Skip to main content

Siemens

Vendor security scorecard – 319 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 949
319
CVEs
32
Critical
119
High
1
KEV
11
PoC
109
Unpatched C/H
23.2%
Patch Rate
1.7%
Avg EPSS

Severity Breakdown

CRITICAL
32
HIGH
119
MEDIUM
145
LOW
23

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2010-2568 Remote code execution in Windows Shell across XP through Windows 7 via malicious .LNK or .PIF shortcut files automatically processed when displayed in Windows Explorer. Confirmed actively exploited (CISA KEV) in 2010 Stuxnet campaign targeting Siemens WinCC SCADA systems, with 92.13% EPSS score reflecting historical widespread exploitation. Public exploits available. Originally weaponized as zero-day before Microsoft MS10-046 patch release. HIGH 7.8 92.1% 226
KEV PoC
CVE-2014-2908 Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.0%. MEDIUM 4.3 68.0% 110
PoC No patch
CVE-2015-2177 Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.6%. HIGH 7.5 50.6% 108
PoC No patch
CVE-2012-5409 AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%. CRITICAL 10.0 35.4% 105
PoC No patch
CVE-2014-5074 Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.9%. HIGH 7.1 12.9% 68
PoC
CVE-2016-5743 Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.8% and no vendor patch available. CRITICAL 9.8 17.8% 67
No patch
CVE-2013-4652 Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. CRITICAL 10.0 9.7% 60
No patch
CVE-2017-9946 A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.5 0.6% 58
PoC No patch
CVE-2015-1449 Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. CRITICAL 10.0 7.6% 58
No patch
CVE-2014-8551 The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. CRITICAL 10.0 5.8% 56
No patch
CVE-2017-9947 A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. MEDIUM 5.3 8.5% 55
PoC No patch
CVE-2013-4781 core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. CRITICAL 10.0 3.8% 54
No patch
CVE-2015-1448 The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. CRITICAL 10.0 3.4% 53
No patch
CVE-2016-3963 Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. MEDIUM 5.3 6.5% 53
PoC No patch
CVE-2017-12739 An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. CRITICAL 9.8 3.1% 52
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy