Filtered by vendor Siemens
Subscribe
Total
1761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18508 | 2 Mozilla, Siemens | 17 Network Security Services, Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware and 14 more | 2021-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | |||||
| CVE-2021-25666 | 1 Siemens | 4 Scalance W740, Scalance W740 Firmware, Scalance W780 and 1 more | 2021-02-12 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time. | |||||
| CVE-2020-10048 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2021-02-11 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication. | |||||
| CVE-2019-6567 | 1 Siemens | 8 Scalance X-200, Scalance X-200 Firmware, Scalance X-200irt and 5 more | 2021-02-09 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. | |||||
| CVE-2020-28390 | 1 Siemens | 1 Opcenter Execution Core | 2021-01-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users. | |||||
| CVE-2017-12735 | 1 Siemens | 2 Logo\!, Logo\! 8 Bm Firmware | 2020-12-23 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. | |||||
| CVE-2020-7589 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2020-15796 | 1 Siemens | 4 Simatic Et 200sp Open Controller, Simatic Et 200sp Open Controller Firmware, Simatic S7-1500 Software Controller and 1 more | 2020-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request. | |||||
| CVE-2020-25228 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port. | |||||
| CVE-2020-25230 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device. | |||||
| CVE-2020-25231 | 1 Siemens | 3 Logo\! 8 Bm, Logo\! 8 Bm Firmware, Logo\! Soft Comfort | 2020-12-16 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files. | |||||
| CVE-2020-25232 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp. | |||||
| CVE-2020-25233 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. | |||||
| CVE-2020-25234 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 3.6 LOW | 7.7 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files. | |||||
| CVE-2020-25235 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins. | |||||
| CVE-2019-19283 | 1 Siemens | 1 Xhq | 2020-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place. | |||||
| CVE-2019-19287 | 1 Siemens | 1 Xhq | 2020-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication. | |||||
| CVE-2019-19289 | 1 Siemens | 1 Xhq | 2020-12-15 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. | |||||
| CVE-2019-19286 | 1 Siemens | 1 Xhq | 2020-12-15 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. | |||||
| CVE-2019-19284 | 1 Siemens | 1 Xhq | 2020-12-15 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. | |||||