Filtered by vendor Siemens
Subscribe
Total
1761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44693 | 1 Siemens | 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more | 2023-09-12 | N/A | 4.9 MEDIUM |
| Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | |||||
| CVE-2021-40365 | 1 Siemens | 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more | 2023-09-12 | N/A | 7.5 HIGH |
| Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | |||||
| CVE-2023-39950 | 1 Siemens | 1 Efibootguard | 2023-08-22 | N/A | 5.2 MEDIUM |
| efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them. | |||||
| CVE-2018-3616 | 2 Intel, Siemens | 25 Active Management Technology Firmware, Converged Security Management Engine Firmware, Manageability Engine Firmware and 22 more | 2023-08-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. | |||||
| CVE-2018-3658 | 2 Intel, Siemens | 25 Active Management Technology Firmware, Converged Security Management Engine Firmware, Manageability Engine Firmware and 22 more | 2023-08-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. | |||||
| CVE-2018-3657 | 2 Intel, Siemens | 25 Active Management Technology Firmware, Converged Security Management Engine Firmware, Manageability Engine Firmware and 22 more | 2023-08-17 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. | |||||
| CVE-2021-41544 | 1 Siemens | 1 Software Center | 2023-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | |||||
| CVE-2023-38641 | 1 Siemens | 1 Sicam Toolbox Ii | 2023-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | |||||
| CVE-2022-39062 | 1 Siemens | 1 Sicam Toolbox Ii | 2023-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation. | |||||
| CVE-2023-28830 | 1 Siemens | 4 Jt2go, Solid Edge Se2022, Solid Edge Se2023 and 1 more | 2023-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2023-30796 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2023-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39419 | 1 Siemens | 1 Solid Edge | 2023-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-39549 | 1 Siemens | 1 Solid Edge | 2023-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562) | |||||
| CVE-2023-38683 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-08-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-38682 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-08-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-38681 | 1 Siemens | 1 Tecnomatix | 2023-08-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270) | |||||
| CVE-2023-38680 | 1 Siemens | 1 Tecnomatix | 2023-08-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132) | |||||
| CVE-2023-38679 | 1 Siemens | 1 Tecnomatix | 2023-08-14 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106) | |||||
| CVE-2023-30795 | 1 Siemens | 3 Jt Open, Jt Utilities, Parasolid | 2023-08-11 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2023-37373 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-08-10 | N/A | 7.5 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system. | |||||