substitute arbitrary commit content by creating a branch whose name matches the commit SHA recorded in a kas configuration file. Because kas passed the raw SHA string to `git checkout` without forcing disambiguation to a commit object, git resolves a branch of that name instead of the pinned commit, defeating the integrity guarantee users rely on. The primary impact falls on SHA-256 commit IDs; SHA-1 commits face a related but distinct risk through hash-collision substitution. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV.

Jwt Attack Information Disclosure Siemens
NVD GitHub
EPSS
0.0%
CVE-2025-40745 MEDIUM CISA This Month

Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments.

Information Disclosure Siemens Siemens Software Center Simcenter 3D Simcenter Femap +4
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-40827 HIGH This Month

A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens RCE
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-1384 HIGH This Week

CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.

Authentication Bypass Siemens RCE Privilege Escalation
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-39202 HIGH This Week

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows authenticated users with low privileges to read and overwrite arbitrary files, leading to information disclosure and data corruption. The vulnerability affects the SYS600 product line and requires local access with valid credentials; while the CVSS score of 7.3 indicates moderate-to-high severity, real-world exploitability depends on whether this vulnerability has been added to CISA's KEV catalog or has publicly available proof-of-concept code.

Siemens SCADA Information Disclosure Path Traversal Microscada X Sys600
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-40591 HIGH This Week

A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Command Injection Siemens RCE Information Disclosure Privilege Escalation +1
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-40569 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Configuration from Local PC" functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful exploitation requires that a legitimate administrator invokes the functionality and the attacker wins the race condition.

Siemens Race Condition Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-40568 MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Siemens Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-40567 MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Siemens Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-41797 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.

Siemens Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-13967 HIGH This Week

CVE-2024-13967 is an authentication bypass vulnerability in EIBPORT V3 KNX web server that allows unauthenticated attackers to access sensitive configuration pages through the integrated web interface. Affects EIBPORT V3 KNX and EIBPORT V3 KNX GSM through version 3.9.8. Successful exploitation enables complete compromise of the device including confidentiality, integrity, and availability of configuration settings and potentially the entire KNX installation.

Authentication Bypass Siemens Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-40583 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.7
EPSS
0.0%
CVE-2025-40582 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-40581 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-40580 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.4). No vendor patch available.

Stack Overflow Buffer Overflow RCE Siemens Denial Of Service +1
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-40579 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.4). No vendor patch available.

Stack Overflow Buffer Overflow RCE Siemens Denial Of Service +1
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-40578 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-40577 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-40576 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Siemens Denial Of Service Scalance Lpe9403 Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-40575 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Denial Of Service Scalance Lpe9403 Firmware
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-40574 HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-40573 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.7
EPSS
0.1%
CVE-2025-40572 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-30000 MEDIUM This Month

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). Rated medium severity (CVSS 5.4). No vendor patch available.

Siemens Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-29999 MEDIUM This Month

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). Rated medium severity (CVSS 5.4). No vendor patch available.

Siemens RCE Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2024-54092 CRITICAL Act Now

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-27398 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. [CVSS 2.7 LOW]

Command Injection Siemens
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-27397 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. [CVSS 3.8 LOW]

Path Traversal Siemens
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-27396 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. [CVSS 8.8 HIGH]

Privilege Escalation Siemens
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-27395 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. [CVSS 7.2 HIGH]

Path Traversal Siemens
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-27394 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-27393 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-27392 HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-23384 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2.1), SCALANCE SC-600 family (All versions). [CVSS 3.7 LOW]

Information Disclosure Siemens
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-24532 MEDIUM This Month

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24499 HIGH This Week

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2024-50572 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-50561 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-50560 LOW PATCH Monitor

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable.

Information Disclosure Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
2.3
EPSS
0.3%
CVE-2024-50559 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-50558 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Siemens Denial Of Service Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware +24
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-50557 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

RCE Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
8.6
EPSS
0.9%
CVE-2024-41978 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-41977 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
7.3
EPSS
0.4%
CVE-2024-41976 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
8.6
EPSS
0.8%
CVE-2024-30191 HIGH This Week

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-30190 MEDIUM This Month

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-30189 MEDIUM This Month

A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-49692 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware +17
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2023-49691 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware +17
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2023-46590 HIGH PATCH This Week

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Siemens Siemens Opc Ua Modeling Editor
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-44374 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 4.0
7.1
EPSS
0.7%
CVE-2023-44322 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-44320 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-44319 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2023-44317 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Scalance Xb208 E Ip Firmware Scalance Xb208 Pn Firmware Scalance Xb216 E Ip Firmware +66
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2023-27410 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2023-27409 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-27408 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-27407 CRITICAL Act Now

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.3%
CVE-2023-29054 HIGH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Siemens Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware Scalance X201 3P Irt Pro Firmware +10
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2022-46355 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Siemens Information Disclosure 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-46354 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Authentication Bypass 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-46353 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-46352 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Siemens Denial Of Service 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-46351 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Siemens Denial Of Service 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46350 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens XSS 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46144 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Siemens Information Disclosure 6Gk5622 2Gs00 2Ac2 Firmware 6Gk5626 2Gs00 2Ac2 Firmware 6Gk5632 2Gs00 2Ac2 Firmware +3
NVD
CVSS 4.0
7.1
EPSS
0.9%
CVE-2022-2069 HIGH This Week

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Heap Overflow Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-40631 MEDIUM This Month

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware Scalance X201 3P Irt Pro Firmware +27
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-31766 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Ruggedcom Rm1224 Firmware Scalance M804Pb Firmware Scalance M812 1 Firmware +13
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-34821 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Siemens RCE Code Injection Simatic Cp 1242 7 V2 Firmware Simatic Cp 1243 1 Firmware +13
NVD
CVSS 4.0
8.8
EPSS
2.2%
CVE-2022-26649 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X204 2 Firmware Scalance X204 2Fm Firmware Scalance X204 2Ld Firmware +26
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2022-26648 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X204 2 Firmware Scalance X204 2Fm Firmware Scalance X204 2Ld Firmware +26
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2022-26647 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware Scalance X201 3P Irt Pro Firmware +26
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28329 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Siemens Scalance W1788 2Ia M12 Firmware Scalance W1788 2 M12 Firmware Scalance W1788 2 Eec M12 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-28328 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Siemens Scalance W1788 2Ia M12 Firmware Scalance W1788 2 M12 Firmware Scalance W1788 2 Eec M12 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-27481 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Denial Of Service Race Condition Siemens Scalance W1788 2Ia M12 Firmware Scalance W1788 2 M12 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-26380 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Siemens Buffer Overflow Information Disclosure Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware +21
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-26335 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-26334 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-25756 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens XSS Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25755 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Siemens Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-25754 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Siemens CSRF Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-25753 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Siemens Stack Overflow Buffer Overflow Scalance X302 7Eec Firmware +22
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-25752 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-25751 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Siemens Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25669 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Siemens RCE Stack Overflow Scalance X200 4P Irt Firmware +28
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-25668 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Siemens Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware +27
NVD
CVSS 3.1
9.8
EPSS
1.6%
EPSS 0%
LOW PATCH Monitor

Late signature validation in Siemens kas (pip/kas >= 4.8, < 5.3) allows an attacker who has already compromised a referenced upstream repository to substitute the cryptographic key used to validate that repository's tag signatures, effectively bypassing integrity checks entirely. Because kas processes and applies configuration includes from external repositories before verifying their signatures, a malicious repository can redirect the signature-validation key to one under attacker control. No public exploit code has been identified at time of analysis, and exploitation requires a highly specific multi-condition scenario including prior supply-chain access to a referenced upstream repo. Vendor-released patch version 5.3 resolves all related attack vectors.

Information Disclosure Jwt Attack Siemens
NVD GitHub
EPSS 0%
LOW PATCH Monitor

Integrity bypass in Siemens kas (pip/kas < 5.3) allows an attacker who controls a referenced external git repository to substitute arbitrary commit content by creating a branch whose name matches the commit SHA recorded in a kas configuration file. Because kas passed the raw SHA string to `git checkout` without forcing disambiguation to a commit object, git resolves a branch of that name instead of the pinned commit, defeating the integrity guarantee users rely on. The primary impact falls on SHA-256 commit IDs; SHA-1 commits face a related but distinct risk through hash-collision substitution. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV.

Jwt Attack Information Disclosure Siemens
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

Improper TLS certificate validation in Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025/SE2026, and Tecnomatix Plant Simulation allows unauthenticated remote attackers to perform man-in-the-middle attacks against the Analytics Service endpoint. An attacker positioned on the network path can intercept and decrypt communications, potentially disclosing sensitive information. CVSS 3.7 reflects low-severity impact; no public exploit or active exploitation confirmed, but the low attack complexity and network vector indicate practical exploitability in targeted enterprise environments.

Information Disclosure Siemens Siemens Software Center +6
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Month

A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens RCE
NVD
EPSS 0% CVSS 7.0
HIGH This Week

CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.

Authentication Bypass Siemens RCE +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows authenticated users with low privileges to read and overwrite arbitrary files, leading to information disclosure and data corruption. The vulnerability affects the SYS600 product line and requires local access with valid credentials; while the CVSS score of 7.3 indicates moderate-to-high severity, real-world exploitability depends on whether this vulnerability has been added to CISA's KEV catalog or has publicly available proof-of-concept code.

Siemens SCADA Information Disclosure +2
NVD
EPSS 0% CVSS 7.7
HIGH This Week

A security vulnerability in A vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Command Injection Siemens RCE +3
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Configuration from Local PC" functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful exploitation requires that a legitimate administrator invokes the functionality and the attacker wins the race condition.

Siemens Race Condition Information Disclosure
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Siemens Authentication Bypass
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Siemens Authentication Bypass
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.

Siemens Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

CVE-2024-13967 is an authentication bypass vulnerability in EIBPORT V3 KNX web server that allows unauthenticated attackers to access sensitive configuration pages through the integrated web interface. Affects EIBPORT V3 KNX and EIBPORT V3 KNX GSM through version 3.9.8. Successful exploitation enables complete compromise of the device including confidentiality, integrity, and availability of configuration settings and potentially the entire KNX installation.

Authentication Bypass Siemens Information Disclosure
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 8.5
HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 8.4
HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.4). No vendor patch available.

Stack Overflow Buffer Overflow RCE +3
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.4). No vendor patch available.

Stack Overflow Buffer Overflow RCE +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Siemens +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Siemens +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Siemens Denial Of Service +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Denial Of Service Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 8.5
HIGH This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). Rated medium severity (CVSS 5.4). No vendor patch available.

Siemens Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). Rated medium severity (CVSS 5.4). No vendor patch available.

Siemens RCE Privilege Escalation
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens
NVD
EPSS 0% CVSS 2.7
LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. [CVSS 2.7 LOW]

Command Injection Siemens
NVD
EPSS 0% CVSS 3.8
LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. [CVSS 3.8 LOW]

Path Traversal Siemens
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. [CVSS 8.8 HIGH]

Privilege Escalation Siemens
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. [CVSS 7.2 HIGH]

Path Traversal Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2.1), SCALANCE SC-600 family (All versions). [CVSS 3.7 LOW]

Information Disclosure Siemens
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable.

Information Disclosure Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Siemens Denial Of Service +26
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

RCE Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 8.4
HIGH This Week

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens 6Gk6108 4Am00 2Ba2 Firmware +19
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens 6Gk6108 4Am00 2Ba2 Firmware +19
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Siemens Siemens Opc Ua Modeling Editor
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Siemens 6Gk5205 3Bb00 2Ab2 Firmware +70
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware +70
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware +70
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware +70
NVD
EPSS 0% CVSS 8.6
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Scalance Xb208 E Ip Firmware +68
NVD
EPSS 1% CVSS 2.7
LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Siemens Scalance Lpe9403 Firmware
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Siemens Scalance X200 4P Irt Firmware +12
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Siemens Information Disclosure 6Gk5204 0Ba00 2Mb2 Firmware +4
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Authentication Bypass 6Gk5204 0Ba00 2Mb2 Firmware +4
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure 6Gk5204 0Ba00 2Mb2 Firmware +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Siemens Denial Of Service 6Gk5204 0Ba00 2Mb2 Firmware +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Siemens Denial Of Service 6Gk5204 0Ba00 2Mb2 Firmware +4
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens XSS 6Gk5204 0Ba00 2Mb2 Firmware +4
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Siemens Information Disclosure 6Gk5622 2Gs00 2Ac2 Firmware +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Heap Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Scalance X200 4P Irt Firmware +29
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Ruggedcom Rm1224 Firmware +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Siemens RCE Code Injection +15
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X204 2 Firmware +28
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X204 2 Firmware +28
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Scalance X200 4P Irt Firmware +28
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Siemens Scalance W1788 2Ia M12 Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Siemens Scalance W1788 2Ia M12 Firmware +3
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Denial Of Service Race Condition Siemens +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Siemens Buffer Overflow Information Disclosure +23
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X302 7Eec Firmware +22
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X302 7Eec Firmware +22
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens XSS Scalance X302 7Eec Firmware +22
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Siemens Scalance X302 7Eec Firmware +22
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Siemens CSRF Scalance X302 7Eec Firmware +22
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Siemens Stack Overflow +24
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Scalance X302 7Eec Firmware +22
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Siemens Scalance X302 7Eec Firmware +22
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Siemens RCE +30
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Siemens +29
NVD
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy