Skip to main content

Siemens

319 CVEs vendor

Monthly

CVE-2021-25676 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rm1224 Firmware Scalance M 800 Firmware Scalance S615 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25667 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Siemens Ruggedcom Rm1224 Firmware +14
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-25666 MEDIUM This Month

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Scalance W780 Firmware Scalance W740 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-25705 HIGH This Week

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Linux Authentication Bypass Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.4
EPSS
6.7%
CVE-2020-7579 MEDIUM This Month

A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Spectrum Power 5
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-13936 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-13935 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-13934 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-10942 HIGH This Week

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Scalance X 200 Firmware Scalance X 200Irt Firmware Scalance X 200Rna Firmware
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2019-10928 MEDIUM This Month

A vulnerability has been identified in SCALANCE SC-600 (V2.0). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Siemens Information Disclosure Scalance Sc 600 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2019-10927 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens Information Disclosure Scalance Xb 200 Firmware Scalance Xc 200 Firmware Scalance Xf 200Ba Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-10938 CRITICAL PATCH Act Now

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Siemens RCE Siprotec 5 Digsi Device Driver
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-6584 HIGH PATCH This Week

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Siemens Information Disclosure Logo 8 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-6571 HIGH PATCH This Week

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version <. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Siemens Logo 8 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-6567 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Siemens Information Disclosure Scalance X 200 Firmware Scalance X 200Irt Firmware Scalance X 300 Firmware +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11486 HIGH PATCH This Week

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. Rated high severity (CVSS 7.0).

Race Condition Linux Siemens Information Disclosure Linux Kernel +9
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2019-10953 HIGH This Week

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Denial Of Service Abb Schneider Electric
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2018-16561 HIGH This Week

A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic S7 300 Firmware Simatic S7 300F Firmware Simatic S7 300Fs Firmware +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2018-16555 MEDIUM This Month

A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions <. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Scalance S602 Firmware Scalance S612 Firmware Scalance S623 Firmware +1
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-13807 HIGH This Week

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance X408 Firmware Scalance X300 Firmware Scalance X414 Firmware
NVD
CVSS 3.0
8.6
EPSS
4.2%
CVE-2018-13806 HIGH This Week

A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Td Keypad Designer
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-11450 MEDIUM POC This Month

A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siemens Teamcenter Product Lifecycle Management
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-4858 HIGH This Week

A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft RCE Siemens Ec 61850 System Configurator Firmware +5
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2018-4861 MEDIUM This Month

A vulnerability has been identified in SCALANCE M875 (All versions). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Scalance M875 Firmware
NVD
CVSS 3.0
4.9
EPSS
1.9%
CVE-2018-4860 HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Command Injection Scalance M875 Firmware
NVD
CVSS 3.0
7.2
EPSS
3.7%
CVE-2018-4859 HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Command Injection Scalance M875 Firmware
NVD
CVSS 3.0
7.2
EPSS
3.7%
CVE-2018-4846 CRITICAL Act Now

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Rapidpoint 400 Firmware Rapidpoint 500 Firmware Rapidlab 1200 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-4845 HIGH This Week

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Rapidpoint 400 Firmware Rapidpoint 500 Firmware Rapidlab 1200 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2018-11449 HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Siemens Scalance M875 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11448 MEDIUM This Month

A vulnerability has been identified in SCALANCE M875 (All versions). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS Siemens Scalance M875 Firmware
NVD
CVSS 3.0
4.8
EPSS
0.3%
CVE-2018-11447 HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Buffer Overflow Stack Overflow Scalance M875 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-4848 MEDIUM This Month

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Scalance X300 Firmware Scalance X 200 Irt Firmware Scalance X 200 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-4842 MEDIUM This Month

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Scalance X200Irt Firmware Scalance X300 Firmware Scalance X200 Firmware
NVD
CVSS 3.0
4.8
EPSS
0.8%
CVE-2018-4833 HIGH This Week

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Siemens Rfid 181 Eip Firmware +8
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-4849 HIGH This Week

A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Siemens Apple Siveillance Vms Video
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2018-4847 MEDIUM This Month

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Apple Simatic Wincc Oa Operator
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2018-4841 CRITICAL Act Now

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Tim 1531 Irc Firmware
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2018-4844 MEDIUM This Month

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Siemens Apple Simatic Wincc Oa Ui
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2017-9944 CRITICAL Act Now

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure 7Kt Pac1200 Data Manager Firmware
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2017-12740 MEDIUM This Month

Siemens LOGO!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Information Disclosure Logo Soft Comfort
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-12739 CRITICAL Act Now

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Siemens Sm 2556 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2017-12738 MEDIUM This Month

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Sm 2556 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12737 MEDIUM This Month

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure Sm 2556 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-14023 MEDIUM This Month

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Pcs7 Simatic Wincc
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2017-9947 MEDIUM POC This Month

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Siemens
NVD VulDB
CVSS 3.1
5.3
EPSS
8.5%
CVE-2017-9946 HIGH POC This Week

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Siemens Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2017-9945 MEDIUM This Month

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure 7Km Pac Switched Ethernet Profinet Expansion Module Firmware
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-12734 HIGH PATCH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Logo 8 Bm Fs 05 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-12069 HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 Wincc Local Discovery Server +1
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-9942 HIGH This Week

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Siemens Information Disclosure Sipass Integrated
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9941 HIGH This Week

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Information Disclosure Sipass Integrated
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2017-9940 HIGH This Week

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Privilege Escalation Sipass Integrated
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2017-9939 CRITICAL Act Now

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sipass Integrated
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-9938 HIGH This Week

A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Siemens Simatic Logon
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2017-6873 HIGH This Week

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Ozw772 Firmware Ozw672 Firmware
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2017-6872 MEDIUM This Month

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ozw772 Firmware Ozw672 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6871 MEDIUM This Month

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Siemens Google Authentication Bypass Simatic Wincc Sm Rtclient Simatic Wincc Sm Rtclient Lite
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-6870 HIGH This Week

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Google Information Disclosure Simatic Wincc Sm Rtclient
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2017-6869 CRITICAL Act Now

A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens RCE Microsoft Authentication Bypass Viewport For Web Office Portal
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2017-6866 MEDIUM This Month

A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Xhq Server
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6868 HIGH This Week

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Simatic Cp 44X 1 Redundant Network Access Modules
NVD
CVSS 3.0
8.1
EPSS
4.2%
CVE-2017-6867 MEDIUM This Month

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Siemens Simatic Wincc Simatic Wincc Tia Portal +1
NVD
CVSS 3.0
4.9
EPSS
0.6%
CVE-2017-6864 MEDIUM This Month

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Rox I
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-2689 HIGH This Week

Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rox I
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-2688 HIGH This Week

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Ruggedcom Rox I
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-2687 MEDIUM This Month

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Rox I
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2686 MEDIUM This Month

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rox I
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-2685 HIGH This Week

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Information Disclosure Sinumerik Integrate Access Mymachine Ethernet Sinumerik Integrate Operate Client Sinumerik Operate
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2017-2683 HIGH This Week

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Network Management Software
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2017-2682 HIGH This Week

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Ruggedcom Network Management Software
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-2684 CRITICAL Act Now

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Simatic Logon
NVD
CVSS 3.0
9.0
EPSS
1.3%
CVE-2016-8567 CRITICAL Act Now

An issue was discovered in Siemens SICAM PAS before 8.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sicam Pas Pqs
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2016-8566 HIGH This Week

An issue was discovered in Siemens SICAM PAS before 8.00. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sicam Pas Pqs
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-7987 HIGH This Week

An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure Eta4 Firmware Eta2 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-9154 HIGH This Week

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Desigo Web Module Pxa30 W0 Firmware Desigo Web Module Pxa30 W1 Firmware Desigo Web Module Pxa30 W2 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-9160 HIGH This Week

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Pcs 7 Simatic Wincc
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-9157 CRITICAL Act Now

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Siemens Sicam Pas Pqs
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2016-9156 HIGH This Week

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Sicam Pas Pqs
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2016-9155 CRITICAL PATCH Act Now

The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Authentication Bypass Ccid1445 Dn18 Firmware Ccid1445 Dn28 Firmware Ccid1445 Dn36 Firmware +12
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-8565 CRITICAL PATCH Act Now

Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Authentication Bypass Automation License Manager
NVD
CVSS 3.0
9.1
EPSS
1.0%
CVE-2016-8564 MEDIUM PATCH This Month

SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Siemens Automation License Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-8563 HIGH PATCH This Week

Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Siemens Automation License Manager
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-7960 LOW PATCH Monitor

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 3.0
2.5
EPSS
0.1%
CVE-2016-7959 MEDIUM This Month

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-7090 MEDIUM This Month

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Siemens Scalance M 800 Firmware Scalance S615 Firmware
NVD
CVSS 3.0
4.0
EPSS
0.3%
CVE-2016-6486 HIGH This Week

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Sinema Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6204 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Sinema Remote Connect Server
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5874 HIGH This Week

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Net Pc Software
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-5744 HIGH This Week

Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Wincc
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-5743 CRITICAL Act Now

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.8% and no vendor patch available.

RCE Siemens Simatic Batch Simatic Wincc Simatic Openpcs 7
NVD
CVSS 3.0
9.8
EPSS
17.8%
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rm1224 Firmware +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow +16
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Scalance W780 Firmware +1
NVD
EPSS 7% CVSS 7.4
HIGH This Week

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Linux Authentication Bypass +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Spectrum Power 5
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Polarion
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Scalance X 200 Firmware +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

A vulnerability has been identified in SCALANCE SC-600 (V2.0). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Siemens Information Disclosure Scalance Sc 600 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Siemens Information Disclosure Scalance Xb 200 Firmware +4
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Siemens RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Siemens Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version <. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Siemens Logo 8 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Siemens Information Disclosure Scalance X 200 Firmware +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. Rated high severity (CVSS 7.0).

Race Condition Linux Siemens +11
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Denial Of Service Abb +1
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic S7 300 Firmware +3
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions <. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Scalance S602 Firmware +3
NVD
EPSS 4% CVSS 8.6
HIGH This Week

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance X408 Firmware +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Td Keypad Designer
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siemens Teamcenter Product Lifecycle Management
NVD GitHub
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft RCE +7
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

A vulnerability has been identified in SCALANCE M875 (All versions). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Scalance M875 Firmware
NVD
EPSS 4% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Command Injection +1
NVD
EPSS 4% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Command Injection +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Rapidpoint 400 Firmware +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siemens Rapidpoint 400 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Siemens Scalance M875 Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

A vulnerability has been identified in SCALANCE M875 (All versions). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS Siemens +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Buffer Overflow +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Scalance X300 Firmware +2
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Scalance X200Irt Firmware +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow +10
NVD
EPSS 1% CVSS 7.4
HIGH This Week

A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Siemens +2
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Apple +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Tim 1531 Irc Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Siemens +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure 7Kt Pac1200 Data Manager Firmware
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Siemens LOGO!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Information Disclosure Logo Soft Comfort
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Siemens Sm 2556 Firmware
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Sm 2556 Firmware
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure Sm 2556 Firmware
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Pcs7 +1
NVD
EPSS 8% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Siemens
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Siemens Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure 7Km Pac Switched Ethernet Profinet Expansion Module Firmware
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been identified in LOGO!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Logo 8 Bm Fs 05 Firmware
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Siemens XXE Simatic Pcs7 +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Siemens Information Disclosure Sipass Integrated
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Information Disclosure Sipass Integrated
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Privilege Escalation Sipass Integrated
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sipass Integrated
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Siemens +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Ozw772 Firmware +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ozw772 Firmware +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Siemens Google Authentication Bypass +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Google Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens RCE Microsoft +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Xhq Server
NVD
EPSS 4% CVSS 8.1
HIGH This Week

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Simatic Cp 44X 1 Redundant Network Access Modules
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Siemens +3
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Rox I
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rox I
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Ruggedcom Rox I
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Rox I
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Ruggedcom Rox I
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Information Disclosure Sinumerik Integrate Access Mymachine Ethernet +2
NVD
EPSS 0% CVSS 8.2
HIGH This Week

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Ruggedcom Network Management Software
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens CSRF Ruggedcom Network Management Software
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Authentication Bypass Simatic Logon
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Siemens SICAM PAS before 8.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sicam Pas Pqs
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in Siemens SICAM PAS before 8.00. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sicam Pas Pqs
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure Eta4 Firmware +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Desigo Web Module Pxa30 W0 Firmware +5
NVD
EPSS 0% CVSS 8.1
HIGH This Week

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Pcs 7 +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Siemens +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Sicam Pas Pqs
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Authentication Bypass Ccid1445 Dn18 Firmware +14
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Authentication Bypass Automation License Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Siemens Automation License Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Siemens Automation License Manager
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Siemens Simatic Step 7
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Siemens Simatic Step 7
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Siemens Scalance M 800 Firmware +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Siemens Sinema Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Sinema Remote Connect Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Net Pc Software
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Simatic Wincc
NVD
EPSS 18% CVSS 9.8
CRITICAL Act Now

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.8% and no vendor patch available.

RCE Siemens Simatic Batch +2
NVD
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy