MidnightBSD

Advisories for siemens

CVE-1999-0017 HIGH

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu inet 5.01
ibm aix 4.3
caldera openlinux 1.2
sun sunos 5.4
sco unixware 2.1
freebsd freebsd 1.2
ibm aix 4.2
gnu inet 6.01
freebsd freebsd 2.0
sun sunos 5.3
freebsd freebsd 1.0
sun sunos 4.1.3u1
freebsd freebsd 1.1
freebsd freebsd 2.1.7
netbsd netbsd 1.2.1
gnu inet 6.02
siemens reliant_unix *
ibm aix 4.1
ibm aix 3.2
netbsd netbsd 1.0
sco open_desktop 3.0
sco openserver 5.0.4
washington_university wu-ftpd 2.4
sun sunos 4.1.4
sun sunos 5.5
sun sunos 5.5.1
freebsd freebsd 2.1.0
netbsd netbsd 1.2
netbsd netbsd 1.1
CVE-2000-0964 HIGH

Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens hinet_lp 5100.0
CVE-2001-0384 LOW

ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens reliant_unix *
CVE-2001-0411 MEDIUM

Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens reliant_unix 5.44
CVE-2002-0122 MEDIUM

Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens 3568i_wap 0.0
CVE-2002-1484 HIGH

DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-918,

Products Affected

Vendor Product Version
siemens db4web 3.6
siemens db4web 3.4
CVE-2002-20001 MEDIUM

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
f5 big-ip_advanced_firewall_manager *
f5 big-ip_carrier-grade_nat *
f5 big-ip_domain_name_system *
f5 big-ip_application_security_manager *
f5 big-ip_application_visibility_and_reporting *
f5 big-ip_ssl_orchestrator 17.5.0
f5 f5os-c 1.8.0
f5 big-ip_webaccelerator *
f5 big-ip_edge_gateway 17.5.0
hpe arubaos-cx *
f5 f5os-c 1.8.1
f5 big-ip_global_traffic_manager 17.5.0
f5 big-ip_edge_gateway *
f5 big-ip_analytics *
f5 traffix_signaling_delivery_controller 5.2.0
f5 big-ip_application_visibility_and_reporting 17.5.0
suse linux_enterprise_server 15
f5 big-ip_policy_enforcement_manager 17.5.0
f5 big-ip_global_traffic_manager *
f5 big-iq_centralized_management *
f5 f5os-c *
f5 f5os-c 1.5.1
f5 big-ip_webaccelerator 17.5.0
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_websafe 17.5.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_advanced_firewall_manager 17.5.0
f5 f5os-a 1.8.0
f5 f5os-a 1.3.1
f5 big-ip_advanced_web_application_firewall 17.5.0
f5 big-ip_domain_name_system 17.5.0
f5 big-ip_service_proxy 1.6.0
f5 big-ip_advanced_web_application_firewall *
f5 big-ip_ddos_hybrid_defender *
f5 big-ip_local_traffic_manager 17.5.0
f5 big-ip_link_controller *
f5 big-ip_ddos_hybrid_defender 17.5.0
f5 f5os-c 1.5.0
f5 big-ip_carrier-grade_nat 17.5.0
siemens scalance_w1750d_firmware *
f5 f5os-a *
f5 traffix_sdc 5.1.0
f5 traffix_sdc 5.2.0
f5 f5os-a 1.3.0
f5 big-ip_ssl_orchestrator *
f5 big-ip_analytics 17.5.0
balasys dheater -
f5 big-ip_websafe *
f5 traffix_signaling_delivery_controller 5.1.0
f5 big-ip_fraud_protection_service 17.5.0
f5 big-iq_centralized_management 7.1.0
stormshield stormshield_network_security *
suse linux_enterprise_server 12
f5 big-ip_application_acceleration_manager 17.5.0
suse linux_enterprise_server 11
stormshield stormshield_management_center *
f5 big-ip_application_security_manager 17.5.0
f5 big-ip_link_controller 17.5.0
CVE-2003-0190 MEDIUM

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
siemens scalance_x204rna_firmware *
openbsd openssh 3.4p1
openbsd openssh 3.6.1
openpkg openpkg 1.2
openbsd openssh *
openbsd openssh 3.6.1p1
openpkg openpkg 1.3
siemens scalance_x204rna_ecc_firmware *
CVE-2003-1464 HIGH

Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens m45 *
siemens s45 *
CVE-2004-2626 LOW

GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens s55 09.2179
CVE-2005-2424 HIGH

The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens santis_50 4.2.8.0
CVE-2006-3344 HIGH

Siemens Speedstream Wireless Router 2624 allows local users to bypass authentication and access protected files by using the Universal Plug and Play UPnP/1.0 component.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens speedstream_wireless_router 2624
CVE-2006-3907 MEDIUM

Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens speedstream_wireless_router 2624
CVE-2010-2772 MEDIUM

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
siemens simatic_wincc 6.2
siemens simatic_wincc 7.0
siemens simatic_pcs_7 6.0
siemens simatic_pcs_7 6.1
siemens simatic_pcs_7 7.0
siemens simatic_pcs_7 7.1
CVE-2011-3321 HIGH

Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_wincc_flexible_runtime *
siemens simatic_wincc_runtime -
CVE-2011-3389 MEDIUM

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
siemens simatic_rf615r_firmware *
redhat enterprise_linux_server 5.0
mozilla firefox -
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.04
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
microsoft internet_explorer -
siemens simatic_rf68xr_firmware *
haxx curl *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
google chrome -
canonical ubuntu_linux 10.10
microsoft windows -
redhat enterprise_linux_eus 6.2
debian debian_linux 5.0
canonical ubuntu_linux 11.10
redhat enterprise_linux_server_aus 6.2
debian debian_linux 6.0
opera opera_browser -
CVE-2011-4055 HIGH

Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens tecnomatix_factorylink 7.5.217
siemens tecnomatix_factorylink 8.0.2.54
siemens tecnomatix_factorylink 6.6.1
CVE-2011-4056 MEDIUM

An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens tecnomatix_factorylink 7.5.217
siemens tecnomatix_factorylink 8.0.2.54
siemens tecnomatix_factorylink 6.6.1
CVE-2011-4508 HIGH

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc *
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4509 HIGH

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4510 MEDIUM

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc *
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4511 MEDIUM

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc *
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4512 MEDIUM

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc *
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4513 HIGH

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4514 HIGH

The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4529 HIGH

Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2011-4530 MEDIUM

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2011-4531 MEDIUM

Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2011-4532 MEDIUM

Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2011-4875 HIGH

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4876 HIGH

Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4877 HIGH

HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4878 HIGH

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc *
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2011-4879 HIGH

miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_hmi_panels tp
siemens simatic_hmi_panels comfort_panels
siemens wincc *
siemens wincc v11
siemens wincc_flexible_runtime *
siemens wincc_flexible 2007
siemens simatic_hmi_panels mobile_panels
siemens wincc_flexible 2008
siemens simatic_hmi_panels op
siemens wincc_runtime_advanced v11
siemens wincc_flexible 2005
siemens simatic_hmi_panels mp
siemens wincc_flexible 2004
CVE-2012-1799 HIGH

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens scalance_s612 v2
siemens scalance_s602 v2
siemens scalance_s_firmware 2.2.0
siemens scalance_s_firmware *
siemens scalance_s_firmware 2.1.0
siemens scalance_s613 v2
CVE-2012-1800 MEDIUM

Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens scalance_s612 v2
siemens scalance_s602 v2
siemens scalance_s_firmware 2.2.0
siemens scalance_s_firmware *
siemens scalance_s_firmware 2.1.0
siemens scalance_s613 v2
CVE-2012-1802 HIGH

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens scalance_x414-3e_firmware 2.2.0
siemens scalance_x414-3e_firmware *
siemens scalance_x-300_firmware 3.5.0
siemens scalance_x308-2m_firmware 3.5.0
siemens scalance_x414-3e_firmware 3.3.0
siemens scalance_x-300eec -
siemens scalance_xr-300 -
siemens scalance_x-300_firmware *
siemens scalance_x414-3e -
siemens scalance_xr-300_firmware 3.1.1
siemens scalance_x308-2m_firmware 3.1.1
siemens scalance_x308-2m -
siemens scalance_x-300eec_firmware *
siemens scalance_x-300_firmware 2.2.0
siemens scalance_x414-3e_firmware 3.0.2
siemens scalance_x-300_firmware 2.3.1
siemens scalance_x-300_firmware 3.0.0
siemens scalance_x-300 -
siemens scalance_x414-3e_firmware 1.2.2
siemens scalance_x414-3e_firmware 2.1.1
siemens scalance_x414-3e_firmware 3.4.0
siemens scalance_x-300_firmware 3.3.1
siemens scalance_x-300eec_firmware 3.5.0
siemens scalance_xr-300_firmware 3.5.0
siemens scalance_xr-300_firmware *
siemens scalance_x414-3e_firmware 2.3.2
siemens scalance_x414-3e_firmware 3.0.0
siemens scalance_x308-2m_firmware 3.5.2
siemens scalance_x414-3e_firmware 2.3.3
siemens scalance_x308-2m_firmware *
siemens scalance_x-300_firmware 3.5.1
CVE-2012-1803 HIGH

RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system *
CVE-2012-2441 HIGH

RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-521,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system *
CVE-2012-2595 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens wincc 7.0
CVE-2012-2596 MEDIUM

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
siemens wincc 7.0
CVE-2012-2597 MEDIUM

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens wincc 7.0
CVE-2012-2598 MEDIUM

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens wincc 7.0
CVE-2012-3003 MEDIUM

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens wincc 7.0
CVE-2013-0656 MEDIUM

Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_rf-manager 2008
siemens simatic_rf-manager_2008 *
CVE-2013-0659 HIGH

The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens cp_1616 -
siemens cp_1604 -
siemens cp_1604_firmware *
siemens cp_1616_firmware *
CVE-2013-0667 MEDIUM

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens wincc_tia_portal 11.0
CVE-2013-0668 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens wincc_tia_portal 11.0
CVE-2013-0669 MEDIUM

The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens wincc_tia_portal 11.0
CVE-2013-0670 MEDIUM

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens wincc_tia_portal 11.0
CVE-2013-0671 MEDIUM

Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens wincc_tia_portal 11.0
CVE-2013-0672 LOW

Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens wincc_tia_portal 11.0
CVE-2013-0674 MEDIUM

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2013-0675 MEDIUM

Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2013-0676 MEDIUM

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2013-0677 MEDIUM

The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2013-0678 MEDIUM

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc *
siemens simatic_pcs7 *
CVE-2013-0679 MEDIUM

Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2013-0700 HIGH

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1200_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_s7-1200_cpu_1215_fc_firmware *
CVE-2013-2780 HIGH

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1200_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_s7-1200_cpu_1215_fc_firmware *
CVE-2013-3633 HIGH

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens scalance_x201-3p_irt -
siemens scalance_xf204irt -
siemens scalance_x202-2p_irt -
siemens scalance_x200irt_firmware *
siemens scalance_x202-2irt -
siemens scalance_x200-4p_irt -
siemens scalance_x204irt -
CVE-2013-3634 HIGH

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_x201-3p_irt -
siemens scalance_xf204irt -
siemens scalance_x202-2p_irt -
siemens scalance_x200irt_firmware *
siemens scalance_x202-2irt -
siemens scalance_x200-4p_irt -
siemens scalance_x204irt -
CVE-2013-3927 MEDIUM

Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens comos 10.0
siemens comos 9.2
CVE-2013-3957 HIGH

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.1
siemens wincc *
siemens simatic_pcs7 8.0
siemens simatic_pcs7 *
CVE-2013-3958 HIGH

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.1
siemens wincc *
siemens simatic_pcs7 8.0
siemens simatic_pcs7 *
CVE-2013-3959 MEDIUM

The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.1
siemens wincc *
siemens simatic_pcs7 8.0
siemens simatic_pcs7 *
CVE-2013-4651 MEDIUM

Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
siemens scalance_w747-1 -
siemens scalance_w746-1 -
siemens scalance_w784-1 -
siemens scalance_w786-3pro -
siemens scalance_w744-1 -
siemens scalance_w746-1pro -
siemens scalance_w747-1rr -
siemens scalance_w788-1pro -
siemens scalance_w744-1pro -
siemens scalance_w788-2rr -
siemens scalance_w786-2rr -
siemens scalance_w786-1pro -
siemens scalance_w784-1rr -
siemens scalance_w788-1rr -
siemens scalance_w786-2pro -
siemens scalance_w700_series_firmware *
siemens scalance_w788-2pro -
CVE-2013-4652 HIGH

Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens scalance_w747-1 -
siemens scalance_w746-1 -
siemens scalance_w784-1 -
siemens scalance_w786-3pro -
siemens scalance_w744-1 -
siemens scalance_w746-1pro -
siemens scalance_w747-1rr -
siemens scalance_w788-1pro -
siemens scalance_w744-1pro -
siemens scalance_w788-2rr -
siemens scalance_w786-2rr -
siemens scalance_w786-1pro -
siemens scalance_w784-1rr -
siemens scalance_w788-1rr -
siemens scalance_w786-2pro -
siemens scalance_w700_series_firmware *
siemens scalance_w788-2pro -
CVE-2013-4778 HIGH

core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens openscape_session_border_controller 1r4.17.0
siemens enterprise_openscape_branch -
siemens openscape_session_border_controller 7r.0
CVE-2013-4779 MEDIUM

Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens openscape_session_border_controller 1r4.17.0
siemens enterprise_openscape_branch -
siemens openscape_session_border_controller 7r.0
CVE-2013-4780 HIGH

core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens openscape_session_border_controller 1r4.17.0
siemens enterprise_openscape_branch -
siemens openscape_session_border_controller 7r.0
CVE-2013-4781 HIGH

core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
siemens openscape_session_border_controller 1r4.17.0
siemens enterprise_openscape_branch -
siemens openscape_session_border_controller 7r.0
CVE-2013-4911 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
siemens wincc 11.0
siemens wincc 12.0
CVE-2013-4912 MEDIUM

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens wincc 11.0
siemens wincc 12.0
CVE-2013-4943 HIGH

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens comos 10.0
siemens comos 9.2
siemens comos 9.1
CVE-2013-5709 HIGH

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
siemens scalance_x201-3p_irt -
siemens scalance_x-200_series_firmware *
siemens scalance_x202-2p_irt -
siemens scalance_x-200rna -
siemens scalance_x202-2irt -
siemens scalance_x-200_series_firmware 4.3
siemens scalance_x-200 -
siemens scalance_x200-4p_irt -
siemens scalance_xf-200 -
siemens scalance_x204irt -
CVE-2013-5944 HIGH

The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens scalance_x-200irt -
siemens scalance_x-200_series_firmware *
siemens scalance_x-200_series_firmware 4.3
siemens scalance_x-200 -
CVE-2013-6840 MEDIUM

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens comos 10.1
siemens comos 9.2.0.6.10
siemens comos 10.0
siemens comos 10.0.3.0.4
siemens comos 9.2
CVE-2013-6920 HIGH

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens sinamics_g180 -
siemens sinamics_g120 -
siemens sinamics_g150 -
siemens sinamics_g130 -
siemens sinamics_g120d -
siemens sinamics_s/g_family_firmware *
siemens sinamics_g110 -
siemens sinamics_s120 -
siemens sinamics_s110 -
siemens sinamics_s150 -
siemens sinamics_s120cm -
siemens sinamics_g120c -
siemens sinamics_g120p -
siemens sinamics_g110d -
CVE-2013-6925 HIGH

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system *
CVE-2013-6926 HIGH

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system *
CVE-2014-0160 MEDIUM

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
mitel mivoice 1.3.2.2
mitel mivoice 1.1.2.5
intellian v60_firmware 1.25
mitel micollab 7.1
mitel micollab 7.3.0.104
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
siemens elan-8.2 *
redhat storage 2.1
redhat virtualization 6.0
debian debian_linux 8.0
siemens application_processing_engine_firmware 2.0
mitel micollab 7.2
siemens wincc_open_architecture 3.12
splunk splunk *
debian debian_linux 6.0
fedoraproject fedora 19
mitel mivoice 1.1.3.3
mitel micollab 7.3
redhat enterprise_linux_server_aus 6.5
siemens cp_1543-1_firmware 1.1
intellian v100_firmware 1.21
intellian v60_firmware 1.15
mitel micollab 6.0
mitel micollab 7.0
ricon s9922l_firmware 16.10.3(3794)
canonical ubuntu_linux 12.04
intellian v100_firmware 1.20
broadcom symantec_messaging_gateway 10.6.1
redhat gluster_storage 2.1
fedoraproject fedora 20
redhat enterprise_linux_workstation 6.0
opensuse opensuse 13.1
filezilla-project filezilla_server *
debian debian_linux 7.0
opensuse opensuse 12.3
canonical ubuntu_linux 13.10
openssl openssl *
redhat enterprise_linux_server_eus 6.5
canonical ubuntu_linux 12.10
broadcom symantec_messaging_gateway 10.6.0
mitel mivoice 1.2.0.11
mitel mivoice 1.4.0.102
redhat enterprise_linux_server_tus 6.5
siemens simatic_s7-1500t_firmware 1.5
intellian v100_firmware 1.24
siemens simatic_s7-1500_firmware 1.5
CVE-2014-0224 MEDIUM

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
redhat jboss_enterprise_web_platform 5.2.0
redhat jboss_enterprise_application_platform 5.2.0
redhat jboss_enterprise_web_server 2.0.1
fedoraproject fedora 20
opensuse opensuse 13.1
redhat enterprise_linux 6.0
filezilla-project filezilla_server *
siemens s7-1500_firmware *
siemens rox_firmware *
siemens application_processing_engine_firmware *
redhat storage 2.1
python python *
siemens cp1543-1_firmware *
redhat enterprise_linux 4
redhat enterprise_linux 5
openssl openssl *
nodejs node.js *
opensuse opensuse 13.2
mariadb mariadb *
redhat jboss_enterprise_application_platform 6.2.3
fedoraproject fedora 19
CVE-2014-1696 MEDIUM

Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
siemens simatic_wincc_open_architecture *
CVE-2014-1697 HIGH

The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_wincc_open_architecture *
CVE-2014-1698 MEDIUM

Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens simatic_wincc_open_architecture *
CVE-2014-1699 MEDIUM

Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
siemens simatic_wincc_open_architecture *
CVE-2014-1966 HIGH

The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system *
CVE-2014-2246 MEDIUM

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2247 MEDIUM

The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2248 MEDIUM

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2249 MEDIUM

Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2250 HIGH

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
siemens simatic_s7_cpu_1200_firmware 3.0
siemens simatic_s7_cpu_1215c -
siemens simatic_s7_cpu_1200_firmware *
siemens simatic_s7_cpu_1217c -
siemens simatic_s7_cpu-1211c -
siemens simatic_s7_cpu_1214c -
siemens simatic_s7_cpu_1212c -
CVE-2014-2251 HIGH

The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2252 MEDIUM

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
siemens simatic_s7_cpu_1200_firmware 3.0
siemens simatic_s7_cpu_1215c -
siemens simatic_s7_cpu_1200_firmware *
siemens simatic_s7_cpu_1217c -
siemens simatic_s7_cpu-1211c -
siemens simatic_s7_cpu_1214c -
siemens simatic_s7_cpu_1212c -
CVE-2014-2253 MEDIUM

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2254 HIGH

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
siemens simatic_s7_cpu_1200_firmware 3.0
siemens simatic_s7_cpu_1215c -
siemens simatic_s7_cpu_1200_firmware *
siemens simatic_s7_cpu_1217c -
siemens simatic_s7_cpu-1211c -
siemens simatic_s7_cpu_1214c -
siemens simatic_s7_cpu_1212c -
CVE-2014-2255 HIGH

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2256 HIGH

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
siemens simatic_s7_cpu_1200_firmware 3.0
siemens simatic_s7_cpu_1215c -
siemens simatic_s7_cpu_1200_firmware *
siemens simatic_s7_cpu_1217c -
siemens simatic_s7_cpu-1211c -
siemens simatic_s7_cpu_1214c -
siemens simatic_s7_cpu_1212c -
CVE-2014-2257 HIGH

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2258 HIGH

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
siemens simatic_s7_cpu_1200_firmware 3.0
siemens simatic_s7_cpu_1215c -
siemens simatic_s7_cpu_1200_firmware *
siemens simatic_s7_cpu_1217c -
siemens simatic_s7_cpu-1211c -
siemens simatic_s7_cpu_1214c -
siemens simatic_s7_cpu_1212c -
CVE-2014-2259 HIGH

Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1500_cpu_firmware 1.1.0
CVE-2014-2590 MEDIUM

The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system *
CVE-2014-2731 HIGH

Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinema_server *
CVE-2014-2732 MEDIUM

Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens sinema_server *
CVE-2014-2733 MEDIUM

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens sinema_server *
CVE-2014-2908 MEDIUM

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens simatic_s7_cpu_1200_firmware 3.0
siemens simatic_s7_cpu_1215c -
siemens simatic_s7_cpu_1200_firmware 3.0.2
siemens simatic_s7_cpu_1217c -
siemens simatic_s7_cpu-1211c -
siemens simatic_s7_cpu_1214c -
siemens simatic_s7_cpu_1200_firmware 2.0
siemens simatic_s7_cpu_1212c -
CVE-2014-2909 MEDIUM

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
siemens simatic_s7_cpu_1200_firmware 3.0
siemens simatic_s7_cpu_1215c -
siemens simatic_s7_cpu_1200_firmware 3.0.2
siemens simatic_s7_cpu_1217c -
siemens simatic_s7_cpu-1211c -
siemens simatic_s7_cpu_1214c -
siemens simatic_s7_cpu_1200_firmware 2.0
siemens simatic_s7_cpu_1212c -
CVE-2014-4682 MEDIUM

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.1
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 8.0
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2014-4683 MEDIUM

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.1
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 8.0
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2014-4684 MEDIUM

The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.1
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 8.0
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2014-4685 MEDIUM

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.1
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 8.0
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2014-4686 MEDIUM

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.1
siemens wincc 5.0
siemens wincc *
siemens simatic_pcs7 8.0
siemens simatic_pcs7 7.1
siemens wincc 6.0
siemens simatic_pcs7 *
CVE-2014-5074 HIGH

Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_s7-1500_cpu_firmware 1.5
siemens simatic_s7-1500_cpu_firmware 1.0.1
siemens simatic_s7-1500_cpu_firmware 1.1.1
siemens simatic_s7-1511-1_pn_cpu -
siemens simatic_s7-1516f-3_pn/dp_cpu -
siemens simatic_s7-1518-4_pn/dp_cpu -
siemens simatic_s7-1500_cpu_firmware 1.1.2
siemens simatic_s7-1513-1_pn_cpu -
siemens simatic_s7-1516-3_pn/dp_cpu -
siemens simatic_s7-1518f-4_pn/dp_cpu -
siemens simatic_s7-1500_cpu_firmware 1.1.0
siemens simatic_s7-1515-2_pn_cpu -
CVE-2014-5231 LOW

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens simatic_wincc_sm@rtclient *
CVE-2014-5232 LOW

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens simatic_wincc_sm@rtclient *
CVE-2014-5233 LOW

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens simatic_wincc_sm@rtclient *
CVE-2014-8478 HIGH

The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens scalance_x-408_firmware *
siemens scalance_x-300_series_firmware *
CVE-2014-8479 MEDIUM

The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_x-408_firmware *
siemens scalance_x-300_series_firmware *
CVE-2014-8551 HIGH

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.2
siemens simatic_wincc 7.3
siemens simatic_wincc 7.0
siemens simatic_pcs7 8.0
siemens simatic_pcs7 7.1
siemens simatic_pcs7 8.1
siemens simatic_tiaportal 13.0
siemens simatic_pcs_7 7.1
CVE-2014-8552 MEDIUM

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.2
siemens simatic_wincc 7.3
siemens simatic_wincc 7.0
siemens simatic_pcs7 8.0
siemens simatic_pcs7 7.1
siemens simatic_pcs7 8.1
siemens simatic_tiaportal 13.0
siemens simatic_pcs_7 7.1
CVE-2014-9369 HIGH

Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens spc6000_firmware *
siemens spc4000_firmware *
siemens spc5000_firmware *
CVE-2015-1048 MEDIUM

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7_1200_cpu_firmware *
CVE-2015-1049 MEDIUM

The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_x-200_series_firmware *
CVE-2015-1355 LOW

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
siemens simatic_step_7 *
CVE-2015-1356 MEDIUM

Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens simatic_step_7 *
CVE-2015-1357 MEDIUM

Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens ruggedcom_firmware *
CVE-2015-1358 MEDIUM

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
siemens wincc 13.0
CVE-2015-1448 HIGH

The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens ruggedcom_firmware *
CVE-2015-1449 HIGH

Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens ruggedcom_firmware *
CVE-2015-1594 MEDIUM

Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simotion_scout *
siemens starter *
siemens simatic_step_7 5.5
siemens simatic_step_7 *
siemens simatic_prosave 13.0
siemens simatic_cfc 8.1
siemens simatic_cfc *
CVE-2015-1595 MEDIUM

The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens spcanywhere *
CVE-2015-1596 MEDIUM

The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
siemens spcanywhere *
CVE-2015-1597 MEDIUM

The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
siemens spcanywhere *
CVE-2015-1598 LOW

The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens spcanywhere *
CVE-2015-1599 LOW

The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens spcanywhere *
CVE-2015-1601 MEDIUM

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
siemens simatic_step_7 13
siemens simatic_step_7 *
siemens simatic_step_7 12
CVE-2015-1602 LOW

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens simatic_step_7 12.0
siemens simatic_step_7 13.0
siemens simatic_step_7 *
CVE-2015-2177 HIGH

Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_s7-300_cpu -
siemens simatic_s7-300_cpu_firmware *
CVE-2015-2822 MEDIUM

Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens wincc *
CVE-2015-2823 MEDIUM

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens wincc 7.0
siemens wincc 7.2
siemens wincc 7.1
siemens wincc *
siemens wincc 7.3
CVE-2015-3610 MEDIUM

The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
siemens homecontrol_for_room_automation *
CVE-2015-4174 MEDIUM

Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens climatix_bacnet/ip *
CVE-2015-5084 LOW

The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens simatic_wincc_sm@rtclient *
siemens simatic_wincc_sm@rtclient_lite *
CVE-2015-5219 MEDIUM

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-704,

Products Affected

Vendor Product Version
redhat enterprise_linux_hpc_node 7.0
siemens tim_4r-ie_firmware *
siemens tim_4r-id_dnp3_firmware *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
fedoraproject fedora 22
suse linux_enterprise_debuginfo 11
debian debian_linux 8.0
suse linux_enterprise_server 10
redhat enterprise_linux_server 7.0
redhat enterprise_linux_hpc_node 6.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
novell leap 42.2
redhat enterprise_linux_workstation 7.0
suse manager 2.1
ntp ntp *
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.04
redhat enterprise_linux_workstation 6.0
fedoraproject fedora 21
oracle linux 6
suse manager_proxy 2.1
debian debian_linux 7.0
suse openstack_cloud 5
suse linux_enterprise_server 11
fedoraproject fedora 23
canonical ubuntu_linux 15.10
opensuse leap 42.1
CVE-2015-5374 HIGH

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
siemens siprotec_firmware 4.24
CVE-2015-5386 HIGH

Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens sicam_mic_firmware *
CVE-2015-5537 MEDIUM

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system *
siemens ruggedcom_rox_ii_firmware -
CVE-2015-5698 HIGH

Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
siemens simatic_s7_1200_cpu_firmware *
siemens simatic_s7_1200_cpu -
CVE-2015-5717 MEDIUM

The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
siemens compas *
CVE-2015-6675 MEDIUM

Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system 4.0.0
siemens ruggedcom_rugged_operating_system 4.1.0
siemens ruggedcom_rugged_operating_system 3.8.0
CVE-2015-7705 HIGH

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netapp data_ontap -
citrix xenserver 6.5
siemens tim_4r-ie_firmware *
siemens tim_4r-ie_dnp3_firmware *
ntp ntp *
citrix xenserver 6.0.2
netapp oncommand_performance_manager -
ntp ntp 4.2.8
netapp oncommand_unified_manager -
citrix xenserver 7.0
netapp clustered_data_ontap -
citrix xenserver 6.2.0
CVE-2015-7836 LOW

Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens ruggedcom_rugged_operating_system *
CVE-2015-7855 MEDIUM

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netapp data_ontap -
siemens tim_4r-ie_firmware *
siemens tim_4r-ie_dnp3_firmware *
debian debian_linux 9.0
ntp ntp *
netapp oncommand_balance -
netapp oncommand_performance_manager -
debian debian_linux 7.0
ntp ntp 4.2.8
netapp oncommand_unified_manager -
debian debian_linux 8.0
netapp clustered_data_ontap -
CVE-2015-7973 MEDIUM

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 2.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
siemens tim_4r-ie_firmware *
siemens tim_4r-ie_dnp3_firmware *
ntp ntp *
canonical ubuntu_linux 12.04
freebsd freebsd 9.3
freebsd freebsd *
netapp oncommand_balance -
ntp ntp 4.2.8
canonical ubuntu_linux 16.04
netapp clustered_data_ontap -
canonical ubuntu_linux 14.04
freebsd freebsd 10.1
freebsd freebsd 10.2
CVE-2015-7974 MEDIUM

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
netapp oncommand_balance -
siemens tim_4r-ie_firmware *
ntp ntp 4.2.8
siemens tim_4r-ie_dnp3_firmware *
debian debian_linux 8.0
debian debian_linux 9.0
netapp clustered_data_ontap -
ntp ntp *
CVE-2015-7977 MEDIUM

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens tim_4r-ie_firmware *
debian debian_linux 9.0
ntp ntp *
canonical ubuntu_linux 12.04
freebsd freebsd 9.3
oracle linux 6
netapp oncommand_balance -
fedoraproject fedora 22
ntp ntp 4.2.8
canonical ubuntu_linux 16.04
siemens tim_4r-ie_dnp3_firmware -
debian debian_linux 8.0
netapp clustered_data_ontap -
fedoraproject fedora 23
canonical ubuntu_linux 14.04
freebsd freebsd 10.1
freebsd freebsd 10.2
CVE-2015-8214 HIGH

A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens simatic_tim_3v-ie_firmware -
siemens simatic_cp_343-1_firmware *
siemens simatic_tim_4r-ie_firmware *
siemens simatic_cp_443-1_firmware *
CVE-2016-1488 MEDIUM

Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens ozw672_firmware *
siemens ozw772_firmware *
CVE-2016-20009 HIGH

A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens sgt-a20_firmware *
siemens sgt-a35_firmware *
windriver vxworks *
siemens sgt-200_firmware *
siemens sgt-300_firmware *
siemens sgt-a65_firmware *
siemens sgt-400_firmware *
siemens sgt-100_firmware *
CVE-2016-2031 HIGH

Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
arubanetworks arubaos *
arubanetworks aruba_instant 4.2.3.1
arubanetworks aruba_instant *
arubanetworks airwave *
siemens scalance_w1750d_firmware *
CVE-2016-2200 HIGH

Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
CVE-2016-2201 MEDIUM

Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware 1.8.2
CVE-2016-2518 MEDIUM

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
oracle linux 7
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.7
freebsd freebsd 9.3
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.5
oracle communications_user_data_repository 10.0.1
debian debian_linux 10.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_tus 7.3
ntp ntp 4.2.8
debian debian_linux 8.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
oracle communications_user_data_repository 12.0.0
freebsd freebsd 10.1
redhat enterprise_linux_desktop 7.0
netapp data_ontap -
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.7
debian debian_linux 9.0
ntp ntp *
redhat enterprise_linux_workstation 6.0
oracle linux 6
netapp oncommand_balance -
siemens simatic_net_cp_443-1_opc_ua_firmware *
netapp oncommand_performance_manager -
netapp oncommand_unified_manager_for_clustered_data_ontap -
netapp clustered_data_ontap -
redhat enterprise_linux_server_tus 7.2
freebsd freebsd 10.3
oracle communications_user_data_repository 10.0.0
freebsd freebsd 10.2
CVE-2016-2846 MEDIUM

Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
siemens simatic_s7_cpu_1200_firmware *
CVE-2016-3155 LOW

Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens apogee_insight -
CVE-2016-3949 HIGH

Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
siemens simatic_s7-300_with_profitnet_support_firmware 3.2.11
siemens simatic_s7-300_without_profitnet_support_firmware 3.3.11
CVE-2016-3963 MEDIUM

Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens scalance_s613 *
CVE-2016-4784 MEDIUM

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens siprotec_firmware 4.26
siemens siprotec_firmware -
CVE-2016-4785 MEDIUM

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens siprotec_firmware 4.26
siemens siprotec_firmware -
CVE-2016-4953 MEDIUM

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens tim_4r-ie_firmware *
siemens tim_4r-ie_dnp3_firmware *
suse manager 2.1
ntp ntp *
suse manager_proxy 2.1
siemens simatic_net_cp_443-1_opc_ua_firmware *
suse linux_enterprise_server 12
suse openstack_cloud 5
suse linux_enterprise_server 11
ntp ntp 4.2.8
oracle solaris 11.3
oracle solaris 10
suse linux_enterprise_desktop 12
opensuse opensuse 13.2
opensuse leap 42.1
CVE-2016-4954 MEDIUM

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
siemens tim_4r-ie_firmware *
siemens tim_4r-ie_dnp3_firmware *
suse manager 2.1
ntp ntp *
suse manager_proxy 2.1
siemens simatic_net_cp_443-1_opc_ua_firmware *
suse linux_enterprise_server 12
suse openstack_cloud 5
suse linux_enterprise_server 11
ntp ntp 4.2.8
oracle solaris 11.3
oracle solaris 10
suse linux_enterprise_desktop 12
opensuse opensuse 13.2
opensuse leap 42.1
CVE-2016-4955 MEDIUM

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
ntp ntp *
suse manager_proxy 2.1
siemens simatic_net_cp_443-1_opc_ua_firmware *
suse linux_enterprise_server 12
suse openstack_cloud 5
suse linux_enterprise_server 11
ntp ntp 4.2.8
oracle solaris 11.3
oracle solaris 10
suse linux_enterprise_desktop 12
opensuse opensuse 13.2
opensuse leap 42.1
novell suse_manager 2.1
CVE-2016-4956 MEDIUM

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ntp ntp *
suse manager_proxy 2.1
siemens simatic_net_cp_443-1_opc_ua_firmware *
suse linux_enterprise_server 12
suse openstack_cloud 5
suse linux_enterprise_server 11
ntp ntp 4.2.8
oracle solaris 11.3
oracle solaris 10
suse linux_enterprise_desktop 12
opensuse opensuse 13.2
opensuse leap 42.1
novell suse_manager 2.1
CVE-2016-5743 HIGH

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_wincc *
siemens simatic_batch *
siemens simatic_openpcs_7 *
CVE-2016-5744 MEDIUM

Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.2
siemens simatic_wincc 7.0
CVE-2016-5848 LOW

Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-255,

Products Affected

Vendor Product Version
siemens sicam_pas/pqs *
CVE-2016-5849 LOW

Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens sicam_pas/pqs *
CVE-2016-5874 MEDIUM

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_net_pc-software *
CVE-2016-6204 MEDIUM

Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2016-6486 HIGH

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens sinema_server -
CVE-2016-7090 MEDIUM

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens scalance_m-800_firmware *
siemens scalance_s615_firmware *
CVE-2016-7112 HIGH

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_firmware *
CVE-2016-7113 HIGH

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_firmware 4.28
CVE-2016-7114 HIGH

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_firmware 4.28
CVE-2016-7165 MEDIUM

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,CWE-284,

Products Affected

Vendor Product Version
siemens simatic_step_7_(tia_portal) *
siemens simatic_wincc 7.2
siemens primary_setup_tool -
siemens simatic_pcs7 8.1
siemens simatic_it_production_suite -
siemens sinema_server *
siemens simatic_wincc_runtime -
siemens simatic_wincc 7.3
siemens simatic_step_7 *
siemens sinema_remote_connect -
siemens simatic_pcs_7 *
siemens simatic_pcs7 8.2
siemens simatic_wincc *
siemens simatic_net_pc_software *
siemens softnet_security_client *
siemens telecontrol_basic *
siemens simatic_wincc 7.4
siemens simatic_winac_rtx_f_2010 -
siemens security_configuration_tool -
siemens simit 9.0
siemens simatic_wincc 7.0
siemens simatic_pcs7 8.0
siemens simatic_wincc_(tia_portal) -
siemens simatic_wincc_(tia_portal) *
siemens simatic_winac_rtx_2010 -
CVE-2016-7959 LOW

Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-254,

Products Affected

Vendor Product Version
siemens simatic_step_7 *
CVE-2016-7960 LOW

Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens simatic_step_7 *
CVE-2016-7987 HIGH

An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
siemens eta4_firmware *
siemens eta2_firmware *
CVE-2016-8561 MEDIUM

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
siemens simatic_cp_1543-1_firmware -
CVE-2016-8562 LOW

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens siplus_net_cp_1543-1_firmware *
siemens simatic_cp_1543-1_firmware *
CVE-2016-8563 MEDIUM

Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2016-8564 MEDIUM

SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2016-8565 MEDIUM

Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2016-8566 MEDIUM

An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
siemens sicam_pas/pqs *
CVE-2016-8567 HIGH

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
siemens sicam_pas/pqs *
CVE-2016-8672 MEDIUM

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server delivers cookies without the "secure" flag. Modern browsers interpreting the flag would mitigate potential data leakage in case of clear text transmission.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens simatic_cp_443-1_firmware -
siemens simatic_s7_300_cpu_firmware -
siemens simatic_s7_400_cpu_firmware -
siemens simatic_cp_343-1_firmware -
CVE-2016-8673 MEDIUM

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
siemens simatic_cp_443-1_firmware -
siemens simatic_s7_300_cpu_firmware -
siemens simatic_s7_400_cpu_firmware -
siemens simatic_cp_343-1_firmware -
CVE-2016-9042 MEDIUM

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_net_cp_443-1_opc_ua_firmware *
ntp ntp 4.2.8
freebsd freebsd 11.0
hpe hpux-ntp *
freebsd freebsd 10.0
CVE-2016-9154 MEDIUM

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-332,CWE-332,

Products Affected

Vendor Product Version
siemens desigo_web_module_pxa40-w0_firmware *
siemens desigo_web_module_pxa30-w0_firmware *
siemens desigo_web_module_pxa30-w2_firmware *
siemens desigo_web_module_pxa40-w1_firmware *
siemens desigo_web_module_pxa30-w1_firmware *
siemens desigo_web_module_pxa40-w2_firmware *
CVE-2016-9155 MEDIUM

The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
siemens ccmw1025_firmware -
siemens ccpw3025_firmware -
siemens cvmw3025-ir_firmware -
siemens cfmw3025_firmware -
siemens ccid1445-dn28_firmware -
siemens cfms2025_firmware -
siemens ccms2025_firmware -
siemens ccmd3025-dn18_firmware -
siemens ccmw3025_firmware -
siemens cvms2025-ir_firmware -
siemens ccid1445-dn18_firmware -
siemens cfmw1025_firmware -
siemens cfis1425_firmware -
siemens ccis1425_firmware -
siemens ccid1445-dn36_firmware -
CVE-2016-9156 HIGH

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-284,

Products Affected

Vendor Product Version
siemens sicam_pas/pqs *
CVE-2016-9157 HIGH

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-284,

Products Affected

Vendor Product Version
siemens sicam_pas/pqs *
CVE-2016-9158 HIGH

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_s7-400_cpu_firmware -
siemens simatic_s7-300_cpu_firmware -
CVE-2016-9159 MEDIUM

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
siemens simatic_s7-400_cpu_firmware -
siemens simatic_s7-300_cpu_firmware -
CVE-2016-9160 MEDIUM

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-111,CWE-254,

Products Affected

Vendor Product Version
siemens simatic_wincc *
siemens simatic_pcs_7 *
CVE-2017-0143 HIGH

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens tissue_preparation_system_firmware *
siemens acuson_p500_firmware va10
siemens acuson_p300_firmware 13.02
siemens acuson_sc2000_firmware 5.0a
siemens versant_kpcr_molecular_system_firmware *
philips intellispace_portal 7.0
siemens acuson_p300_firmware 13.20
siemens acuson_x700_firmware 1.1
siemens syngo_sc2000_firmware *
siemens acuson_p300_firmware 13.21
siemens acuson_p500_firmware vb10
siemens versant_kpcr_sample_prep_firmware *
microsoft server_message_block 1.0
siemens acuson_p300_firmware 13.03
siemens acuson_sc2000_firmware *
siemens syngo_sc2000_firmware 5.0a
siemens acuson_x700_firmware 1.0
philips intellispace_portal 8.0
CVE-2017-0144 HIGH

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens tissue_preparation_system_firmware *
siemens acuson_p500_firmware va10
siemens acuson_p300_firmware 13.02
siemens acuson_sc2000_firmware 5.0a
siemens versant_kpcr_molecular_system_firmware *
siemens acuson_p300_firmware 13.20
siemens acuson_x700_firmware 1.1
siemens syngo_sc2000_firmware *
siemens acuson_p300_firmware 13.21
siemens acuson_p500_firmware vb10
siemens versant_kpcr_sample_prep_firmware *
microsoft server_message_block 1.0
siemens acuson_p300_firmware 13.03
siemens acuson_sc2000_firmware *
siemens syngo_sc2000_firmware 5.0a
siemens acuson_x700_firmware 1.0
CVE-2017-0145 HIGH

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens tissue_preparation_system_firmware *
siemens acuson_p500_firmware va10
siemens acuson_p300_firmware 13.02
siemens acuson_sc2000_firmware 5.0a
siemens versant_kpcr_molecular_system_firmware *
siemens acuson_p300_firmware 13.20
siemens acuson_x700_firmware 1.1
siemens syngo_sc2000_firmware *
siemens acuson_p300_firmware 13.21
siemens acuson_p500_firmware vb10
siemens versant_kpcr_sample_prep_firmware *
microsoft server_message_block 1.0
siemens acuson_p300_firmware 13.03
siemens acuson_sc2000_firmware *
siemens syngo_sc2000_firmware 5.0a
siemens acuson_x700_firmware 1.0
CVE-2017-0146 HIGH

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens tissue_preparation_system_firmware *
siemens acuson_p500_firmware va10
siemens acuson_p300_firmware 13.02
siemens acuson_sc2000_firmware 5.0a
siemens versant_kpcr_molecular_system_firmware *
siemens acuson_p300_firmware 13.20
siemens acuson_x700_firmware 1.1
siemens syngo_sc2000_firmware *
siemens acuson_p300_firmware 13.21
siemens acuson_p500_firmware vb10
siemens versant_kpcr_sample_prep_firmware *
microsoft server_message_block 1.0
siemens acuson_p300_firmware 13.03
siemens acuson_sc2000_firmware *
siemens syngo_sc2000_firmware 5.0a
siemens acuson_x700_firmware 1.0
CVE-2017-0147 MEDIUM

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
microsoft windows_10_1507 -
siemens tissue_preparation_system_firmware *
microsoft windows_server_2016 -
microsoft windows_server_2012 r2
siemens acuson_sc2000_firmware 5.0a
siemens versant_kpcr_molecular_system_firmware *
microsoft windows_10_1607 -
microsoft windows_8.1 -
microsoft windows_server_2012 -
siemens acuson_p500_firmware vb10
siemens versant_kpcr_sample_prep_firmware *
microsoft windows_rt_8.1 -
siemens acuson_sc2000_firmware *
siemens syngo_sc2000_firmware 5.0a
microsoft windows_7 -
siemens acuson_x700_firmware 1.0
siemens acuson_p500_firmware va10
siemens acuson_p300_firmware 13.02
microsoft windows_server_2008 r2
microsoft windows_vista -
siemens acuson_p300_firmware 13.20
siemens acuson_x700_firmware 1.1
siemens syngo_sc2000_firmware *
siemens acuson_p300_firmware 13.21
siemens acuson_p300_firmware 13.03
microsoft windows_10_1511 -
microsoft windows_server_2008 -
CVE-2017-0148 HIGH

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,CWE-20,

Products Affected

Vendor Product Version
siemens tissue_preparation_system_firmware *
siemens acuson_p500_firmware va10
siemens acuson_p300_firmware 13.02
siemens acuson_sc2000_firmware 5.0a
siemens versant_kpcr_molecular_system_firmware *
siemens acuson_p300_firmware 13.20
siemens acuson_x700_firmware 1.1
siemens syngo_sc2000_firmware *
siemens acuson_p300_firmware 13.21
siemens acuson_p500_firmware vb10
siemens versant_kpcr_sample_prep_firmware *
microsoft server_message_block 1.0
siemens acuson_p300_firmware 13.03
siemens acuson_sc2000_firmware *
siemens syngo_sc2000_firmware 5.0a
siemens acuson_x700_firmware 1.0
CVE-2017-11175 MEDIUM

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens fin_stack 4.0
CVE-2017-12069 MEDIUM

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
siemens wincc *
ocpfoundation local_discovery_server *
ocpfoundation ua_.net *
siemens simatic_pcs7 *
CVE-2017-12734 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-895,CWE-200,

Products Affected

Vendor Product Version
siemens logo!8_bm_fs-05_firmware *
CVE-2017-12735 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2017-12736 MEDIUM

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1188,CWE-665,

Products Affected

Vendor Product Version
siemens scalance_xr300-wg_firmware *
siemens scalance_xr-500_firmware *
siemens scalance_xc-200_firmware *
siemens scalance_xb-200_firmware *
siemens scalance_xm-400_firmware *
siemens scalance_xp-200_firmware *
siemens ruggedcom_ros *
CVE-2017-12737 MEDIUM

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens sm-2556_firmware dnpi00
siemens sm-2556_firmware etls00
siemens sm-2556_firmware enos00
siemens sm-2556_firmware eta2
siemens sm-2556_firmware erac00
siemens sm-2556_firmware modi00
CVE-2017-12738 MEDIUM

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens sm-2556_firmware dnpi00
siemens sm-2556_firmware etls00
siemens sm-2556_firmware enos00
siemens sm-2556_firmware eta2
siemens sm-2556_firmware erac00
siemens sm-2556_firmware modi00
CVE-2017-12739 HIGH

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
siemens sm-2556_firmware dnpi00
siemens sm-2556_firmware etls00
siemens sm-2556_firmware enos00
siemens sm-2556_firmware eta2
siemens sm-2556_firmware erac00
siemens sm-2556_firmware modi00
CVE-2017-12740 MEDIUM

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,CWE-345,

Products Affected

Vendor Product Version
siemens logo!_soft_comfort *
CVE-2017-12741 HIGH

Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_et_200al_firmware -
siemens simatic_pn/pn_coupler_firmware -
siemens sinumerik_840d_sl_firmware -
siemens simatic_compact_field_unit_firmware -
siemens simatic_winac_rtx_f_2010_firmware -
siemens sinamics_s120_firmware -
siemens simotion_d_firmware *
siemens simocode_pro_v_profinet_firmware -
siemens sinamics_s150_v4.7_firmware -
siemens simotion_p_firmware *
siemens simatic_s7-400h_v6_firmware *
siemens sinamics_g150_firmware -
siemens simatic_et_200sp_firmware -
siemens simatic_et_200mp_firmware -
siemens simatic_et_200s_firmware -
siemens ek-ertec_200p_firmware *
siemens simatic_s7-1500_firmware *
siemens sinamics_s110pn_firmware -
siemens simatic_s7-200_firmware *
siemens sinamics_v90pn_firmware -
siemens simatic_s7-1500_controller_firmware 2.0
siemens simatic_et_200pro_firmware -
siemens simatic_s7-1200_firmware -
siemens simatic_et_200m_firmware -
siemens ek-ertec_200pn_io_firmware -
siemens sinamics_g130_firmware -
siemens simatic_et_200ecopn_firmware -
siemens dk_standard_ethernet_controller_firmware -
siemens sirius_soft_starter_3rw44pn_firmware -
siemens simatic_s7-400pn/dp_v7_firmware -
siemens simatic_s7-410_v8_firmware -
siemens sinamics_s150_v4.8_firmware -
siemens simatic_s7-300_firmware -
siemens sinamics_dcm_firmware -
siemens simatic_s7-400pn_v6_firmware *
siemens simotion_c_firmware *
siemens sinamics_dcp_firmware -
siemens sinamics_g110m/g120pn_firmware *
CVE-2017-13099 MEDIUM

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
arubanetworks instant *
wolfssl wolfssl *
siemens scalance_w1750d_firmware *
CVE-2017-14023 MEDIUM

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.3
siemens simatic_pcs7 8.1
siemens simatic_pcs7 8.2
CVE-2017-14491 HIGH

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
huawei honor_v9_play_firmware *
nvidia linux_for_tegra *
siemens scalance_s615_firmware *
synology router_manager 1.1
debian debian_linux 7.1
redhat enterprise_linux_desktop 6.0
nvidia geforce_experience *
redhat enterprise_linux_server 6.0
suse linux_enterprise_debuginfo 11
opensuse leap 42.2
canonical ubuntu_linux 16.04
suse linux_enterprise_point_of_sale 11
synology diskstation_manager 6.1
debian debian_linux 8.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 14.04
siemens scalance_w1750d_firmware *
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 17.04
siemens scalance_m-800_firmware *
redhat enterprise_linux_workstation 7.0
synology diskstation_manager 5.2
debian debian_linux 9.0
synology diskstation_manager 6.0
canonical ubuntu_linux 12.04
redhat enterprise_linux_workstation 6.0
thekelleys dnsmasq *
suse linux_enterprise_server 12
debian debian_linux 7.0
suse linux_enterprise_server 11
siemens ruggedcom_rm1224_firmware *
arubanetworks arubaos *
opensuse leap 42.3
arista eos *
CVE-2017-18922 HIGH

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
opensuse leap 15.1
canonical ubuntu_linux 20.04
opensuse leap 15.2
siemens simatic_itc1500_pro_firmware *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
libvncserver_project libvncserver *
siemens simatic_itc1500_firmware *
fedoraproject fedora 31
canonical ubuntu_linux 19.10
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
fedoraproject fedora 32
CVE-2017-2680 MEDIUM

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens sinamics_gh150_firmware *
siemens simatic_s7-1500_software_controller_firmware *
siemens ek-ertec_200p_pn_io_firmware 4.4.0
siemens ek-ertec_200_pn_io_firmware *
siemens simatic_cp_1542sp-1_irc_firmware *
siemens sinamics_s150_firmware *
siemens simatic_tdc_cpu555_firmware *
siemens sinamics_s150_firmware 4.7
siemens simatic_et_200s_firmware *
siemens sinumerik_840d_sl_firmware 4.5
siemens simatic_cp_1243-1_irc_firmware *
siemens simatic_s7-400_firmware *
siemens simatic_et_200pro_firmware *
siemens simatic_cp_443-1_adv_firmware *
siemens softnet_profinet_io_firmware *
siemens sinamics_s120_firmware 4.7
siemens simatic_tdc_cp51m1_firmware *
siemens simatic_rf650r_firmware *
siemens simatic_rf680r_firmware *
siemens sinamics_gl150_firmware 4.8
siemens simatic_cp_1243-7_lte/us_firmware *
siemens sinamics_v90_pn_firmware *
siemens sirius_motor_starter_m200d_profinet_firmware *
siemens sinamics_gm150_firmware 4.7
siemens simatic_winac_rtx_firmware *
siemens simatic_cp_343-1_adv_firmware *
siemens simatic_cp_1243-8_firmware *
siemens sinamics_dcm_firmware *
siemens simatic_cp_1542sp-1_firmware *
siemens simatic_cp_1543sp-1_firmware *
siemens scalance_xr500_firmware *
siemens ups1600_profinet_firmware *
siemens scalance_x200_firmware *
siemens sirius_act_3su1_firmware *
siemens sinamics_g120(c/p/d)_w._pn_firmware 4.7
siemens simotion_firmware 4.5
siemens simatic_cp_443-1_opc-ua_firmware *
siemens sinumerik_828d_firmware *
siemens scalance_w700_firmware *
siemens scalance_x200_irt_firmware *
siemens simatic_cp_1616_firmware *
siemens simatic_hmi_multi_panels *
siemens simocode_pro_v_profinet_firmware *
siemens sinamics__s110_pn_firmware 4.4
siemens sinamics_g110m_firmware *
siemens simatic_rf685r_firmware *
siemens simatic_cp_1242-7_gprs_firmware *
siemens sinamics_sl150_firmware *
siemens sinamics_g130_firmware 4.7
siemens sinamics__s110_pn_firmware *
siemens scalance_xm400_firmware *
siemens sinamics_sm120_firmware *
siemens sinamics_gh150_firmware 4.7
siemens sinamics_g120(c/p/d)_w._pn_firmware *
siemens simatic_cp_1243-1_iec_firmware *
siemens simatic_s7-300_firmware -
siemens ie/pb-link_firmware *
siemens sinamics_sm120_firmware 4.8
siemens softnet_profinet_io_firmware 14
siemens simatic_cp_1626_firmware *
siemens simotion_firmware *
siemens simatic_et_200sp_firmware *
siemens simatic_et_200ecopn_firmware *
siemens ek-ertec_200_pn_io_firmware 4.2.1
siemens sinumerik_828d_firmware 4.5
siemens scalance_x408_firmware *
siemens simatic_teleservice_adapter_ie_standard_firmware *
siemens simatic_cp_1243-1_firmware *
siemens extension_unit_19_profinet_firmware *
siemens simatic_s7-1200_firmware *
siemens sinamics_g150_firmware 4.7
siemens dk_standard_ethernet_controller_firmware 4.1.1
siemens sinamics_g110m_firmware 4.7
siemens ie/as-i_link_pn_io_firmware *
siemens simatic_cp_1543-1_firmware *
siemens sinamics_g130_firmware *
siemens sinamics_gm150_firmware *
siemens simatic_hmi_comfort_panels *
siemens scalance_m-800_firmware *
siemens simatic_cp_1604_firmware *
siemens simatic_dk-1616_pn_io_firmware *
siemens scalance_x300_firmware *
siemens pn/pn_coupler_firmware *
siemens sirius_soft_starter_3rw44_pn_firmware *
siemens ek-ertec_200p_pn_io_firmware *
siemens simatic_teleservice_adapter_ie_basic_firmware *
siemens simatic_s7-200_smart_firmware *
siemens sinamics_s120_firmware *
siemens simatic_dk-1604_pn_io_firmware *
siemens sinamics_dcp_firmware *
siemens extension_unit_12_profinet_firmware *
siemens scalance_s615_firmware *
siemens sinamics_gl150_firmware *
siemens simatic_cp_443-1_std_firmware *
siemens dk_standard_ethernet_controller_firmware *
siemens extension_unit_15_profinet_firmware *
siemens sitop_psu8600_firmware *
siemens simatic_cm_1542-1_firmware *
siemens simatic_hmi_mobile_panels *
siemens sinamics_g150_firmware *
siemens simatic_s7-1500_firmware *
siemens simatic_et_200mp_firmware *
siemens simatic_cp_1243-1_dnp3_firmware *
siemens simatic_et_200m_firmware *
siemens sinumerik_840d_sl_firmware *
siemens simatic_cp_343-1_std_firmware *
siemens extension_unit_22_profinet_firmware *
siemens simatic_et_200al_firmware *
siemens sinamics_dcp_firmware 1.2
siemens simatic_winac_rtx_firmware 2010
siemens sinamics_sl150_firmware 4.8
siemens simatic_teleservice_adapter_ie_advanced_firmware *
siemens simatic_cp_343-1_lean_firmware *
siemens scalance_x414_firmware *
siemens sinamics_dcm_firmware 1.4
CVE-2017-2681 MEDIUM

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens ek-ertec_200p_pn_io_firmware 4.4.0
siemens ek-ertec_200_pn_io_firmware *
siemens simatic_cp_1542sp-1_irc_firmware *
siemens sinamics_s150_firmware *
siemens simatic_tdc_cpu555_firmware *
siemens sinumerik_840d_sl_firmware 4.7
siemens sinamics_s150_firmware 4.7
siemens simatic_et_200s_firmware *
siemens sinumerik_840d_sl_firmware 4.5
siemens simatic_cp_1243-1_irc_firmware *
siemens simatic_s7-400_firmware *
siemens simatic_et_200pro_firmware *
siemens simatic_cp_443-1_adv_firmware *
siemens sinamics_g120(c/p/d)_pn_firmware *
siemens softnet_profinet_io_firmware *
siemens sinamics_s120_firmware 4.7
siemens simatic_tdc_cp51m1_firmware *
siemens simatic_rf650r_firmware *
siemens simatic_rf680r_firmware *
siemens sinamics_v90_pn_firmware *
siemens sirius_motor_starter_m200d_profinet_firmware *
siemens simatic_winac_rtx_firmware *
siemens simatic_teleservice_adapter_standard_modem_firmware *
siemens simatic_cp_343-1_adv_firmware *
siemens sinamics_dcm_firmware *
siemens simatic_teleservice_adapter_ie_advanced_modem_firmware *
siemens simatic_cp_1543sp-1_firmware *
siemens scalance_xr500_firmware *
siemens ups1600_profinet_firmware *
siemens scalance_x200_firmware *
siemens sirius_act_3su1_firmware *
siemens simotion_firmware 4.5
siemens simatic_cp_443-1_opc-ua_firmware *
siemens simatic_cm_1542sp-1_firmware *
siemens sinumerik_828d_firmware *
siemens sinamics_s110_pn_firmware *
siemens scalance_w700_firmware *
siemens scalance_x200_irt_firmware *
siemens simatic_cp_1616_firmware *
siemens simatic_hmi_multi_panels *
siemens simocode_pro_v_profinet_firmware *
siemens sinamics_g110m_firmware *
siemens simatic_rf685r_firmware *
siemens sinamics_g130_firmware 4.7
siemens scalance_xm400_firmware *
siemens simatic_cp_1243-1_iec_firmware *
siemens ie/pb-link_firmware *
siemens softnet_profinet_io_firmware 14
siemens simotion_firmware *
siemens simatic_et_200sp_firmware *
siemens simatic_et_200ecopn_firmware *
siemens ek-ertec_200_pn_io_firmware 4.2.1
siemens sinumerik_828d_firmware 4.5
siemens scalance_x408_firmware *
siemens simatic_cp_1243-1_firmware *
siemens simatic_s7-1200_firmware *
siemens sinamics_g150_firmware 4.7
siemens dk_standard_ethernet_controller_firmware 4.1.1
siemens sinamics_g110m_firmware 4.7
siemens ie/as-i_link_pn_io_firmware *
siemens simatic_cp_1543-1_firmware *
siemens sinamics_g130_firmware *
siemens simatic_hmi_comfort_panels *
siemens scalance_m-800_firmware *
siemens simatic_cp_1604_firmware *
siemens sinumerik_828d_firmware 4.7
siemens simatic_s7-1500_software_controller *
siemens scalance_x300_firmware *
siemens simatic_teleservice_adapter_ie_basic_modem_firmware *
siemens pn/pn_coupler_firmware *
siemens sirius_soft_starter_3rw44_pn_firmware *
siemens ek-ertec_200p_pn_io_firmware *
siemens simatic_s7-300_firmware *
siemens simatic_s7-200_smart_firmware *
siemens sinamics_s120_firmware *
siemens sinamics_dcp_firmware *
siemens scalance_s615_firmware *
siemens simatic_cp_443-1_std_firmware *
siemens dk_standard_ethernet_controller_firmware *
siemens sitop_psu8600_firmware *
siemens simatic_cm_1542-1_firmware *
siemens simatic_hmi_mobile_panels *
siemens sinamics_s110_pn_firmware 4.4
siemens simatic_dk-16xx_pn_io_firmware *
siemens sinamics_g150_firmware *
siemens simatic_s7-1500_firmware *
siemens simatic_et_200mp_firmware *
siemens simatic_cp_1243-1_dnp3_firmware *
siemens simatic_et_200m_firmware *
siemens sinumerik_840d_sl_firmware *
siemens simatic_cp_343-1_std_firmware *
siemens simatic_et_200al_firmware *
siemens sinamics_dcp_firmware 1.2
siemens simatic_winac_rtx_firmware 2010
siemens simatic_cp_343-1_lean_firmware *
siemens scalance_x414_firmware *
siemens sinamics_dcm_firmware 1.4
CVE-2017-2682 MEDIUM

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
siemens ruggedcom_network_management_software *
CVE-2017-2683 MEDIUM

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens ruggedcom_network_management_software *
CVE-2017-2684 MEDIUM

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-592,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_logon *
CVE-2017-2685 MEDIUM

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,CWE-200,

Products Affected

Vendor Product Version
siemens sinumerik_integrate_operate_client 2.0.3.00.016
siemens sinumerik_integrate_access_mymachine/ethernet -
siemens sinumerik_operate 4.5
siemens sinumerik_integrate_operate_client 3.0.4.00.032
siemens sinumerik_operate 4.7
CVE-2017-2686 MEDIUM

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-200,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_i *
CVE-2017-2687 MEDIUM

Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_i *
CVE-2017-2688 MEDIUM

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_i *
CVE-2017-2689 MEDIUM

Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-287,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_i *
CVE-2017-5689 HIGH

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,CWE-269,

Products Affected

Vendor Product Version
siemens simatic_ipc427d_firmware -
intel active_management_technology_firmware 8.1
siemens simatic_itp1000_firmware *
siemens simatic_field_pg_m3_firmware *
siemens simatic_ipc477d_firmware -
siemens simatic_pcs_7_ipc627c_firmware *
intel active_management_technology_firmware 7.1
siemens simatic_pcs_7_ipc427e_firmware *
siemens simatic_ipc647c_firmware *
intel active_management_technology_firmware 8.0
intel active_management_technology_firmware 9.5
siemens simatic_pcs_7_ipc647d_firmware *
siemens simatic_ipc827d_firmware *
siemens simatic_ipc677c_firmware *
intel active_management_technology_firmware 7.0
siemens simatic_pcs_7_ipc547e_firmware *
siemens simatic_ipc547g_firmware *
siemens simatic_ipc627c_firmware *
siemens simatic_ipc547e_firmware *
siemens simatic_ipc847c_firmware *
siemens simatic_ipc477e_firmware *
intel active_management_technology_firmware 6.1
intel active_management_technology_firmware 11.6
siemens sinumerik_pcu50.5-p_firmware *
intel active_management_technology_firmware 9.0
intel active_management_technology_firmware 6.2
intel active_management_technology_firmware 11.5
siemens simatic_field_pg_m4_firmware *
siemens simatic_pcs_7_ipc477d_firmware -
siemens simatic_pcs_7_ipc427e_firmware -
siemens simatic_ipc627d_firmware *
siemens simatic_ipc647d_firmware *
siemens simatic_pcs_7_ipc847c_firmware *
siemens simatic_pcs_7_ipc677c_firmware *
siemens simatic_ipc677d_firmware *
siemens simatic_ipc427e_firmware *
siemens simatic_ipc847d_firmware *
siemens simatic_pcs_7_ipc547d_firmware *
siemens simatic_pcs_7_ipc547g_firmware *
siemens simatic_ipc547d_firmware *
siemens simotion_p320-4_s_firmware *
siemens simatic_pcs_7_ipc847d_firmware *
hpe proliant_ml10_gen9_server_firmware 5.0
intel active_management_technology_firmware 10.0
intel active_management_technology_firmware 6.0
siemens simatic_ipc827c_firmware *
intel active_management_technology_firmware 9.1
siemens simatic_pcs_7_ipc647c_firmware *
siemens simatic_field_pg_m5_firmware *
intel active_management_technology_firmware 11.0
CVE-2017-5711 HIGH

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus sabertooth_z170_mark_1_firmware -
siemens simatic_ipc427d_firmware -
asus h110m-cs_firmware -
asus h110m-c/br_firmware -
asus h110m-d/exper/si_firmware -
asus b150m-k_d3_firmware -
asus rog_strix_b250h_gaming_firmware -
asus z170-a_firmware -
asus rog_strix_z270f_gaming_firmware -
siemens simatic_ipc677c_firmware *
asus b150-pro_firmware -
asus b250-s_firmware -
asus h110m-e_firmware -
asus h110s2_firmware -
asus h110m-a/dp_firmware -
asus rog_strix_z270g_gaming_firmware -
asus rog_strix_z370-g_gaming_firmware -
asus b150m-plus_d3_firmware -
asus prime_h110m-p_firmware -
asus rog_maximus_ix_code_firmware -
asus z170m-plus_firmware -
asus ex-b250-v7_firmware -
siemens simatic_field_pg_m4_firmware *
asus z170-k_firmware -
siemens simatic_ipc647d_firmware *
asus ex-b150m-v_firmware -
asus prime_z370-p_firmware -
asus ex-b150m-v5_firmware -
asus rog_strix_z270h_gaming/k1_firmware -
siemens sinumerik_pcu50.5-c_firmware *
asus rog_maximus_viii_hero_firmware -
asus b150m-a_firmware -
asus b150m-k_firmware -
asus prime_h270-plus_firmware -
siemens simatic_ipc547d_firmware *
asus h110m-ks_r1_firmware -
asus z170-p_d3_firmware -
asus z170m-plus/br_firmware -
asus rog_strix_z270e_gaming_firmware -
intel manageability_engine_firmware 11.7
asus prime_b250m-plus/br_firmware -
asus prime_b250-pro_firmware -
asus rog_maximus_ix_apex_firmware -
asus sabertooth_z170_s_firmware -
asus b150m-f_plus_firmware -
siemens simatic_ipc477d_pro_firmware -
asus prime_b250m-k_firmware -
siemens simatic_itp1000_firmware *
asus b150i_pro_gaming/wifi/aura_firmware -
asus h110m-c/hdmi_firmware -
siemens simatic_ipc477d_firmware -
asus rog_maximus_viii_gene_firmware -
asus rog_maximus_ix_formula_firmware -
asus q270-s_firmware -
asus prime_b250m-j_firmware -
siemens simatic_ipc827d_firmware *
asus z170-ar_firmware -
asus z170i_pro_gaming_firmware -
asus prime_b250m-c_firmware -
asus h110m-p/dvi_firmware -
asus h110s1_firmware -
asus z170m-e_d3_firmware -
asus h110m-a/m.2_firmware -
asus ex-h110m-v3_firmware -
asus q170m2/cdm/si_firmware -
siemens simotion_p320-4s_firmware *
asus rog_strix_z270i_gaming_firmware -
asus tuf_z270_mark_1_firmware -
asus z170_pro_gaming/aura_firmware -
asus b250_mining_expert_firmware -
asus rog_maximus_x_formula_firmware -
asus prime_b250m-a_firmware -
asus h110m-f_firmware -
asus prime_h110m2_firmware -
asus h110m-c_firmware -
intel manageability_engine_firmware 11.10
asus ex-b250m-v_firmware -
asus prime_z270-k_firmware -
asus h170m-plus_firmware -
asus h170-plus_d3_firmware -
asus b250-mr_firmware -
asus rog_maximus_x_hero_firmware -
asus b150m-a/m.2_firmware -
asus b150-plus_firmware -
asus rog_maximus_viii_hero_alpha_firmware -
asus b250m-f_plus_firmware -
asus trooper_b150_d3_firmware -
asus h110m-ts_firmware -
asus b150_pro_gaming_firmware -
asus h110i-plus_firmware -
asus rog_maximus_ix_extreme_firmware -
asus b150_pro_gaming_d3_firmware -
asus h110m-plus_firmware -
intel manageability_engine_firmware 11.6
asus prime_b250m-d_firmware -
asus tuf_z370-plus_gaming_firmware -
asus h110m-cs_x_firmware -
siemens simatic_field_pg_m5_firmware *
asus b150_pro_gaming/aura_firmware -
asus b150-a_firmware -
asus h110m-k_d3_firmware -
intel manageability_engine_firmware *
asus prime_j3355i-c_firmware -
asus ex-h110m-v_firmware -
asus rog_strix_b250g_gaming_firmware -
asus q170t_v2_firmware -
asus q170s1_firmware -
intel active_management_technology_firmware -
asus h170i-pro_firmware -
siemens simatic_ipc647c_firmware *
asus rog_maximus_x_code_firmware -
asus rog_maximus_ix_hero_firmware -
asus q170m2_firmware -
asus b150-pro_d3_firmware -
siemens simatic_ipc547e_firmware *
asus b150m-d_firmware -
asus tuf_z270_mark_2_firmware -
asus q170m-c_firmware -
intel manageability_engine_firmware 11.5
siemens simatic_ipc477e_firmware *
asus prime_h270-pro_firmware -
intel manageability_engine_firmware 11.0
asus pio-b150m_firmware -
asus prime_z370-a_firmware -
asus h110m-a_firmware -
asus pio-b250i_firmware -
asus rog_strix_z370-h_gaming_firmware -
asus rog_strix_h270f_gaming_firmware -
asus prime_b250-a_firmware -
asus rog_strix_b250f_gaming_firmware -
asus h110-plus_firmware -
asus q170t_firmware -
siemens sinumerik_pcu50.5-p_firmware *
asus h110m-r_firmware -
asus prime_b250-plus_firmware -
asus h170m-plus/br_firmware -
asus h110m-e/m.2_firmware -
asus rog_maximus_x_apex_firmware -
asus z170-premium_firmware -
asus b150m-c_d3_firmware -
asus h170-pro/usb_3.1_firmware -
asus prime_z270m-plus_firmware -
siemens simatic_ipc847d_firmware *
asus h110m-c/ps_firmware -
asus prime_h270m-plus_firmware -
asus h110t_firmware -
asus rog_strix_z370-i_gaming_firmware -
asus z170-p_firmware -
asus h110m-d_firmware -
asus trooper_h110_d3_firmware -
asus rog_strix_b250i_gaming_firmware -
asus ex-b250m-v5_firmware -
siemens simatic_ipc827c_firmware *
asus h110m-cs/br_firmware -
asus prime_b250m-plus_firmware -
asus ex-b250m-v3_firmware -
asus prime_z270-a_firmware -
intel manageability_engine_firmware 11.20
siemens simatic_field_pg_m3_firmware *
asus h170m-e_d3_firmware -
asus b150m-c_firmware -
asus ex-b150m-v3_firmware -
asus rog_strix_z270h_gaming_firmware -
asus rog_maximus_viii_impact_firmware -
asus h110m-a_d3_firmware -
asus prime_z270m-plus/br_firmware -
asus h110m-k_firmware -
asus h110m-c2_firmware -
asus b150m-c/br_firmware -
asus rog_strix_z370-e_gaming_firmware -
siemens simatic_ipc627c_firmware *
siemens simatic_ipc847c_firmware *
asus z170_pro_gaming_firmware -
asus b150m-v_plus_firmware -
asus h110m-k_x_firmware -
asus rog_maximus_viii_extreme_firmware -
asus ex-b150-v7_firmware -
asus h110t-a_firmware -
asus h110m-c2/tf_firmware -
asus z170-e_firmware -
asus rog_maximus_viii_formula_firmware -
asus h170-pro_firmware -
asus tuf_z370-pro_gaming_firmware -
asus z170-pro_firmware -
asus h110m-ks_firmware -
asus prime_q270m-c_firmware -
asus b150m-plus_firmware -
asus b150m-a_d3_firmware -
asus rog_maximus_viii_ranger_firmware -
asus b250m-c_pro_firmware -
siemens simatic_ipc627d_firmware *
asus z170-deluxe_firmware -
siemens simatic_ipc677d_firmware *
siemens simatic_ipc427e_firmware *
asus b150i_pro_gaming/aura_firmware -
asus q270m-cm-a_firmware -
asus prime_h110m2/fpt_firmware -
asus rog_strix_z370-f_gaming_firmware -
asus b150m_pro_gaming_firmware -
asus q170m-cm-b_firmware -
asus h170_pro_gaming_firmware -
asus prime_z270-p_firmware -
asus rog_strix_h270i_gaming_firmware -
asus prime_z270-ar_firmware -
CVE-2017-5712 HIGH

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus sabertooth_z170_mark_1_firmware -
siemens simatic_ipc427d_firmware -
asus h110m-cs_firmware -
asus h110m-c/br_firmware -
asus h110m-d/exper/si_firmware -
asus b150m-k_d3_firmware -
asus rog_strix_b250h_gaming_firmware -
asus z170-a_firmware -
asus rog_strix_z270f_gaming_firmware -
siemens simatic_ipc677c_firmware *
asus b150-pro_firmware -
asus b250-s_firmware -
asus h110m-e_firmware -
asus h110s2_firmware -
asus h110m-a/dp_firmware -
asus rog_strix_z270g_gaming_firmware -
asus rog_strix_z370-g_gaming_firmware -
asus b150m-plus_d3_firmware -
asus prime_h110m-p_firmware -
asus rog_maximus_ix_code_firmware -
asus z170m-plus_firmware -
asus ex-b250-v7_firmware -
siemens simatic_field_pg_m4_firmware *
asus z170-k_firmware -
siemens simatic_ipc647d_firmware *
asus ex-b150m-v_firmware -
asus prime_z370-p_firmware -
asus ex-b150m-v5_firmware -
asus rog_strix_z270h_gaming/k1_firmware -
siemens sinumerik_pcu50.5-c_firmware *
asus rog_maximus_viii_hero_firmware -
asus b150m-a_firmware -
asus b150m-k_firmware -
asus prime_h270-plus_firmware -
siemens simatic_ipc547d_firmware *
asus h110m-ks_r1_firmware -
asus z170-p_d3_firmware -
asus z170m-plus/br_firmware -
asus rog_strix_z270e_gaming_firmware -
intel manageability_engine_firmware 11.7
asus prime_b250m-plus/br_firmware -
asus prime_b250-pro_firmware -
asus rog_maximus_ix_apex_firmware -
asus sabertooth_z170_s_firmware -
asus b150m-f_plus_firmware -
siemens simatic_ipc477d_pro_firmware -
asus prime_b250m-k_firmware -
siemens simatic_itp1000_firmware *
asus b150i_pro_gaming/wifi/aura_firmware -
asus h110m-c/hdmi_firmware -
siemens simatic_ipc477d_firmware -
asus rog_maximus_viii_gene_firmware -
asus rog_maximus_ix_formula_firmware -
asus q270-s_firmware -
asus prime_b250m-j_firmware -
siemens simatic_ipc827d_firmware *
asus z170-ar_firmware -
asus z170i_pro_gaming_firmware -
asus prime_b250m-c_firmware -
asus h110m-p/dvi_firmware -
asus h110s1_firmware -
asus z170m-e_d3_firmware -
asus h110m-a/m.2_firmware -
asus ex-h110m-v3_firmware -
asus q170m2/cdm/si_firmware -
siemens simotion_p320-4s_firmware *
asus rog_strix_z270i_gaming_firmware -
asus tuf_z270_mark_1_firmware -
asus z170_pro_gaming/aura_firmware -
asus b250_mining_expert_firmware -
asus rog_maximus_x_formula_firmware -
asus prime_b250m-a_firmware -
asus h110m-f_firmware -
asus prime_h110m2_firmware -
asus h110m-c_firmware -
intel manageability_engine_firmware 11.10
asus ex-b250m-v_firmware -
asus prime_z270-k_firmware -
asus h170m-plus_firmware -
asus h170-plus_d3_firmware -
asus b250-mr_firmware -
asus rog_maximus_x_hero_firmware -
asus b150m-a/m.2_firmware -
asus b150-plus_firmware -
asus rog_maximus_viii_hero_alpha_firmware -
asus b250m-f_plus_firmware -
asus trooper_b150_d3_firmware -
asus h110m-ts_firmware -
asus b150_pro_gaming_firmware -
asus h110i-plus_firmware -
asus rog_maximus_ix_extreme_firmware -
asus b150_pro_gaming_d3_firmware -
asus h110m-plus_firmware -
intel manageability_engine_firmware 11.6
asus prime_b250m-d_firmware -
asus tuf_z370-plus_gaming_firmware -
asus h110m-cs_x_firmware -
siemens simatic_field_pg_m5_firmware *
asus b150_pro_gaming/aura_firmware -
asus b150-a_firmware -
asus h110m-k_d3_firmware -
intel manageability_engine_firmware *
asus prime_j3355i-c_firmware -
asus ex-h110m-v_firmware -
asus rog_strix_b250g_gaming_firmware -
asus q170t_v2_firmware -
asus q170s1_firmware -
intel active_management_technology_firmware -
asus h170i-pro_firmware -
siemens simatic_ipc647c_firmware *
asus rog_maximus_x_code_firmware -
asus rog_maximus_ix_hero_firmware -
asus q170m2_firmware -
asus b150-pro_d3_firmware -
siemens simatic_ipc547e_firmware *
asus b150m-d_firmware -
asus tuf_z270_mark_2_firmware -
asus q170m-c_firmware -
intel manageability_engine_firmware 11.5
siemens simatic_ipc477e_firmware *
asus prime_h270-pro_firmware -
intel manageability_engine_firmware 11.0
asus pio-b150m_firmware -
asus prime_z370-a_firmware -
asus h110m-a_firmware -
asus pio-b250i_firmware -
asus rog_strix_z370-h_gaming_firmware -
asus rog_strix_h270f_gaming_firmware -
asus prime_b250-a_firmware -
asus rog_strix_b250f_gaming_firmware -
asus h110-plus_firmware -
asus q170t_firmware -
siemens sinumerik_pcu50.5-p_firmware *
asus h110m-r_firmware -
asus prime_b250-plus_firmware -
asus h170m-plus/br_firmware -
asus h110m-e/m.2_firmware -
asus rog_maximus_x_apex_firmware -
asus z170-premium_firmware -
asus b150m-c_d3_firmware -
asus h170-pro/usb_3.1_firmware -
asus prime_z270m-plus_firmware -
siemens simatic_ipc847d_firmware *
asus h110m-c/ps_firmware -
asus prime_h270m-plus_firmware -
asus h110t_firmware -
asus rog_strix_z370-i_gaming_firmware -
asus z170-p_firmware -
asus h110m-d_firmware -
asus trooper_h110_d3_firmware -
asus rog_strix_b250i_gaming_firmware -
asus ex-b250m-v5_firmware -
siemens simatic_ipc827c_firmware *
asus h110m-cs/br_firmware -
asus prime_b250m-plus_firmware -
asus ex-b250m-v3_firmware -
asus prime_z270-a_firmware -
intel manageability_engine_firmware 11.20
siemens simatic_field_pg_m3_firmware *
asus h170m-e_d3_firmware -
asus b150m-c_firmware -
asus ex-b150m-v3_firmware -
asus rog_strix_z270h_gaming_firmware -
asus rog_maximus_viii_impact_firmware -
asus h110m-a_d3_firmware -
asus prime_z270m-plus/br_firmware -
asus h110m-k_firmware -
asus h110m-c2_firmware -
asus b150m-c/br_firmware -
asus rog_strix_z370-e_gaming_firmware -
siemens simatic_ipc627c_firmware *
siemens simatic_ipc847c_firmware *
asus z170_pro_gaming_firmware -
asus b150m-v_plus_firmware -
asus h110m-k_x_firmware -
asus rog_maximus_viii_extreme_firmware -
asus ex-b150-v7_firmware -
asus h110t-a_firmware -
asus h110m-c2/tf_firmware -
asus z170-e_firmware -
asus rog_maximus_viii_formula_firmware -
asus h170-pro_firmware -
asus tuf_z370-pro_gaming_firmware -
asus z170-pro_firmware -
asus h110m-ks_firmware -
asus prime_q270m-c_firmware -
asus b150m-plus_firmware -
asus b150m-a_d3_firmware -
asus rog_maximus_viii_ranger_firmware -
asus b250m-c_pro_firmware -
siemens simatic_ipc627d_firmware *
asus z170-deluxe_firmware -
siemens simatic_ipc677d_firmware *
siemens simatic_ipc427e_firmware *
asus b150i_pro_gaming/aura_firmware -
asus q270m-cm-a_firmware -
asus prime_h110m2/fpt_firmware -
asus rog_strix_z370-f_gaming_firmware -
asus b150m_pro_gaming_firmware -
asus q170m-cm-b_firmware -
asus h170_pro_gaming_firmware -
asus prime_z270-p_firmware -
asus rog_strix_h270i_gaming_firmware -
asus prime_z270-ar_firmware -
CVE-2017-5715 LOW

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
intel atom_x3 c3230rk
intel core_i5 430um
intel atom_x7-e3950 -
intel core_i5 4360u
intel xeon_e7 8890_v2
intel xeon_e7 4820_v4
intel core_i3 6100t
intel core_i5 3339y
intel xeon_gold 6152
intel xeon x5687
intel xeon_e3_1240l_v5 -
intel xeon_e5 2698_v3
intel xeon_gold 6126f
intel core_i5 6350hq
intel xeon_e3_1270_v3 -
intel core_i7 2677m
intel core_i7 4770k
intel core_i3 4000m
intel xeon_e3_1220 -
intel xeon_e5 4650
intel xeon e5630
intel xeon_e5_2408l_v3 -
intel core_i7 2760qm
intel atom_z z3736f
intel core_i3 4160t
intel core_i3 4100e
intel core_i7 4500u
intel atom_c c2730
intel xeon_phi 7290f
intel core_i3 380um
intel atom_z z2560
intel core_i7 940xm
intel core_i7 860s
intel atom_z z3740
intel xeon_e3_1285l_v3 -
intel xeon_e7 8867l
intel atom_c c2738
intel core_i3 6167u
intel core_i5 6400
intel xeon_e7 8870_v2
intel core_i5 3210m
intel xeon_e3 1575m_v5
intel xeon_e5_2648l -
intel core_i5 6260u
intel xeon_e3_1230_v6 -
intel core_i7 4578u
intel xeon_e7 8870
intel core_i5 2540m
intel atom_e e3845
intel xeon_gold 6126
intel core_i7 4712hq
intel xeon_e3_1125c_v2 -
intel atom_z z3480
intel xeon_e5_2407_v2 -
intel xeon_e5 2658_v3
intel xeon_e5_1650 -
intel core_i7 3720qm
intel xeon_e7 4830_v2
intel core_i3 2367m
intel xeon_e5 2667_v3
intel xeon_e3 1505m_v6
intel xeon l5618
intel core_i7 950
intel atom_z z3740d
intel xeon_e5_2620_v4 -
intel xeon_e7 4860
intel core_i7 5500u
intel core_i3 3250
intel xeon_e7 4890_v2
intel xeon_e3_1125c -
intel core_i5 4570
arm cortex-a 73
intel celeron_n n3060
intel xeon_e7 8880l_v3
intel xeon_e5 4610_v4
arm cortex-a 15
intel core_i7 4790t
intel atom_z z2460
intel celeron_n n4100
intel xeon lc5528
intel xeon_e5_1620_v4 -
intel atom_c c3950
intel core_i7 5950hq
intel xeon e5506
intel core_i5 470um
intel core_i5 750s
intel core_i5 3337u
intel core_i7 4710hq
intel core_i7 2630qm
intel atom_z z3770d
intel xeon_e5 2697_v3
intel core_m3 6y30
intel core_i3 330e
intel xeon_e5_2630l_v3 -
intel core_i7 7700
intel xeon_e3_1226_v3 -
intel celeron_n n2806
intel xeon_e5 2665
intel xeon_silver 4116t
intel core_i7 4720hq
intel xeon_e5 2699_v3
intel xeon_e3_1275_v2 -
intel xeon_e5 2680_v4
intel core_i3 2357m
intel xeon_e5 4640_v4
intel core_i3 2100t
intel pentium_n n3520
intel xeon_phi 7295
intel xeon e5649
intel core_i7 3667u
intel xeon_e5_2637_v2 -
intel xeon_silver 4112
intel xeon_e3_1290 -
intel core_i7 4600m
intel core_i5 650
intel core_i5 4278u
intel core_i5 8350u
intel core_i7 4770t
intel xeon_phi 7290
intel xeon_e3_1505l_v6 -
canonical ubuntu_linux 17.04
intel xeon_e3_1258l_v4 -
intel xeon_phi 7250f
intel celeron_j j3455
intel xeon l5520
intel core_i5 3360m
oracle communications_diameter_signaling_router 8.0.0
intel core_i3 3229y
intel core_i7 4770
intel core_i5 4422e
intel xeon_e7 8893_v2
intel xeon_e3_1270_v2 -
intel xeon_e3_1231_v3 -
intel xeon_e3 1535m_v6
intel celeron_j j4105
intel celeron_n n2807
intel core_i7 2920xm
intel core_i7 2629m
intel core_i7 2675qm
intel xeon_e7 2870
intel xeon_e3_1230_v2 -
intel core_i5 4590s
intel core_i5 5200u
intel core_i3 2340ue
intel core_i5 6585r
intel core_m 5y10c
intel core_i7 620um
intel core_i7 2960xm
intel xeon_platinum 8176
intel xeon_e5_2630_v3 -
intel core_i7 4910mq
intel core_i7 3520m
intel xeon_e5 4660_v3
intel xeon_e3_1105c_v2 -
intel atom_z z2480
intel core_i7 930
intel core_i7 2720qm
intel xeon_e7 2870_v2
intel xeon_e5_2650_v4 -
intel core_i5 3330
intel atom_x3 c3235rk
intel xeon_e5 2650l_v4
intel xeon x5680
intel xeon_e5 2687w_v4
intel core_i7 3635qm
arm cortex-a 75
intel core_i5 4350u
intel core_i5 3570s
intel xeon_e3_1270_v5 -
intel core_i3 4158u
intel core_i5 3570t
intel xeon_e7 8830
intel core_i5 4210u
intel xeon_e3_1268l_v5 -
intel core_i5 4430
intel xeon e5530
intel core_i5 3450s
intel core_i3 6100
intel xeon x3470
intel core_i3 4330te
intel core_i7 3615qm
intel core_i3 4360t
intel xeon_bronze_3106 -
intel core_i3 4102e
intel core_i7 4770r
intel core_i7 4785t
intel core_i7 5750hq
intel xeon_e3_1260l_v5 -
intel xeon l7545
intel xeon_e5_2637 -
intel core_i7 4700ec
intel core_i7 7700hq
intel xeon_e3_1245_v2 -
intel xeon_platinum 8180
intel xeon_e5_1620_v3 -
intel atom_z z2420
intel xeon x5647
intel xeon_e3_1271_v3 -
intel core_i7 4700mq
intel core_i5 4340m
intel xeon_e5_2407 -
intel xeon_e3_1275_v3 -
intel xeon_e5 4620
intel core_i7 980
intel core_i5 520m
intel core_i3 3220
intel core_i5 3475s
intel core_i5 4300m
intel celeron_n n2830
intel xeon_gold 6126t
netapp solidfire -
intel celeron_n n3160
intel core_i5 6287u
intel core_i7 3689y
intel core_i7 5775c
intel xeon_e5_1680_v3 -
intel xeon l5506
intel xeon_e7 8870_v4
intel xeon x5650
intel xeon_e7 8893_v3
intel core_i3 4025u
intel atom_z z3785
intel xeon lc5518
intel xeon l3406
intel xeon_e3 1578l_v5
intel core_i5 4440s
intel core_i3 2100
intel xeon_e5 2670_v3
intel atom_c c3750
intel atom_c c2516
intel core_i5 2380p
intel core_i5 2500s
intel xeon_e5_2650_v2 -
intel core_i5 3470s
intel xeon_e7 4830_v3
intel core_i7 4702hq
intel xeon_gold 6142f
intel xeon_platinum 8176m
canonical ubuntu_linux 17.10
intel core_i7 7600u
intel core_i3 6300
intel atom_z z3460
intel xeon x5550
intel core_i7 3517u
intel xeon_e5_2603_v3 -
intel core_i5 6440hq
intel core_i7 3770t
intel xeon_e5 2690
intel core_i3 4340
debian debian_linux 8.0
intel xeon_gold 6130t
intel core_i7 660ue
intel atom_z z3736g
intel xeon l5609
intel core_i5 2435m
intel core_i3 2377m
intel core_i7 4700hq
intel xeon ec5539
intel core_i3 2120t
intel core_i3 2310e
intel xeon_e5 4607
intel core_i5 4670k
intel xeon_e5 2667_v4
intel xeon x5667
intel xeon_e5_2438l_v3 -
intel xeon_e5_2609 -
intel pentium_n n3540
intel core_i5 3450
intel xeon_e7 4820_v2
intel xeon_e5_2630 -
intel xeon_e3_1285_v6 -
intel core_i5 4200h
intel core_i5 660
intel core_m 5y70
intel atom_c c2530
intel celeron_j j1850
intel core_i5 760
intel core_i5 5350u
intel xeon_platinum 8168
canonical ubuntu_linux 18.04
intel core_i3 3240t
intel core_i7 3517ue
intel core_i5 2467m
intel core_i7 7500u
intel core_i5 6300hq
intel core_i7 2655le
intel core_i3 5010u
intel core_i7 2600k
intel xeon_e5_2440 -
intel core_i3 3217ue
intel pentium_n n3710
intel xeon_gold 5122
intel xeon_gold 6148
intel core_i3 4112e
intel xeon_phi 7230
intel xeon_e5_2650_v3 -
intel xeon l5640
intel atom_c c3858
intel core_i7 8550u
intel xeon_e7 8890_v4
intel xeon_e5_1630_v4 -
intel core_i3 4150t
intel xeon w5580
intel xeon_e5_2630_v4 -
intel core_i3 5015u
intel core_i5 2410m
intel core_i3 2348m
intel xeon_e5 2690_v4
intel core_i7 2600
intel core_i7 820qm
intel xeon_e5_1620 -
intel core_i5 4460
intel core_i5 4690s
intel xeon_gold 6146
intel core_i5 2300
intel xeon_e5_1680_v4 -
intel celeron_j j3160
intel xeon_e5_2418l_v2 -
intel xeon_e5_2430l -
intel xeon_e5 4650_v2
intel core_i7 4510u
intel core_m 5y10
intel core_i7 880
intel xeon_platinum 8160f
intel core_i3 350m
intel core_i5 8250u
intel core_i7 3612qm
intel core_i5 560um
intel xeon x6550
intel xeon_e3_1225_v6 -
intel xeon x5570
intel xeon_e3_1225_v5 -
intel xeon_e5 2690_v2
intel xeon_e7 2880_v2
intel core_i5 4410e
intel core_i7 975
intel xeon_e5_2418l -
intel core_i3 2102
intel xeon_e7 2820
intel core_i5 2500k
intel xeon_e7 4850
intel atom_x3 c3405
intel pentium_j j2900
intel core_i5 5300u
intel xeon_e5 4640_v3
intel pentium_n n3530
intel xeon_e3_1505l_v5 -
intel core_i3 4120u
intel core_i7 840qm
intel xeon l3426
intel xeon_e5_1650_v2 -
intel core_i3 2125
intel xeon_e5 4603_v2
intel core_i7 8700k
intel xeon_e5_2623_v3 -
intel core_i7 620lm
intel xeon_e3_1265l_v3 -
intel core_i5 6600
intel core_i3 3110m
intel xeon_e5_2628l_v3 -
intel core_i3 5020u
intel xeon x5677
intel xeon_e3_1245_v5 -
intel core_i7 4980hq
intel core_i5 3230m
intel core_i5 4220y
intel xeon_e3_1230 -
intel core_i5 3317u
intel xeon_e3 1585_v5
intel xeon_e5_2603 -
intel pentium_n n4200
intel xeon_e3_1225_v3 -
intel core_i3 3217u
intel xeon_platinum 8170m
intel xeon_e5_2448l -
intel core_i3 3225
intel xeon_e3_1275_v5 -
intel core_i5 2500
intel xeon_e3_1240_v2 -
intel xeon e5640
intel atom_x3 c3205rk
intel xeon_e3 1535m_v5
intel core_i3 4030u
intel core_i7 2610ue
intel atom_c c2350
intel xeon ec5549
intel core_i3 4020y
intel xeon_e5_2608l_v3 -
intel xeon_gold 6148f
intel xeon_e5 2680_v2
intel xeon_e5_2420 -
intel core_i7 3687u
intel core_i3 4160
intel xeon_e7 2850_v2
intel core_i7 3770
intel core_i7 2670qm
intel celeron_j j1750
intel core_i7 7820eq
intel core_i5 6402p
intel xeon x5670
intel core_m7 6y75
intel xeon e5540
intel xeon_e3_1240_v5 -
intel xeon_e7 4850_v4
intel xeon_e5_2630_v2 -
intel xeon_e7 4860_v2
intel xeon_e5_2418l_v3 -
intel core_i7 4750hq
intel xeon_e5 4624l_v2
intel xeon_e5 4628l_v4
intel core_i7 4860hq
intel xeon_e5 2660_v3
intel core_i3 3130m
intel atom_z z3745d
intel celeron_n n3350
intel core_i7 2620m
intel xeon_e5 4660_v4
intel core_i7 4770te
intel core_i5 6442eq
intel atom_c c3955
intel core_i7 3610qm
intel xeon_e5 4627_v4
intel xeon_e5 4667_v3
intel xeon_e5_2648l_v4 -
intel core_i5 3550
intel atom_c c2358
intel core_i3 2328m
intel xeon_platinum 8153
intel xeon_e5 4667_v4
intel xeon w3690
intel core_i5 560m
intel core_i3 2365m
debian debian_linux 7.0
intel core_i5 3610me
intel core_i5 540um
intel xeon_e5_2620_v2 -
intel core_i7 5775r
intel xeon_e3 1515m_v5
intel atom_z z3530
intel core_i3 4030y
intel core_i7 4790s
intel core_i3 370m
intel core_i5 680
intel xeon_platinum 8156
oracle communications_diameter_signaling_router 8.2
intel core_i7 660lm
intel xeon_e3_1275 -
intel celeron_n n2940
intel core_i5 3340
intel atom_z z3735g
intel core_i7 2715qe
intel xeon_e5_2420_v2 -
oracle vm_virtualbox *
intel core_i7 5850hq
intel xeon e7530
intel atom_e e3826
intel xeon_e7 2890_v2
intel core_i5 6400t
intel atom_z z3560
intel core_i7 870
intel xeon_e5_2603_v2 -
intel core_i3 6157u
intel xeon_e5 4610_v3
intel xeon_silver 4116
intel xeon_e7 4880_v2
intel core_i3 3245
intel core_i7 660um
intel xeon_e7 2850
intel core_i7 4722hq
intel atom_x5-e3940 -
intel core_i5 2400s
intel core_i7 3540m
intel xeon_e5 2658a_v3
intel xeon_e5 2697_v2
intel core_i5 4210h
intel xeon e5520
intel xeon_e3_1505m_v5 -
intel xeon e5607
intel xeon l5508
intel xeon_e5_2640_v4 -
intel core_i7 4760hq
intel xeon_phi 7210f
intel celeron_n n4000
intel celeron_n n2920
intel xeon_e3_1280_v2 -
arm cortex-a 17
intel xeon_e5_2637_v4 -
intel core_i7 7660u
intel pentium_j j4205
intel xeon_e3_1280_v3 -
intel core_i3 4100u
intel core_i7 7820hq
intel xeon_e7 4820_v3
intel xeon e5645
intel xeon_e5_2623_v4 -
intel core_i3 4012y
intel xeon_e3_1230_v5 -
intel xeon_e5 4669_v4
intel xeon e5502
intel core_i5 3437u
intel core_i7 3555le
intel core_i5 480m
intel xeon_e5 4657l_v2
intel xeon e5603
intel core_i7 4770hq
intel atom_c c2508
intel xeon_gold 6144
intel core_i7 2657m
intel atom_c c3808
intel xeon_e5 2658_v4
intel core_i5 3439y
intel core_m 5y51
intel core_i7 4610m
intel xeon_e3_1235l_v5 -
intel core_i7 940
intel xeon_e3_1260l -
intel xeon_e5_2648l_v3 -
intel xeon_gold 6154
intel xeon_e3_1230_v3 -
intel atom_z z3775d
intel core_i7 4810mq
intel core_i7 2710qe
intel xeon_e7 4870
intel core_i3 2115c
intel xeon_e-1105c -
intel core_i5 4690t
intel xeon_e5 2687w_v2
intel atom_z z3775
intel celeron_n n3450
intel core_i3 6300t
intel atom_c c3308
intel xeon_e5_1428l_v2 -
intel xeon ec5509
intel core_i3 2312m
canonical ubuntu_linux 14.04
intel xeon_e5 4620_v2
intel xeon_e7 8850_v2
intel xeon_e5_2650l_v3 -
intel core_i3 560
intel core_i5 2400
intel core_i7 2860qm
intel core_i3 6100te
intel core_i3 5157u
intel core_i5 4590
intel xeon e7520
intel xeon_e5_2640 -
intel xeon_e5 2683_v4
intel core_i5 2405s
intel core_i7 965
intel xeon_e5_2448l_v2 -
intel core_i3 530
intel core_i3 2130
intel core_m 5y71
intel core_i7 4960hq
intel atom_z z3735d
intel xeon_gold 6130
intel core_i5 3550s
intel core_i5 4670t
intel xeon_e5 2690_v3
intel xeon_e5_2648l_v2 -
intel core_i3 4110e
intel xeon_e3_1225_v2 -
intel core_i5 5257u
intel xeon_e3_1276_v3 -
intel xeon_e5 2658
intel xeon e5620
intel core_i5 520e
intel atom_z z2580
intel core_i5 3340m
intel core_i5 3350p
intel core_i7 4790
intel core_i5 3570k
intel xeon_gold 6130f
intel core_i7 860
intel core_i7 3770s
intel atom_z z2760
intel core_i5 4670
intel pentium_n n3700
intel xeon_gold 5120
intel xeon x5675
intel xeon_e5 4655_v4
intel core_i3 2120
intel xeon_e5 2697_v4
intel core_i7 680um
intel xeon_e5 2660_v2
intel core_i3 4130
intel core_i3 4005u
intel xeon_e3_1220_v5 -
intel core_i3 4360
intel xeon_e3_1225 -
intel core_i7 7700t
intel xeon_e3_1501l_v6 -
intel core_i7 2649m
intel core_i5 4570te
intel core_i5 4310u
intel core_i5 4210y
intel core_i5 2450m
intel xeon x3460
intel xeon e6510
debian debian_linux 9.0
intel core_i3 3250t
intel xeon_platinum 8176f
intel xeon_e5_1660_v4 -
intel xeon_phi 7230f
intel xeon_e5_2618l_v3 -
intel xeon_e5_2430l_v2 -
intel core_i3 380m
intel core_i5 540m
intel core_i3 390m
intel xeon_e5_2630l_v4 -
intel xeon x3440
intel atom_c c3758
intel xeon_e5_2609_v3 -
intel xeon_e5_2643_v4 -
intel xeon_e5_2450l -
intel core_i5 4258u
intel atom_e e3815
intel xeon_e5 2699a_v4
intel core_i5 4460t
intel xeon_e5_2450l_v2 -
intel core_i3 4330t
intel core_i7 5550u
intel xeon e5507
intel core_i5 4250u
intel xeon_e7 4850_v2
arm cortex-a 9
intel xeon_e5_2618l_v4 -
intel xeon_e5_1630_v3 -
intel core_i5 4200u
intel core_i7 960
intel xeon l5630
intel core_i7 5700hq
intel core_i5 670
intel core_i5 2515e
intel xeon_e5 2687w_v3
intel core_i7 3820qm
intel xeon_e5_2620 -
intel core_i7 4558u
intel core_m5 6y54
intel core_i7 970
intel xeon_e3_1286l_v3 -
intel xeon_e5_1660_v3 -
intel core_i7 7920hq
intel xeon e5503
intel xeon_e7 4809_v3
intel xeon_e5_2470_v2 -
intel core_i5 6267u
intel core_i3 3120me
intel xeon_e5 2670
intel xeon_e7 8893_v4
intel core_i3 2330m
intel core_i7 875k
intel core_i5 2537m
intel xeon_e5 4648_v3
intel core_i5 5575r
intel core_i5 2520m
intel atom_x3 c3295rk
intel celeron_n n3010
intel core_i7 3537u
intel core_i5 3340s
intel core_i7 3615qe
intel xeon_e5_1660 -
intel xeon_e5 4620_v4
intel xeon_e5 4603
intel core_i3 3115c
oracle communications_diameter_signaling_router 8.3
intel core_i7 7820hk
intel xeon_e5_1650_v4 -
intel xeon_gold 6138t
intel xeon_e5_2650l -
intel xeon_gold 5119t
intel xeon_e5 4650l
intel celeron_n n2930
intel core_i3 4130t
intel xeon_e3_1275l_v3 -
intel core_i5 4308u
intel core_i7 640lm
intel xeon_gold 6138f
intel xeon_e5_2640_v2 -
intel core_i7 4765t
intel xeon_e7 8860_v4
intel core_i5 3330s
intel core_i5 4402e
intel core_i3 8350k
intel celeron_j j1900
intel celeron_n n2910
oracle communications_diameter_signaling_router 8.1
intel core_i3 3210
intel xeon_phi 7250
intel core_i5 2510e
intel core_i3 330um
intel xeon e7540
intel core_i7 3840qm
intel pentium_j j3710
intel xeon_e7 8880_v2
intel xeon x5672
intel core_i7 5557u
intel core_i3 3120m
intel core_i7 620m
intel xeon_e5_2450_v2 -
intel xeon_gold 5118
arm cortex-a 72
intel atom_c c2550
intel atom_z z3735e
intel xeon_e3 1545m_v5
intel celeron_n n2805
intel xeon_gold 6138
intel xeon_e5_2650l_v2 -
intel core_i7 2820qm
intel core_i3 6098p
intel xeon_e3_1280_v6 -
intel xeon_phi 7235
intel xeon_gold 6140m
intel core_i3 550
intel xeon_bronze_3104 -
intel atom_c c3508
intel core_i7 640m
intel xeon_e5_2428l_v3 -
intel core_i7 2640m
intel xeon x3430
intel xeon_phi 7210
intel atom_z z3795
intel core_i5 4300u
intel xeon_platinum 8160m
intel xeon_e5_1620_v2 -
intel xeon_e5 2687w
intel xeon_e5 2695_v3
intel celeron_n n2810
intel xeon_e3_1278l_v4 -
intel core_i5 3320m
intel xeon x7560
intel xeon_gold 6140
intel core_i5 4310m
intel xeon_e5 4620_v3
intel xeon_e5_2450 -
intel core_i7 2637m
intel core_i7 5700eq
intel atom_c c2538
intel xeon_e5_2637_v3 -
intel core_m3 7y32
intel core_i5 8400
intel xeon_e3_1265l_v2 -
intel xeon_e5 4610
arm cortex-a 57
intel core_i3 4330
intel atom_c c3708
intel xeon_e3_1265l_v4 -
intel pentium_n n3510
intel xeon_e5 4610_v2
intel core_i3 4340te
intel celeron_j j3060
netapp hci_compute_node -
intel core_i5 460m
intel atom_c c3958
intel core_i5 2310
intel core_i5 3470t
intel xeon_e7 2830
intel xeon_e3_1285l_v4 -
intel xeon_e5_2428l -
intel xeon_e5 4669_v3
intel core_i3 4350t
intel core_i7 4790k
intel xeon_e5_2470 -
intel xeon_e7 8891_v3
intel xeon_e5_1650_v3 -
intel atom_x3 c3130
intel xeon_e5_2428l_v2 -
intel core_i3 2375m
intel atom_e e3827
intel atom_c c2750
intel core_i5 655k
intel celeron_n n3150
intel xeon_e3_1285_v3 -
intel xeon_e5_2440_v2 -
intel xeon l7555
intel core_i7 920
intel core_i7 2700k
intel core_i5 4302y
intel core_i7 3630qm
intel xeon_e3_1241_v3 -
intel xeon_e3_1280 -
intel xeon_platinum 8164
intel atom_z z3735f
intel xeon_e3_1220_v3 -
intel core_i5 2450p
intel atom_c c2518
intel core_i7 620le
intel core_i7 5650u
intel xeon_e5 4627_v2
intel core_i7 4702mq
intel xeon_e7 8850
intel core_i5 5675r
intel xeon_e3_1240l_v3 -
intel core_i5 4690k
intel xeon_e5 2667
intel atom_z z3745
intel core_m3 7y30
intel celeron_n n3050
intel core_i7 620ue
intel core_i3 6100h
canonical ubuntu_linux 12.04
intel atom_x3 c3445
intel core_i5 4400e
intel core_i5 4570r
intel core_i5 3570
intel xeon_platinum 8160t
intel atom_c c3850
intel xeon x5690
intel atom_c c2718
intel xeon_e7 4830_v4
intel core_i7 3612qe
intel xeon_gold 6150
intel atom_z z3570
intel xeon_platinum 8170
intel core_i5 2430m
intel core_i5 4402ec
intel xeon_e3_1220_v2 -
intel core_i5 3427u
intel xeon_e5 4655_v3
intel xeon x7542
intel xeon_e5 2697a_v4
intel xeon_gold 6134m
intel xeon x3450
intel core_i5 4200m
intel xeon_e5_2403 -
intel xeon_e5 2680_v3
intel core_i3 3227u
intel core_i3 6006u
intel xeon_e7 4807
canonical ubuntu_linux 16.04
intel core_i5 2320
intel atom_z z2520
intel xeon_e3_1230l_v3 -
intel xeon_e5_2403_v2 -
intel xeon_e3 1558l_v5
intel core_i5 4210m
intel core_i7 740qm
intel celeron_j j4005
intel celeron_n n3000
intel atom_e e3805
intel xeon l5638
intel pentium_j j2850
intel xeon_e5 2695_v2
intel core_i7 3610qe
intel xeon_e5 4650_v4
intel xeon_e5_2618l_v2 -
intel xeon_e5_2650 -
intel core_i5 4590t
intel core_i5 4288u
intel core_i7 610e
intel core_i7 720qm
intel core_i7 870s
intel core_i7 5600u
intel core_i5 4670r
intel xeon_e3_1286_v3 -
intel xeon_e3_1245_v3 -
intel xeon_e5_2430_v2 -
intel core_i5 450m
intel xeon_e5_2640_v3 -
intel core_i5 6360u
intel atom_c c2558
intel atom_c c2308
intel xeon_e5_2620_v3 -
intel xeon_e7 4809_v4
intel xeon_e3_1275_v6 -
intel core_i7 4610y
intel core_i7 3740qm
intel xeon_e5 2658_v2
intel core_i7 4950hq
intel xeon_e7 8867_v3
intel xeon_e7 8891_v2
intel core_i5 4570t
intel core_i5 5250u
intel xeon_e5_2609_v4 -
intel xeon e5606
intel xeon_e5 4640
intel xeon_silver 4110
intel xeon x3480
intel core_i3 3240
intel core_i5 6600t
intel core_i5 2500t
intel xeon_silver 4114
intel xeon_e5_2430 -
intel core_i5 4430s
intel xeon_e3_1240 -
intel xeon_e5_2630l -
intel core_i3 4170t
intel core_i7 3770k
intel xeon_e3_1240_v3 -
intel xeon_e3_1280_v5 -
intel core_i3 6100e
intel core_i3 540
intel xeon_e3_1285_v4 -
intel xeon_e7 4809_v2
intel core_i7 3632qm
intel xeon w3670
intel core_i7 920xm
intel xeon_e3_1235 -
intel core_i5 520um
intel core_i3 4170
intel core_i5 5675c
intel core_i5 4670s
intel core_m 5y31
intel celeron_j j3355
intel xeon_e5 4617
intel core_i5 430m
intel atom_c c3338
intel core_i7 4700eq
intel xeon_e3_1268l_v3 -
intel core_i5 6500
intel core_i3 4370
intel xeon_e7 2803
intel xeon_e5_2628l_v2 -
intel xeon_e5_2630l_v2 -
intel xeon_e3_1290_v2 -
intel xeon_e7 8891_v4
intel xeon_e3_1220l_v3 -
intel xeon x5660
intel core_i3 4010u
intel xeon_e7 8890_v3
intel xeon_e3_1281_v3 -
intel xeon_e5 2660_v4
intel xeon_e5_2643_v2 -
intel xeon_e5 4607_v2
intel xeon_e7 4830
intel xeon e6540
intel xeon_e7 8867_v4
intel core_i3 6100u
intel xeon_e5 4627_v3
intel xeon_e5_1428l_v3 -
intel core_i7 980x
intel core_i5 4440
intel core_i5 580m
intel xeon_e7 4870_v2
intel core_i7 7567u
intel core_i3 8100
intel atom_z z3590
intel atom_x3 c3265rk
intel xeon w3680
intel core_i3 4010y
intel core_i5 4570s
intel core_i5 750
intel core_i3 2330e
intel xeon_e3_1270_v6 -
intel xeon_e3_12201 -
intel xeon_phi 7285
intel xeon l5518
intel core_i5 8600k
intel atom_c c3830
intel xeon_gold 6128
intel xeon_e7 4850_v3
intel xeon_e5_2643_v3 -
intel atom_z z3770
intel core_i3 5005u
intel core_i5 661
intel core_i7 4900mq
intel xeon_e5 2699r_v4
intel xeon_silver 4114t
intel atom_z z3580
intel xeon_e5_1660_v2 -
intel core_i5 4300y
intel atom_c c2316
intel xeon_gold 6142
intel xeon_e5_2608l_v4 -
intel xeon_gold 5115
intel atom_c c3538
intel core_i7 4800mq
intel core_i5 6200u
intel xeon_e7 8870_v3
intel xeon_e7 8860_v3
intel xeon_gold 6132
intel xeon x5560
intel core_i7 5850eq
intel xeon_e5 2670_v2
intel xeon_gold 6134
intel core_i7 4770s
intel core_i3 2350m
intel xeon_e3_1246_v3 -
intel xeon_e5 4650_v3
intel xeon_silver 4109t
intel core_i5 3470
intel xeon_e5 4640_v2
intel core_i7 4712mq
intel core_m 5y10a
intel xeon_e5_1428l -
intel xeon_e3 1585l_v5
intel core_i5 6500te
intel xeon_platinum 8160
intel core_i5 3380m
intel xeon x7550
intel core_i5 4690
intel core_i7 4870hq
intel core_i3 330m
intel core_i5 4330m
intel xeon_e7 8880l_v2
intel core_i5 6300u
intel core_i3 6320
siemens simatic_winac_rtx_(f)_firmware 2010
netapp hci_management_node -
intel xeon_gold 6142m
intel core_i5 6440eq
intel atom_c c2338
intel xeon_e5_2628l_v4 -
intel core_i7 640um
intel xeon l5530
intel celeron_j j1800
intel xeon_e3_1240_v6 -
intel atom_x5-e3930 -
intel xeon_e5_2609_v2 -
intel xeon_gold 5120t
intel xeon_e5 2698_v4
intel core_i5 2557m
intel xeon_e3_1245_v6 -
intel xeon_e7 2860
intel core_i7 4600u
intel xeon_silver 4108
intel core_i3 4100m
intel core_i5 2390t
intel core_i3 2105
intel core_i3 4110m
intel xeon_e7 8837
intel xeon_e7 4820
intel core_i7 8700
intel xeon_e5 2683_v3
intel xeon_gold 6136
intel xeon w5590
intel celeron_n n2808
intel core_i5 5287u
intel core_i7 4702ec
intel xeon_e7 8880_v3
intel core_i5 6685r
intel core_i5 6600k
intel core_i7 4710mq
intel xeon_e7 8857_v2
intel core_i3 3220t
intel xeon_platinum 8158
intel atom_c c2758
intel atom_e e3825
intel core_i7 4550u
intel xeon_e3_1270 -
intel core_i5 6500t
intel core_i7 990x
intel xeon_e5 2699_v4
intel celeron_n n2815
intel core_i3 6102e
intel core_i7 2600s
intel xeon_e7 8894_v4
intel celeron_n n2820
intel core_i7 7560u
intel core_i7 4771
intel xeon_e5_2643 -
intel core_i5 2550k
intel core_i5 4200y
intel core_i7 4650u
intel core_i7 4850hq
intel core_i5 4460s
intel core_i7 2635qm
intel xeon e5504
intel xeon_e3_1501m_v6 -
intel xeon_e7 8880_v4
intel core_i7 7700k
intel atom_x3 c3200rk
intel xeon_e5 2680
intel core_i7 8650u
intel core_i3 4150
intel core_i5 4260u
intel core_i3 4370t
intel xeon_e3 1565l_v5
intel core_i3 2370m
intel atom_c c3558
intel xeon_e5 2667_v2
intel xeon_e5_2603_v4 -
intel xeon_e5 2660
intel core_i5 5350h
intel celeron_n n2840
intel xeon_e7 8860
intel xeon_e3_1220_v6 -
intel core_i7 2617m
intel xeon_e3_12201_v2 -
intel core_i3 4350
intel core_i3 2310m
intel core_i5 4202y
intel xeon_e3_1245 -
intel core_i7 7y75
intel core_m5 6y57
intel xeon_e5 2695_v4
CVE-2017-5753 MEDIUM

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
intel atom_x3 c3230rk
intel core_i5 430um
intel atom_x7-e3950 -
intel core_i5 4360u
intel xeon_e7 4820_v4
intel xeon_e7 8890_v2
intel core_i3 6100t
intel core_i5 3339y
intel xeon_gold 6152
intel xeon x5687
intel xeon_e3_1240l_v5 -
intel xeon_e5 2698_v3
intel xeon_gold 6126f
intel core_i5 6350hq
intel xeon_e3_1270_v3 -
phoenixcontact dl_ppc21.5m_7000_firmware -
phoenixcontact vl2_ppc_9000_firmware -
intel core_i7 2677m
phoenixcontact el_ppc_1000/m_firmware -
intel core_i7 4770k
phoenixcontact vl_bpc_3000_firmware -
intel core_i3 4000m
intel xeon_e3_1220 -
intel xeon_e5 4650
intel xeon e5630
intel xeon_e5_2408l_v3 -
intel core_i7 2760qm
intel atom_z z3736f
intel core_i3 4160t
intel core_i3 4100e
intel core_i7 4500u
intel atom_c c2730
intel xeon_phi 7290f
intel core_i3 380um
intel core_i7 940xm
intel atom_z z2560
phoenixcontact vl_ppc_2000_firmware -
intel core_i7 860s
phoenixcontact vl2_bpc_2000_firmware -
intel atom_z z3740
phoenixcontact vl2_ppc7_1000_firmware -
intel xeon_e3_1285l_v3 -
intel xeon_e7 8867l
intel atom_c c2738
intel core_i3 6167u
intel core_i5 6400
intel xeon_e7 8870_v2
intel core_i5 3210m
intel xeon_e3 1575m_v5
intel xeon_e5_2648l -
oracle local_service_management_system 13.3
intel core_i5 6260u
intel xeon_e3_1230_v6 -
intel core_i7 4578u
intel xeon_e7 8870
arm cortex-a72_firmware -
intel core_i5 2540m
intel atom_e e3845
intel xeon_gold 6126
intel core_i7 4712hq
intel xeon_e3_1125c_v2 -
intel atom_z z3480
intel xeon_e5_2407_v2 -
intel xeon_e5 2658_v3
intel xeon_e5_1650 -
intel core_i7 3720qm
intel xeon_e7 4830_v2
intel core_i3 2367m
intel xeon_e5 2667_v3
intel xeon_e3 1505m_v6
intel xeon l5618
intel core_i7 950
intel atom_z z3740d
siemens simatic_winac_rtx_(f)_2010_firmware *
intel xeon_e5_2620_v4 -
arm cortex-a73_firmware -
intel xeon_e7 4860
intel core_i7 5500u
intel core_i3 3250
intel xeon_e7 4890_v2
intel xeon_e3_1125c -
intel core_i5 4570
intel celeron_n n3060
intel xeon_e7 8880l_v3
intel xeon_e5 4610_v4
intel core_i7 4790t
intel atom_z z2460
intel celeron_n n4100
intel xeon lc5528
intel xeon_e5_1620_v4 -
intel atom_c c3950
oracle local_service_management_system 13.1
intel core_i7 5950hq
intel xeon e5506
phoenixcontact bl_bpc_3001_firmware -
intel core_i5 470um
intel core_i5 750s
intel core_i5 3337u
intel core_i7 2630qm
intel core_i7 4710hq
siemens simatic_itc1900_pro_firmware *
intel atom_z z3770d
intel xeon_e5 2697_v3
intel core_i3 330e
intel core_m3 6y30
intel xeon_e5_2630l_v3 -
intel core_i7 7700
intel xeon_e3_1226_v3 -
intel celeron_n n2806
intel xeon_e5 2665
intel xeon_silver 4116t
intel core_i7 4720hq
intel xeon_e5 2699_v3
intel xeon_e3_1275_v2 -
intel xeon_e5 2680_v4
intel core_i3 2357m
intel xeon_e5 4640_v4
intel core_i3 2100t
intel pentium_n n3520
intel xeon_phi 7295
oracle local_service_management_system 13.2
intel xeon e5649
intel core_i7 3667u
intel xeon_e5_2637_v2 -
intel xeon_silver 4112
intel xeon_e3_1290 -
intel core_i7 4600m
siemens simatic_itc2200_firmware *
intel core_i5 650
intel core_i5 4278u
intel core_i5 8350u
intel core_i7 4770t
intel xeon_phi 7290
intel xeon_e3_1505l_v6 -
canonical ubuntu_linux 17.04
intel xeon_e3_1258l_v4 -
intel xeon_phi 7250f
intel celeron_j j3455
intel xeon l5520
arm cortex-a78ae_firmware -
intel core_i5 3360m
intel core_i3 3229y
intel core_i7 4770
siemens simatic_itc2200_pro_firmware *
intel core_i5 4422e
intel xeon_e7 8893_v2
intel xeon_e3_1270_v2 -
intel xeon_e3_1231_v3 -
intel xeon_e3 1535m_v6
intel celeron_j j4105
intel celeron_n n2807
intel core_i7 2920xm
intel core_i7 2629m
intel core_i7 2675qm
phoenixcontact vl2_ppc_1000_firmware -
intel xeon_e7 2870
intel xeon_e3_1230_v2 -
intel core_i5 4590s
intel core_i5 5200u
intel core_i3 2340ue
pepperl-fuchs btc14_firmware -
intel core_i5 6585r
intel core_m 5y10c
intel core_i7 620um
intel core_i7 2960xm
intel xeon_e5_2630_v3 -
intel xeon_platinum 8176
intel core_i7 4910mq
intel core_i7 3520m
intel xeon_e5 4660_v3
intel xeon_e3_1105c_v2 -
intel core_i7 930
intel core_i7 2720qm
intel atom_z z2480
intel xeon_e7 2870_v2
intel xeon_e5_2650_v4 -
intel core_i5 3330
intel atom_x3 c3235rk
intel xeon_e5 2650l_v4
intel xeon x5680
intel xeon_e5 2687w_v4
intel core_i7 3635qm
phoenixcontact bl_ppc15_3000_firmware -
intel core_i5 4350u
intel core_i5 3570s
intel xeon_e3_1270_v5 -
intel core_i3 4158u
intel core_i5 3570t
intel xeon_e7 8830
intel core_i5 4210u
intel xeon_e3_1268l_v5 -
intel core_i5 4430
intel xeon e5530
intel core_i5 3450s
intel core_i3 6100
intel xeon x3470
intel core_i3 4330te
intel core_i7 3615qm
intel core_i3 4360t
intel xeon_bronze_3106 -
phoenixcontact bl_bpc_2001_firmware -
arm cortex-a12_firmware -
siemens simatic_itc1900_firmware *
intel core_i3 4102e
phoenixcontact bl_ppc17_7000_firmware -
intel core_i7 4770r
intel core_i7 4785t
intel core_i7 5750hq
intel xeon_e3_1260l_v5 -
intel xeon l7545
intel xeon_e5_2637 -
oracle solaris 11.3
intel core_i7 4700ec
intel core_i7 7700hq
intel xeon_e3_1245_v2 -
intel xeon_platinum 8180
intel xeon_e5_1620_v3 -
intel atom_z z2420
intel xeon x5647
intel xeon_e3_1271_v3 -
intel core_i5 4340m
intel core_i7 4700mq
intel xeon_e5_2407 -
intel xeon_e3_1275_v3 -
intel xeon_e5 4620
intel core_i7 980
intel core_i5 520m
intel core_i3 3220
intel core_i5 3475s
intel core_i5 4300m
intel celeron_n n2830
intel xeon_gold 6126t
netapp solidfire -
intel celeron_n n3160
intel core_i5 6287u
intel core_i7 3689y
intel core_i7 5775c
intel xeon_e5_1680_v3 -
intel xeon l5506
intel xeon_e7 8870_v4
intel xeon x5650
intel xeon_e7 8893_v3
intel core_i3 4025u
intel atom_z z3785
intel xeon lc5518
intel xeon l3406
intel xeon_e3 1578l_v5
intel core_i5 4440s
intel core_i3 2100
intel xeon_e5 2670_v3
intel atom_c c3750
intel atom_c c2516
intel core_i5 2380p
intel core_i5 2500s
intel xeon_e5_2650_v2 -
intel core_i5 3470s
intel xeon_e7 4830_v3
intel core_i7 4702hq
intel xeon_gold 6142f
intel xeon_platinum 8176m
canonical ubuntu_linux 17.10
intel core_i7 7600u
intel core_i3 6300
intel atom_z z3460
intel xeon x5550
intel core_i7 3517u
intel xeon_e5_2603_v3 -
intel core_i5 6440hq
intel core_i7 3770t
intel xeon_e5 2690
intel core_i3 4340
debian debian_linux 8.0
intel xeon_gold 6130t
intel core_i7 660ue
intel atom_z z3736g
intel xeon l5609
intel core_i5 2435m
siemens simatic_itc1500_pro_firmware *
intel core_i3 2377m
intel core_i7 4700hq
intel xeon ec5539
intel core_i3 2120t
intel core_i3 2310e
phoenixcontact bl_bpc_3000_firmware -
intel xeon_e5 4607
intel core_i5 4670k
intel xeon x5667
intel xeon_e5 2667_v4
intel xeon_e5_2438l_v3 -
intel xeon_e5_2609 -
intel pentium_n n3540
intel core_i5 3450
intel xeon_e7 4820_v2
intel xeon_e5_2630 -
intel xeon_e3_1285_v6 -
intel core_i5 4200h
intel core_i5 660
intel core_m 5y70
intel atom_c c2530
intel celeron_j j1850
intel core_i5 760
intel core_i5 5350u
intel xeon_platinum 8168
intel core_i3 3240t
intel core_i7 3517ue
intel core_i5 2467m
intel core_i7 7500u
intel core_i5 6300hq
intel core_i7 2655le
intel core_i3 5010u
intel core_i7 2600k
intel xeon_e5_2440 -
intel core_i3 3217ue
intel pentium_n n3710
intel xeon_gold 5122
intel xeon_gold 6148
intel core_i3 4112e
intel xeon_e5_2650_v3 -
intel xeon_phi 7230
intel xeon l5640
intel atom_c c3858
intel core_i7 8550u
suse suse_linux_enterprise_software_development_kit 12
intel xeon_e5_1630_v4 -
intel xeon_e7 8890_v4
intel core_i3 4150t
phoenixcontact bl_ppc15_7000_firmware -
intel xeon w5580
intel xeon_e5_2630_v4 -
intel core_i3 5015u
intel core_i5 2410m
intel core_i3 2348m
intel xeon_e5 2690_v4
intel core_i7 2600
intel core_i7 820qm
intel xeon_e5_1620 -
phoenixcontact bl_bpc_2000_firmware -
vmware fusion *
vmware esxi 6.0
intel core_i5 4460
intel core_i5 4690s
intel xeon_gold 6146
intel core_i5 2300
intel xeon_e5_1680_v4 -
intel celeron_j j3160
intel xeon_e5_2418l_v2 -
intel xeon_e5_2430l -
intel xeon_e5 4650_v2
intel core_i7 880
intel core_i7 4510u
intel core_m 5y10
phoenixcontact bl_ppc17_3000_firmware -
intel xeon_platinum 8160f
intel core_i3 350m
intel core_i5 8250u
intel core_i7 3612qm
intel core_i5 560um
intel xeon x6550
intel xeon x5570
intel xeon_e3_1225_v6 -
intel xeon_e3_1225_v5 -
intel xeon_e5 2690_v2
phoenixcontact bl_ppc12_1000_firmware -
intel xeon_e7 2880_v2
intel core_i5 4410e
intel core_i7 975
intel xeon_e5_2418l -
intel core_i3 2102
intel xeon_e7 2820
intel core_i5 2500k
intel xeon_e7 4850
intel atom_x3 c3405
intel pentium_j j2900
phoenixcontact vl2_ppc_3000_firmware -
intel core_i5 5300u
intel xeon_e5 4640_v3
intel pentium_n n3530
intel xeon_e3_1505l_v5 -
intel core_i3 4120u
intel core_i7 840qm
intel xeon l3426
intel xeon_e5_1650_v2 -
intel core_i3 2125
intel xeon_e5 4603_v2
intel core_i7 8700k
intel xeon_e5_2623_v3 -
intel core_i7 620lm
intel xeon_e3_1265l_v3 -
intel core_i5 6600
intel core_i3 3110m
intel xeon_e5_2628l_v3 -
intel core_i3 5020u
intel xeon x5677
phoenixcontact vl_bpc_1000_firmware -
intel xeon_e3_1245_v5 -
intel core_i7 4980hq
intel core_i5 3230m
intel core_i5 4220y
intel xeon_e3_1230 -
intel core_i5 3317u
intel xeon_e3 1585_v5
intel xeon_e5_2603 -
phoenixcontact bl_bpc_7000_firmware -
intel pentium_n n4200
intel xeon_e3_1225_v3 -
intel core_i3 3217u
intel xeon_platinum 8170m
intel xeon_e5_2448l -
intel core_i3 3225
phoenixcontact bl_rackmount_2u_firmware -
intel xeon_e3_1275_v5 -
intel core_i5 2500
intel xeon_e3_1240_v2 -
suse suse_linux_enterprise_server 11
intel xeon e5640
intel atom_x3 c3205rk
intel xeon_e3 1535m_v5
phoenixcontact vl2_ppc12_1000_firmware -
intel core_i3 4030u
intel core_i7 2610ue
intel atom_c c2350
intel xeon ec5549
intel core_i3 4020y
intel xeon_e5_2608l_v3 -
intel xeon_gold 6148f
intel xeon_e5 2680_v2
intel xeon_e5_2420 -
phoenixcontact vl2_ppc_2000_firmware -
intel core_i7 3687u
intel core_i3 4160
intel xeon_e7 2850_v2
intel core_i7 2670qm
intel core_i7 3770
intel celeron_j j1750
intel core_i5 6402p
intel core_i7 7820eq
intel xeon x5670
intel core_m7 6y75
intel xeon e5540
intel xeon_e3_1240_v5 -
intel xeon_e7 4850_v4
intel xeon_e5_2630_v2 -
intel xeon_e7 4860_v2
intel xeon_e5_2418l_v3 -
intel core_i7 4750hq
intel xeon_e5 4624l_v2
intel xeon_e5 4628l_v4
intel core_i7 4860hq
intel xeon_e5 2660_v3
intel core_i3 3130m
intel atom_z z3745d
intel celeron_n n3350
siemens simatic_itc1500_firmware *
intel core_i7 2620m
intel xeon_e5 4660_v4
intel core_i5 6442eq
intel core_i7 4770te
intel core_i7 3610qm
intel atom_c c3955
intel xeon_e5 4627_v4
intel xeon_e5 4667_v3
intel xeon_e5_2648l_v4 -
intel core_i5 3550
phoenixcontact bl2_ppc_2000_firmware -
intel atom_c c2358
intel core_i3 2328m
intel xeon_e5 4667_v4
intel xeon_platinum 8153
intel xeon w3690
intel core_i3 2365m
intel core_i5 560m
intel core_i5 3610me
intel core_i5 540um
intel xeon_e5_2620_v2 -
intel core_i7 5775r
intel xeon_e3 1515m_v5
intel atom_z z3530
intel core_i3 4030y
intel core_i7 4790s
intel core_i3 370m
suse suse_linux_enterprise_desktop 12
intel core_i5 680
intel xeon_platinum 8156
intel core_i7 660lm
intel xeon_e3_1275 -
intel celeron_n n2940
intel core_i5 3340
intel atom_z z3735g
intel core_i7 2715qe
intel xeon_e5_2420_v2 -
intel core_i7 5850hq
intel xeon e7530
intel atom_e e3826
intel xeon_e7 2890_v2
intel core_i5 6400t
intel atom_z z3560
intel core_i7 870
intel xeon_e5_2603_v2 -
intel core_i3 6157u
intel xeon_e5 4610_v3
intel xeon_silver 4116
intel xeon_e7 4880_v2
intel core_i3 3245
intel core_i7 660um
intel xeon_e7 2850
intel core_i7 4722hq
intel atom_x5-e3940 -
intel core_i5 2400s
intel core_i7 3540m
intel xeon_e5 2658a_v3
intel xeon_e5 2697_v2
intel core_i5 4210h
synology diskstation_manager *
intel xeon e5520
intel xeon_e3_1505m_v5 -
intel xeon e5607
intel xeon l5508
intel xeon_e5_2640_v4 -
intel core_i7 4760hq
intel xeon_phi 7210f
intel celeron_n n4000
intel celeron_n n2920
intel xeon_e3_1280_v2 -
intel xeon_e5_2637_v4 -
intel core_i7 7660u
intel pentium_j j4205
intel xeon_e3_1280_v3 -
intel core_i3 4100u
intel core_i7 7820hq
intel xeon_e7 4820_v3
phoenixcontact bl_ppc_7000_firmware -
intel xeon e5645
intel xeon_e5_2623_v4 -
intel core_i3 4012y
intel xeon_e3_1230_v5 -
intel xeon_e5 4669_v4
intel xeon e5502
intel core_i5 3437u
intel core_i7 3555le
intel core_i5 480m
intel xeon_e5 4657l_v2
intel xeon e5603
intel core_i7 4770hq
intel atom_c c2508
intel xeon_gold 6144
phoenixcontact bl2_bpc_7000_firmware -
intel core_i7 2657m
intel atom_c c3808
intel xeon_e5 2658_v4
intel core_i5 3439y
intel core_m 5y51
intel core_i7 4610m
intel xeon_e3_1235l_v5 -
intel core_i7 940
intel xeon_e3_1260l -
intel xeon_e5_2648l_v3 -
intel xeon_gold 6154
intel xeon_e3_1230_v3 -
intel atom_z z3775d
intel core_i7 4810mq
synology vs960hd_firmware -
suse suse_linux_enterprise_server 12
intel core_i7 2710qe
intel xeon_e7 4870
intel core_i3 2115c
intel xeon_e-1105c -
intel core_i5 4690t
intel xeon_e5 2687w_v2
intel atom_z z3775
intel celeron_n n3450
intel core_i3 6300t
intel atom_c c3308
intel xeon_e5_1428l_v2 -
intel xeon ec5509
intel core_i3 2312m
canonical ubuntu_linux 14.04
intel xeon_e5 4620_v2
intel xeon_e5_2650l_v3 -
intel xeon_e7 8850_v2
intel core_i3 560
intel core_i5 2400
intel core_i7 2860qm
intel core_i3 6100te
intel core_i3 5157u
intel core_i5 4590
intel xeon e7520
intel xeon_e5_2640 -
intel xeon_e5 2683_v4
intel core_i5 2405s
phoenixcontact vl_ipc_p7000_firmware -
phoenixcontact vl2_bpc_3000_firmware -
intel core_i7 965
intel xeon_e5_2448l_v2 -
opensuse leap 42.3
intel core_i3 530
intel core_i3 2130
intel core_m 5y71
intel core_i7 4960hq
intel atom_z z3735d
arm cortex-x1_firmware -
intel xeon_gold 6130
intel core_i5 3550s
intel core_i5 4670t
intel xeon_e5 2690_v3
intel xeon_e5_2648l_v2 -
intel core_i3 4110e
intel xeon_e3_1225_v2 -
intel core_i5 5257u
intel xeon_e3_1276_v3 -
intel xeon_e5 2658
intel xeon e5620
intel core_i5 520e
intel atom_z z2580
intel core_i5 3340m
intel core_i5 3350p
intel core_i7 4790
phoenixcontact vl_ppc_3000_firmware -
intel core_i5 3570k
intel xeon_gold 6130f
intel core_i7 860
intel core_i7 3770s
intel atom_z z2760
intel core_i5 4670
intel pentium_n n3700
intel xeon_gold 5120
intel xeon x5675
intel xeon_e5 4655_v4
intel core_i3 2120
intel xeon_e5 2697_v4
intel core_i7 680um
intel xeon_e5 2660_v2
intel core_i3 4130
intel core_i3 4005u
intel xeon_e3_1220_v5 -
intel core_i3 4360
intel xeon_e3_1225 -
intel core_i7 7700t
intel xeon_e3_1501l_v6 -
intel core_i7 2649m
intel core_i5 4570te
intel core_i5 4310u
phoenixcontact el_ppc_1000/wt_firmware -
intel core_i5 4210y
phoenixcontact vl2_bpc_1000_firmware -
intel core_i5 2450m
intel xeon x3460
intel xeon e6510
debian debian_linux 9.0
intel core_i3 3250t
intel xeon_platinum 8176f
intel xeon_e5_1660_v4 -
intel xeon_e5_2618l_v3 -
intel xeon_phi 7230f
intel xeon_e5_2430l_v2 -
intel core_i3 380m
synology vs360hd_firmware -
intel core_i3 390m
intel core_i5 540m
intel xeon_e5_2630l_v4 -
intel xeon x3440
intel atom_c c3758
intel xeon_e5_2609_v3 -
intel xeon_e5_2643_v4 -
intel xeon_e5_2450l -
intel core_i5 4258u
intel atom_e e3815
intel xeon_e5 2699a_v4
intel core_i5 4460t
intel xeon_e5_2450l_v2 -
intel core_i3 4330t
intel core_i7 5550u
intel xeon e5507
intel core_i5 4250u
intel xeon_e7 4850_v2
intel xeon_e5_2618l_v4 -
intel xeon_e5_1630_v3 -
intel core_i5 4200u
intel core_i7 960
intel xeon l5630
intel core_i7 5700hq
intel core_i5 670
intel core_i5 2515e
intel xeon_e5 2687w_v3
phoenixcontact bl2_bpc_2000_firmware -
intel core_i7 3820qm
intel xeon_e5_2620 -
intel core_i7 4558u
intel core_m5 6y54
intel core_i7 970
intel xeon_e3_1286l_v3 -
intel xeon_e5_1660_v3 -
intel core_i7 7920hq
intel xeon e5503
intel xeon_e7 4809_v3
intel xeon_e5_2470_v2 -
intel core_i5 6267u
intel core_i3 3120me
intel xeon_e5 2670
synology virtual_machine_manager *
intel xeon_e7 8893_v4
intel core_i3 2330m
intel core_i7 875k
vmware workstation *
intel core_i5 2537m
intel xeon_e5 4648_v3
intel core_i5 5575r
intel core_i5 2520m
intel atom_x3 c3295rk
intel celeron_n n3010
intel core_i7 3537u
intel core_i5 3340s
intel core_i7 3615qe
intel xeon_e5_1660 -
intel xeon_e5 4620_v4
intel xeon_e5 4603
intel core_i3 3115c
intel core_i7 7820hk
intel xeon_e5_1650_v4 -
intel xeon_e5_2650l -
intel xeon_gold 6138t
intel xeon_gold 5119t
arm cortex-a76_firmware -
intel xeon_e5 4650l
intel celeron_n n2930
intel core_i3 4130t
intel xeon_e3_1275l_v3 -
intel core_i5 4308u
intel core_i7 640lm
intel xeon_gold 6138f
intel xeon_e5_2640_v2 -
intel core_i7 4765t
intel xeon_e7 8860_v4
intel core_i5 3330s
intel core_i5 4402e
intel core_i3 8350k
intel celeron_j j1900
intel celeron_n n2910
intel core_i3 3210
arm cortex-r8_firmware -
intel xeon_phi 7250
intel core_i3 330um
intel core_i5 2510e
intel xeon e7540
intel core_i7 3840qm
intel pentium_j j3710
intel xeon x5672
intel xeon_e7 8880_v2
intel core_i3 3120m
intel core_i7 620m
intel core_i7 5557u
intel xeon_e5_2450_v2 -
intel xeon_gold 5118
intel atom_c c2550
pepperl-fuchs visunet_rm_shell -
intel atom_z z3735e
intel xeon_e3 1545m_v5
intel celeron_n n2805
phoenixcontact bl_bpc_7001_firmware -
intel xeon_e5_2650l_v2 -
intel xeon_gold 6138
intel core_i7 2820qm
intel core_i3 6098p
intel xeon_e3_1280_v6 -
intel xeon_phi 7235
intel xeon_gold 6140m
intel core_i3 550
intel xeon_bronze_3104 -
phoenixcontact valueline_ipc_firmware -
intel core_i7 640m
intel atom_c c3508
arm cortex-a57_firmware -
intel xeon_e5_2428l_v3 -
intel core_i7 2640m
intel xeon x3430
intel xeon_phi 7210
intel atom_z z3795
intel core_i5 4300u
intel xeon_platinum 8160m
intel xeon_e5_1620_v2 -
intel xeon_e5 2687w
intel xeon_e5 2695_v3
intel celeron_n n2810
intel xeon_e3_1278l_v4 -
intel core_i5 3320m
intel xeon x7560
intel xeon_gold 6140
intel core_i5 4310m
intel xeon_e5 4620_v3
intel xeon_e5_2450 -
intel core_i7 2637m
intel core_i7 5700eq
intel atom_c c2538
intel xeon_e5_2637_v3 -
intel core_m3 7y32
intel core_i5 8400
intel xeon_e3_1265l_v2 -
intel xeon_e5 4610
phoenixcontact bl_rackmount_4u_firmware -
intel core_i3 4330
intel atom_c c3708
phoenixcontact dl_ppc15m_7000_firmware -
synology router_manager *
intel xeon_e3_1265l_v4 -
intel pentium_n n3510
intel xeon_e5 4610_v2
intel core_i3 4340te
intel celeron_j j3060
intel core_i5 460m
intel atom_c c3958
intel core_i5 2310
intel core_i5 3470t
intel xeon_e7 2830
intel xeon_e3_1285l_v4 -
phoenixcontact vl_bpc_2000_firmware -
intel xeon_e5_2428l -
intel xeon_e5 4669_v3
intel core_i3 4350t
intel core_i7 4790k
intel xeon_e5_2470 -
intel xeon_e7 8891_v3
intel xeon_e5_1650_v3 -
intel atom_x3 c3130
intel xeon_e5_2428l_v2 -
intel core_i3 2375m
intel atom_e e3827
intel atom_c c2750
intel core_i5 655k
oracle solaris 10
intel celeron_n n3150
intel xeon_e3_1285_v3 -
intel xeon_e5_2440_v2 -
intel xeon l7555
intel core_i7 920
intel core_i7 2700k
intel core_i5 4302y
intel core_i7 3630qm
intel xeon_e3_1241_v3 -
intel xeon_e3_1280 -
intel xeon_platinum 8164
intel atom_z z3735f
intel xeon_e3_1220_v3 -
intel core_i5 2450p
intel core_i7 620le
intel atom_c c2518
intel core_i7 5650u
intel xeon_e5 4627_v2
intel core_i7 4702mq
phoenixcontact bl_ppc_1000_firmware -
phoenixcontact dl_ppc18.5m_7000_firmware -
intel xeon_e7 8850
intel core_i5 5675r
intel xeon_e3_1240l_v3 -
phoenixcontact dl_ppc15_1000_firmware -
intel core_i5 4690k
intel xeon_e5 2667
intel atom_z z3745
intel core_m3 7y30
intel celeron_n n3050
intel core_i7 620ue
intel core_i3 6100h
canonical ubuntu_linux 12.04
intel core_i5 4400e
intel core_i5 4570r
intel atom_x3 c3445
intel core_i5 3570
intel xeon_platinum 8160t
intel atom_c c3850
intel xeon x5690
intel atom_c c2718
intel xeon_e7 4830_v4
phoenixcontact vl2_bpc_7000_firmware -
intel core_i7 3612qe
intel xeon_gold 6150
intel atom_z z3570
intel xeon_platinum 8170
intel core_i5 2430m
intel core_i5 4402ec
intel xeon_e3_1220_v2 -
intel core_i5 3427u
intel xeon_e5 4655_v3
intel xeon x7542
intel xeon_e5 2697a_v4
intel xeon x3450
intel xeon_gold 6134m
intel core_i5 4200m
intel xeon_e5_2403 -
intel xeon_e5 2680_v3
intel core_i3 3227u
intel core_i3 6006u
intel xeon_e7 4807
canonical ubuntu_linux 16.04
intel core_i5 2320
intel atom_z z2520
intel xeon_e3_1230l_v3 -
intel xeon_e5_2403_v2 -
intel xeon_e3 1558l_v5
intel core_i5 4210m
intel core_i7 740qm
intel celeron_j j4005
intel celeron_n n3000
intel atom_e e3805
intel xeon l5638
phoenixcontact vl2_ppc_7000_firmware -
intel pentium_j j2850
intel xeon_e5 2695_v2
intel core_i7 3610qe
intel xeon_e5 4650_v4
intel xeon_e5_2618l_v2 -
intel xeon_e5_2650 -
intel core_i5 4590t
intel core_i5 4288u
intel core_i7 610e
intel core_i7 720qm
intel core_i7 870s
intel core_i7 5600u
phoenixcontact bl_ppc15_1000_firmware -
intel core_i5 4670r
intel xeon_e3_1286_v3 -
arm cortex-a8_firmware -
intel xeon_e3_1245_v3 -
intel xeon_e5_2430_v2 -
intel core_i5 450m
intel xeon_e5_2640_v3 -
intel core_i5 6360u
intel atom_c c2558
intel atom_c c2308
intel xeon_e5_2620_v3 -
intel xeon_e7 4809_v4
intel xeon_e3_1275_v6 -
intel core_i7 4610y
intel core_i7 3740qm
intel xeon_e5 2658_v2
intel core_i7 4950hq
intel xeon_e7 8867_v3
intel xeon_e7 8891_v2
intel core_i5 4570t
intel core_i5 5250u
intel xeon_e5_2609_v4 -
intel xeon e5606
intel xeon x3480
intel xeon_e5 4640
intel xeon_silver 4110
intel core_i3 3240
intel core_i5 6600t
intel core_i5 2500t
intel xeon_e5_2430 -
intel xeon_silver 4114
intel core_i5 4430s
intel xeon_e3_1240 -
intel xeon_e5_2630l -
intel core_i3 4170t
intel core_i7 3770k
intel xeon_e3_1240_v3 -
vmware esxi 6.5
intel xeon_e3_1280_v5 -
intel core_i3 6100e
intel core_i3 540
synology skynas -
intel xeon_e3_1285_v4 -
intel xeon_e7 4809_v2
intel core_i7 3632qm
intel xeon w3670
intel core_i7 920xm
intel xeon_e3_1235 -
opensuse leap 42.2
intel core_i5 520um
intel core_i3 4170
intel core_i5 5675c
intel core_i5 4670s
intel core_m 5y31
intel celeron_j j3355
intel xeon_e5 4617
intel core_i5 430m
intel atom_c c3338
suse suse_linux_enterprise_software_development_kit 11
intel core_i7 4700eq
intel xeon_e3_1268l_v3 -
intel core_i5 6500
intel core_i3 4370
intel xeon_e7 2803
intel xeon_e5_2628l_v2 -
intel xeon_e5_2630l_v2 -
intel xeon_e3_1220l_v3 -
intel xeon_e3_1290_v2 -
intel xeon_e7 8891_v4
phoenixcontact bl2_ppc_7000_firmware -
intel xeon x5660
phoenixcontact vl2_ppc9_1000_firmware -
intel core_i3 4010u
intel xeon_e7 8890_v3
intel xeon_e3_1281_v3 -
intel xeon_e5 2660_v4
intel xeon_e5_2643_v2 -
intel xeon_e5 4607_v2
intel xeon_e7 4830
intel xeon e6540
intel xeon_e7 8867_v4
phoenixcontact bl_ppc17_1000_firmware -
intel core_i3 6100u
intel xeon_e5 4627_v3
intel xeon_e5_1428l_v3 -
arm neoverse_n2_firmware -
intel core_i7 980x
intel core_i5 4440
intel core_i5 580m
intel xeon_e7 4870_v2
intel core_i7 7567u
intel core_i3 8100
intel atom_z z3590
intel atom_x3 c3265rk
intel xeon w3680
siemens simatic_winac_rtx_(f)_2010_firmware 2010
intel core_i3 4010y
intel core_i5 4570s
intel core_i5 750
intel core_i3 2330e
intel xeon_e3_1270_v6 -
intel xeon_e3_12201 -
intel xeon_phi 7285
intel xeon l5518
intel core_i5 8600k
intel atom_c c3830
intel xeon_e7 4850_v3
intel xeon_gold 6128
intel xeon_e5_2643_v3 -
intel atom_z z3770
intel core_i3 5005u
intel core_i5 661
intel core_i7 4900mq
intel xeon_e5 2699r_v4
intel xeon_silver 4114t
intel atom_z z3580
intel xeon_e5_1660_v2 -
arm cortex-a78_firmware -
intel core_i5 4300y
intel atom_c c2316
intel xeon_gold 6142
intel xeon_e5_2608l_v4 -
intel xeon_gold 5115
intel atom_c c3538
intel core_i7 4800mq
intel core_i5 6200u
intel xeon_e7 8870_v3
intel xeon_e7 8860_v3
vmware esxi 5.5.0
intel xeon x5560
intel xeon_gold 6132
intel core_i7 5850eq
intel xeon_e5 2670_v2
intel xeon_gold 6134
intel core_i7 4770s
intel core_i3 2350m
intel xeon_e3_1246_v3 -
intel xeon_e5 4650_v3
intel xeon_silver 4109t
intel core_i5 3470
intel xeon_e5 4640_v2
arm cortex-a17_firmware -
intel core_i7 4712mq
intel core_m 5y10a
intel xeon_e5_1428l -
intel xeon_e3 1585l_v5
intel core_i5 6500te
intel xeon_platinum 8160
pepperl-fuchs btc12_firmware -
intel core_i5 3380m
intel xeon x7550
intel core_i5 4690
intel core_i7 4870hq
intel core_i3 330m
intel core_i5 4330m
intel xeon_e7 8880l_v2
intel core_i5 6300u
intel core_i3 6320
intel xeon_gold 6142m
intel core_i5 6440eq
intel atom_c c2338
intel xeon_e5_2628l_v4 -
intel core_i7 640um
arm cortex-a15_firmware -
intel xeon l5530
intel celeron_j j1800
intel xeon_e3_1240_v6 -
intel atom_x5-e3930 -
intel xeon_e5_2609_v2 -
arm cortex-a75_firmware -
intel xeon_gold 5120t
intel xeon_e5 2698_v4
intel core_i5 2557m
intel xeon_e3_1245_v6 -
intel xeon_e7 2860
intel core_i7 4600u
intel xeon_silver 4108
intel core_i3 4100m
intel core_i5 2390t
intel core_i3 2105
intel core_i3 4110m
arm cortex-a77_firmware -
intel xeon_e7 8837
intel xeon_e7 4820
intel core_i7 8700
intel xeon_e5 2683_v3
intel xeon_gold 6136
intel xeon w5590
intel celeron_n n2808
intel core_i5 5287u
intel core_i7 4702ec
intel xeon_e7 8880_v3
phoenixcontact vl2_bpc_9000_firmware -
intel core_i5 6685r
intel core_i5 6600k
intel core_i7 4710mq
intel xeon_e7 8857_v2
intel core_i3 3220t
arm neoverse_n1_firmware -
intel xeon_platinum 8158
arm cortex-a9_firmware -
intel atom_c c2758
intel atom_e e3825
intel core_i7 4550u
intel xeon_e3_1270 -
intel core_i5 6500t
intel core_i7 990x
intel xeon_e5 2699_v4
intel celeron_n n2815
intel core_i3 6102e
intel core_i7 2600s
intel xeon_e7 8894_v4
intel celeron_n n2820
intel core_i7 7560u
netapp hci -
intel core_i7 4771
intel xeon_e5_2643 -
intel core_i5 2550k
phoenixcontact bl2_bpc_1000_firmware -
intel core_i5 4200y
phoenixcontact el_ppc_1000_firmware -
intel core_i7 4650u
intel core_i5 4460s
intel core_i7 2635qm
intel core_i7 4850hq
phoenixcontact bl2_ppc_1000_firmware -
intel xeon e5504
intel xeon_e3_1501m_v6 -
intel xeon_e7 8880_v4
intel core_i7 7700k
intel atom_x3 c3200rk
intel xeon_e5 2680
intel core_i7 8650u
intel core_i3 4150
intel core_i5 4260u
intel core_i3 4370t
intel xeon_e3 1565l_v5
intel core_i3 2370m
intel atom_c c3558
intel xeon_e5 2667_v2
intel xeon_e5_2603_v4 -
intel xeon_e5 2660
arm cortex-r7_firmware -
intel core_i5 5350h
intel celeron_n n2840
intel xeon_e3_1220_v6 -
intel xeon_e7 8860
intel core_i7 2617m
intel xeon_e3_12201_v2 -
intel core_i3 4350
intel core_i3 2310m
intel core_i5 4202y
intel xeon_e3_1245 -
intel core_i7 7y75
intel core_m5 6y57
intel xeon_e5 2695_v4
CVE-2017-6458 MEDIUM

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_net_cp_443-1_opc_ua_firmware *
apple mac_os_x *
ntp ntp 4.2.8
ntp ntp *
hpe hpux-ntp *
CVE-2017-6864 LOW

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_i *
CVE-2017-6865 MEDIUM

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_net_pc-software -
siemens primary_setup_tool -
siemens simatic_step_7_(tia_portal) 14.0
siemens simatic_wincc -
siemens simatic_step_7_micro/win_smart -
siemens smart_pc_access 2.0
siemens simatic_winac_rtx_f_2010 -
siemens pcs_7 -
siemens simatic_step_7_(tia_portal) 5.0
siemens sinumerik_808d_programming_tool -
siemens simatic_step_7_(tia_portal) 13.0
siemens simatic_automation_tool -
siemens security_configuration_tool -
siemens simatic_wincc_(tia_portal) 13.0
siemens simatic_wincc_flexible_2008 -
siemens simatic_wincc_(tia_portal) 14.0
siemens sinaut_st7cc -
siemens simatic_winac_rtx_2010 -
siemens sinema_server -
CVE-2017-6866 MEDIUM

A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens xhq_server *
CVE-2017-6867 MEDIUM

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.3
siemens simatic_wincc_(tia_portal) 14
siemens simatic_wincc_(tia_portal) 13
siemens simatic_wincc_runtime 13
siemens simatic_wincc_runtime 14
siemens simatic_wincc 7.4
CVE-2017-6868 MEDIUM

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens simatic_cp_44x-1_redundant_network_access_modules *
CVE-2017-6869 HIGH

A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens viewport_for_web_office_portal -
CVE-2017-6870 MEDIUM

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_wincc_sm@rtclient *
CVE-2017-6871 MEDIUM

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-288,CWE-287,

Products Affected

Vendor Product Version
siemens simatic_wincc_sm@rtclient *
siemens simatic_wincc_sm@rtclient_lite *
CVE-2017-6872 MEDIUM

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-668,

Products Affected

Vendor Product Version
siemens ozw772_firmware -
siemens ozw672_firmware -
CVE-2017-6873 MEDIUM

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens ozw772_firmware -
siemens ozw672_firmware -
CVE-2017-9938 MEDIUM

A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_logon *
CVE-2017-9939 HIGH

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2017-9940 MEDIUM

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2017-9941 MEDIUM

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2017-9942 LOW

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.

CVSS 2.0

Severity: LOW

Problem Type: CWE-257,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2017-9944 HIGH

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,CWE-269,

Products Affected

Vendor Product Version
siemens 7kt_pac1200_data_manager_firmware *
CVE-2017-9945 MEDIUM

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens 7km_pac_switched_ethernet_profinet_expansion_module_firmware *
CVE-2017-9946 MEDIUM

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_firmware *
siemens apogee_pxc_modular_firmware *
CVE-2017-9947 MEDIUM

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-538,CWE-22,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_firmware *
siemens apogee_pxc_modular_firmware *
CVE-2018-11447 MEDIUM

A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-352,

Products Affected

Vendor Product Version
siemens scalance_m875_firmware -
CVE-2018-11448 LOW

A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: LOW

Problem Type: CWE-352,CWE-79,

Products Affected

Vendor Product Version
siemens scalance_m875_firmware -
CVE-2018-11449 LOW

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens scalance_m875_firmware -
CVE-2018-11450 MEDIUM

A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens teamcenter_product_lifecycle_management *
CVE-2018-11451 HIGH

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.80), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens dnp3_tcp_firmware -
siemens iec_61850_firmware *
siemens profinet_io_firmware -
siemens cp100_firmware *
siemens cp300_firmware *
siemens cp200_firmware -
siemens iec104_firmware -
siemens modbus_tcp_firmware -
CVE-2018-11452 HIGH

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens dnp3_tcp_firmware -
siemens iec_61850_firmware *
siemens profinet_io_firmware -
siemens cp100_firmware *
siemens cp300_firmware *
siemens cp200_firmware -
siemens iec104_firmware -
siemens modbus_tcp_firmware -
CVE-2018-11453 MEDIUM

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-732,

Products Affected

Vendor Product Version
siemens simatic_wincc_(tia_portal) 15.0
siemens simatic_step_7_(tia_portal) 14.0
siemens simatic_step_7_(tia_portal) 13.0
siemens simatic_step_7_(tia_portal) 11.0
siemens simatic_wincc_(tia_portal) 13.0
siemens simatic_step_7_(tia_portal) 15.0
siemens simatic_wincc_(tia_portal) 14.0
siemens simatic_wincc_(tia_portal) 12.0
siemens simatic_step_7_(tia_portal) 12.0
siemens simatic_step_7_(tia_portal) 10.0
siemens simatic_wincc_(tia_portal) 10.0
siemens simatic_wincc_(tia_portal) 11.0
CVE-2018-11454 MEDIUM

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-732,

Products Affected

Vendor Product Version
siemens simatic_wincc_(tia_portal) 15.0
siemens simatic_step_7_(tia_portal) 14.0
siemens simatic_step_7_(tia_portal) 13.0
siemens simatic_step_7_(tia_portal) 11.0
siemens simatic_wincc_(tia_portal) 13.0
siemens simatic_step_7_(tia_portal) 15.0
siemens simatic_wincc_(tia_portal) 14.0
siemens simatic_wincc_(tia_portal) 12.0
siemens simatic_step_7_(tia_portal) 12.0
siemens simatic_step_7_(tia_portal) 10.0
siemens simatic_wincc_(tia_portal) 10.0
siemens simatic_wincc_(tia_portal) 11.0
CVE-2018-11455 MEDIUM

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2018-11456 MEDIUM

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2018-11457 HIGH

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-11458 HIGH

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-11459 HIGH

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_808d_v4.8_firmware *
siemens sinumerik_808d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-11460 HIGH

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_808d_v4.8_firmware *
siemens sinumerik_808d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-11461 MEDIUM

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_808d_v4.8_firmware *
siemens sinumerik_808d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-11462 HIGH

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_808d_v4.8_firmware *
siemens sinumerik_808d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-11463 MEDIUM

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_808d_v4.8_firmware *
siemens sinumerik_808d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-11464 MEDIUM

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-248,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinumerik_840d_sl_firmware *
siemens sinumerik_828d_firmware *
CVE-2018-11465 HIGH

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-248,CWE-125,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_808d_v4.8_firmware *
siemens sinumerik_808d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-11466 HIGH

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known

CVSS 2.0

Severity: HIGH

Problem Type: CWE-248,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinumerik_828d_v4.7_firmware *
siemens sinumerik_808d_v4.8_firmware *
siemens sinumerik_808d_v4.7_firmware *
siemens sinumerik_840d_sl_v4.7_firmware *
siemens sinumerik_840d_sl_v4.8_firmware *
CVE-2018-13798 HIGH

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens sicam_a8000_cp-802x_firmware *
siemens sicam_a8000_cp-8050_firmware *
siemens sicam_a8000_cp-8000_firmware *
CVE-2018-13799 MEDIUM

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_wincc_open_architecture *
CVE-2018-13800 MEDIUM

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_v4_firmware *
CVE-2018-13801 HIGH

A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,CWE-269,

Products Affected

Vendor Product Version
siemens rox_ii_firmware *
CVE-2018-13802 HIGH

A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,CWE-269,

Products Affected

Vendor Product Version
siemens rox_ii_firmware *
CVE-2018-13804 HIGH

A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_it_ua_discrete_manufacturing v2.4
siemens simatic_it_production_suite v7.1
siemens simatic_it_ua_discrete_manufacturing v1.3
siemens simatic_it_ua_discrete_manufacturing *
siemens simatic_it_line_monitoring_system *
siemens simatic_it_ua_discrete_manufacturing v2.3
CVE-2018-13805 MEDIUM

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-1500f_firmware *
siemens simatic_s7-1500_firmware *
siemens simatic_et_200sp_firmware *
CVE-2018-13806 HIGH

A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
siemens td_keypad_designer *
CVE-2018-13807 HIGH

A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens scalance_x408_firmware *
siemens scalance_x414_firmware -
siemens scalance_x300_firmware *
CVE-2018-13808 MEDIUM

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens cp_1604_firmware *
siemens cp_1616_firmware *
CVE-2018-13809 MEDIUM

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens cp_1604_firmware *
siemens cp_1616_firmware *
CVE-2018-13810 MEDIUM

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
siemens cp_1604_firmware *
siemens cp_1616_firmware *
CVE-2018-13811 LOW

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: LOW

Problem Type: CWE-916,CWE-200,

Products Affected

Vendor Product Version
siemens simatic_step_7_(tia_portal) *
CVE-2018-13812 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_tp_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_wincc_runtime *
siemens simatic_wincc_(tia_portal) *
siemens simatic_hmi_mp_firmware *
siemens simatic_hmi_op_firmware *
CVE-2018-13813 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_tp_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_wincc_runtime *
siemens simatic_wincc_(tia_portal) *
siemens simatic_hmi_mp_firmware *
siemens simatic_hmi_op_firmware *
CVE-2018-13814 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-113,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_tp_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_wincc_runtime *
siemens simatic_wincc_(tia_portal) *
siemens simatic_hmi_mp_firmware *
siemens simatic_hmi_op_firmware *
CVE-2018-13815 MEDIUM

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-410,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_firmware -
siemens simatic_s7-1500_firmware *
CVE-2018-13816 HIGH

A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-287,

Products Affected

Vendor Product Version
siemens tim_1531_irc_firmware *
CVE-2018-15473 MEDIUM

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
netapp vasa_provider *
netapp oncommand_unified_manager *
netapp aff_baseboard_management_controller -
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
netapp virtual_storage_console *
netapp ontap_select_deploy -
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
netapp data_ontap -
netapp fas_baseboard_management_controller -
redhat enterprise_linux_workstation 7.0
netapp steelstore_cloud_integrated_storage -
openbsd openssh *
debian debian_linux 9.0
netapp data_ontap_edge -
netapp cloud_backup -
netapp storage_replication_adapter *
netapp cn1610_firmware -
redhat enterprise_linux_workstation 6.0
oracle sun_zfs_storage_appliance_kit 8.8.6
siemens scalance_x204rna_firmware *
netapp clustered_data_ontap -
netapp service_processor -
CVE-2018-16417 MEDIUM

Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens w1750d_firmware *
CVE-2018-16555 LOW

A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens scalance_s623_firmware *
siemens scalance_s602_firmware *
siemens scalance_s612_firmware *
siemens scalance_s627-2m_firmware *
CVE-2018-16556 HIGH

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_s7-400h_v6_firmware *
siemens simatic_s7-400_pn/dp_v7_firmware *
siemens simatic_s7-410_firmware *
siemens simatic_s7-400_firmware *
siemens simatic_s7-400h_firmware *
CVE-2018-16557 HIGH

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_s7-400_pn/dp_v7_firmware *
siemens simatic_s7-410_firmware *
siemens simatic_s7-400_firmware *
siemens simatic_s7-400h_firmware *
CVE-2018-16558 HIGH

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_firmware *
CVE-2018-16559 HIGH

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_firmware *
CVE-2018-16561 HIGH

A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_s7-300_firmware -
siemens simatic_s7-300f_firmware -
siemens simatic_s7-300t_firmware -
siemens simatic_s7-300fs_firmware -
CVE-2018-16563 MEDIUM

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_with_firmware_variant_modbus_tcp -
siemens en100_ethernet_module_with_firmware_variant_profinet_io -
siemens en100_ethernet_module_firmware -
siemens siprotec_5_with_cpu_variant_cp100 *
siemens siprotec_5_with_cpu_variant_cp300 *
siemens en100_ethernet_module_with_firmware_variant_dnp3_tcp -
siemens siprotec_5_with_cpu_variant_cp200 *
siemens en100_ethernet_module_with_firmware_variant_iec_61850 4.35
siemens en100_ethernet_module_with_firmware_variant_iec104 -
CVE-2018-16890 MEDIUM

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,CWE-190,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
debian debian_linux 9.0
oracle communications_operations_monitor 3.4
siemens sinema_remote_connect_client *
netapp clustered_data_ontap *
oracle communications_operations_monitor 4.0
canonical ubuntu_linux 16.04
oracle secure_global_desktop 5.4
f5 big-ip_access_policy_manager *
haxx libcurl *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
redhat enterprise_linux 8.0
CVE-2018-18508 MEDIUM

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1512_firmware *
mozilla network_security_services *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2018-20019 HIGH

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2018-20685 LOW

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
fujitsu m12-2s_firmware *
redhat enterprise_linux_eus 8.4
netapp storage_automation_store -
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
canonical ubuntu_linux 16.04
debian debian_linux 8.0
fujitsu m10-4s_firmware *
netapp ontap_select_deploy -
netapp element_software -
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
winscp winscp *
redhat enterprise_linux 8.0
fujitsu m10-1_firmware *
fujitsu m12-2_firmware *
redhat enterprise_linux_eus 8.2
netapp steelstore_cloud_integrated_storage -
fujitsu m10-4_firmware *
openbsd openssh *
debian debian_linux 9.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux 7.0
netapp cloud_backup -
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.1
fujitsu m12-1_firmware *
oracle solaris 10
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 18.10
siemens scalance_x204rna_eec_firmware *
CVE-2018-20748 HIGH

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
siemens simatic_itc1500_pro_firmware *
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2018-20749 HIGH

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2018-20750 HIGH

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2018-21247 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
opensuse leap 15.2
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2018-25032 MEDIUM

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
apple mac_os_x 10.15.7
siemens scalance_sc626-2c_firmware *
azul zulu 6.45
debian debian_linux 11.0
netapp hci_compute_node -
azul zulu 13.46
siemens scalance_sc642-2c_firmware *
siemens scalance_sc622-2c_firmware *
apple macos *
netapp ontap_select_deploy_administration_utility -
azul zulu 17.32
debian debian_linux 10.0
netapp h700s_firmware -
netapp e-series_santricity_os_controller *
apple mac_os_x *
netapp management_services_for_element_software -
siemens scalance_sc636-2c_firmware *
azul zulu 11.54
azul zulu 7.52
netapp oncommand_workflow_automation -
mariadb mariadb *
fedoraproject fedora 34
netapp h410s_firmware -
netapp h500s_firmware -
zlib zlib *
debian debian_linux 9.0
siemens scalance_sc646-2c_firmware *
netapp active_iq_unified_manager -
netapp h410c_firmware -
azul zulu 15.38
python python *
fedoraproject fedora 35
netapp h300s_firmware -
fedoraproject fedora 36
nokogiri nokogiri *
azul zulu 8.60
siemens scalance_sc632-2c_firmware *
goto gotoassist *
CVE-2018-3616 MEDIUM

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_itp1000_firmware *
intel manageability_engine_firmware *
siemens simatic_pc547g_firmware *
siemens simatic_ipc547e_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc627d_firmware *
siemens simatic_ipc647d_firmware *
siemens simatic_ipc677d_firmware *
intel active_management_technology_firmware *
siemens simatic_ipc427e_firmware *
intel converged_security_management_engine_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc827d_firmware *
siemens simatic_ipc847d_firmware *
CVE-2018-3639 LOW

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.4
siemens itc1500_pro_firmware *
siemens sinumerik_pcu_50.5_firmware *
sonicwall global_management_system -
intel xeon_e3 3600
intel atom_x7-e3950 -
intel xeon_e7 4820_v4
intel xeon_e7 8890_v2
intel xeon_e5 2690_v3
intel xeon_e5_2648l_v2 -
intel xeon_e3_1225_v2 -
intel xeon_e3_1240l_v5 -
intel xeon_e3_1276_v3 -
intel xeon_e5 2658
intel xeon_gold 86148f
intel xeon_e5 2698_v3
intel atom_z z2580
intel xeon_e3_1270_v3 -
nvidia jetson_tx2 *
intel core_i7 45nm
intel xeon_e3 e5540
redhat enterprise_linux_server 7.0
intel xeon_e5 4650
siemens simatic_ipc677c_firmware *
intel xeon_e5_2408l_v3 -
intel xeon_gold 85119t
microsoft windows_server_2016 1709
intel atom_z z3736f
intel atom_z z2760
intel atom_z z2560
microsoft surface_pro 3
intel xeon_e5 4655_v4
redhat enterprise_linux_workstation 6.0
siemens simatic_ipc477d_firmware *
intel xeon_e5 2697_v4
redhat enterprise_linux_server_aus 7.3
intel xeon_e5 2660_v2
intel xeon_e3_1220_v5 -
intel atom_z z3740
intel xeon_e3_1225 -
intel xeon_e3_1285l_v3 -
intel xeon_e7 8867l
intel xeon_e7 8870_v2
intel xeon_e3 x3470
intel xeon_e3 1575m_v5
intel xeon_e3_1501l_v6 -
intel xeon_e5_2648l -
siemens simatic_field_pg_m4_firmware *
redhat enterprise_linux_server_aus 6.6
intel xeon_e3_1230_v6 -
intel core_i5 32nm
intel xeon_gold 86154
intel xeon_e7 8870
intel atom_e e3845
intel xeon_e3_1125c_v2 -
redhat enterprise_linux_eus 7.4
intel atom_z z3480
intel xeon_e5_2407_v2 -
intel xeon_e5 2658_v3
intel xeon_e5_1650 -
intel xeon_e7 4830_v2
intel pentium n4000
redhat enterprise_linux_workstation 7.0
intel xeon_gold 86152
debian debian_linux 9.0
intel xeon_e5 2667_v3
intel xeon_e3 1505m_v6
intel xeon_platinum 8176f
intel xeon_e5_1660_v4 -
intel xeon_e5_2618l_v3 -
intel xeon_e5_2430l_v2 -
siemens simatic_ipc477c_firmware -
intel atom_z z3740d
intel xeon_e5_2620_v4 -
intel xeon_e7 4860
intel xeon_e5_2630l_v4 -
intel xeon_gold 85115
intel atom_c c3758
intel xeon_e7 4890_v2
intel xeon_e5_2609_v3 -
intel xeon_e5_2643_v4 -
microsoft windows_10 1809
intel xeon_e5_2450l -
sonicwall cloud_global_management_system -
intel atom_e e3815
intel xeon_e7 8880l_v3
intel xeon_e5 4610_v4
intel xeon_e5 2699a_v4
intel xeon_e5_2450l_v2 -
arm cortex-a 15
intel xeon_e7 4850_v2
intel atom_z z2460
intel xeon_e5_2618l_v4 -
intel xeon_e5_1630_v3 -
siemens simatic_ipc827d_firmware *
siemens simatic_ipc547g_firmware *
intel xeon_e5_1620_v4 -
intel atom_c c3950
intel xeon_e5 2687w_v3
redhat virtualization 4.0
siemens simatic_ipc427c_firmware -
intel xeon_e5_2620 -
intel xeon_gold 86146
intel xeon_gold 86132
siemens itc1500_firmware *
intel xeon_gold 86150
intel atom_z z3770d
intel xeon_e3_1286l_v3 -
intel xeon_e5 2697_v3
intel xeon_e5_1660_v3 -
intel xeon_e5_2630l_v3 -
intel xeon_gold 86134
intel xeon_e7 4809_v3
intel xeon_e5_2470_v2 -
intel xeon_e3_1226_v3 -
intel xeon_e5 2665
intel xeon_silver 4116t
intel xeon_e5 2699_v3
intel xeon_e3_1275_v2 -
intel xeon_e5 2670
intel xeon_e5 2680_v4
intel xeon_gold 86138t
intel xeon_e7 8893_v4
intel xeon_e3 x3450
intel xeon_e5 4640_v4
intel xeon_e5 4648_v3
intel xeon_e3 e5520
intel xeon_e5_2637_v2 -
intel xeon_silver 4112
intel xeon_e3_1290 -
intel xeon_e3_1505l_v6 -
intel xeon_e5_1660 -
intel xeon_e5 4620_v4
intel xeon_e5 4603
intel xeon_e3_1258l_v4 -
intel celeron_j j3455
intel xeon_e5_1650_v4 -
intel xeon_e5_2650l -
intel xeon_e3 w5590
intel xeon_e7 8893_v2
intel xeon_e3 x3430
intel xeon_e5 4650l
intel xeon_e3_1270_v2 -
intel xeon_e3_1231_v3 -
intel xeon_e3 1535m_v6
intel celeron_j j4105
intel xeon_e3_1275l_v3 -
intel pentium_silver j5005
intel xeon_e3 e6550
microsoft windows_server_2016 -
intel xeon_e7 2870
intel xeon_gold 85118
intel xeon_e3_1230_v2 -
intel xeon_e5_2640_v2 -
intel xeon_gold 86128
intel xeon_e7 8860_v4
siemens simatic_ipc647c_firmware *
microsoft windows_server_2012 -
intel xeon_e5_2630_v3 -
intel xeon_platinum 8176
intel xeon_e3 x3440
intel xeon_e5 4660_v3
siemens simatic_ipc547e_firmware *
intel xeon_e7 8880_v2
intel xeon_e3_1105c_v2 -
intel xeon_e5_2450_v2 -
sonicwall secure_mobile_access -
intel atom_z z2480
intel xeon_e7 2870_v2
arm cortex-a 72
intel xeon_e5_2650_v4 -
microsoft windows_10 1607
intel atom_z z3735e
intel xeon_e3 1545m_v5
intel xeon_e5 2650l_v4
intel xeon_e5_2650l_v2 -
intel xeon_e5 2687w_v4
siemens itc2200_firmware *
intel xeon_e3_1280_v6 -
microsoft windows_server_2012 r2
intel xeon_e3 l5518_
intel xeon_e3_1270_v5 -
intel xeon_e7 8830
intel atom_c c3508
intel xeon_e5_2428l_v3 -
intel xeon_e3_1268l_v5 -
siemens sinumerik_tcu_30.3_firmware -
microsoft windows_8.1 -
redhat enterprise_linux_eus 7.5
intel atom_z z3795
intel xeon_gold 86140m
intel xeon_platinum 8160m
intel xeon_e5_1620_v2 -
intel xeon_e5 2687w
intel xeon_e5 2695_v3
intel xeon_e3_1278l_v4 -
intel xeon_gold 86126
redhat enterprise_linux_server_aus 6.5
intel xeon_e5 4620_v3
intel xeon_e5_2450 -
intel xeon_e5_2637_v3 -
siemens simatic_ipc427d_firmware *
intel xeon_e3_1260l_v5 -
intel xeon_e3_1265l_v2 -
intel xeon_e5 4610
arm cortex-a 57
intel atom_c c3708
intel xeon_e5_2637 -
intel xeon_e3_1245_v2 -
intel xeon_e3_1265l_v4 -
intel xeon_platinum 8180
intel xeon_e5 4610_v2
intel xeon_e5_1620_v3 -
intel atom_z z2420
microsoft surface_pro 4
redhat enterprise_linux_server_aus 7.2
intel xeon_e3_1271_v3 -
intel xeon_e3 e5507
microsoft windows_10 -
intel xeon_e5_2407 -
intel xeon_e3_1275_v3 -
intel xeon_e5 4620
redhat enterprise_linux_server_aus 5.9
intel atom_c c3958
mitel mivoic_mx-one -
intel xeon_e7 2830
intel xeon_gold 86126f
mitel mivoice_business -
intel xeon_e3_1285l_v4 -
intel xeon_e5_1680_v3 -
intel xeon_e5_2428l -
intel xeon_e5 4669_v3
intel xeon_e7 8870_v4
siemens itc1900_firmware *
microsoft windows_server_2016 1803
intel xeon_e7 8893_v3
intel xeon_gold 86130
redhat enterprise_linux_server_tus 7.7
intel xeon_e5_2470 -
intel xeon_e7 8891_v3
siemens simatic_ipc627c_firmware *
intel xeon_e5_1650_v3 -
intel atom_z z3785
intel xeon_e5_2428l_v2 -
intel atom_e e3827
intel xeon_e3 1578l_v5
intel xeon_e3_1285_v3 -
intel xeon_e5_2440_v2 -
intel xeon_e5 2670_v3
intel atom_c c3750
sonicwall sonicosv -
intel xeon_e3_1241_v3 -
intel xeon_e5_2650_v2 -
redhat enterprise_linux_eus 6.7
intel xeon_e3_1280 -
intel xeon_e7 4830_v3
intel xeon_platinum 8164
intel xeon_platinum 8176m
intel atom_z z3735f
intel xeon_e3_1220_v3 -
canonical ubuntu_linux 17.10
redhat openstack 8
intel atom_z z3460
intel xeon_e3 e6510
intel xeon_e5 4627_v2
mitel mivoice_border_gateway -
siemens simatic_ipc627d_firmware *
intel xeon_e5_2603_v3 -
intel xeon_gold 86136
siemens simatic_ipc677d_firmware *
intel xeon_e5 2690
debian debian_linux 8.0
intel xeon_e7 8850
siemens simotion_p320-4e_firmware *
intel xeon_e3_1240l_v3 -
siemens simatic_s7-1500_firmware *
intel atom_z z3736g
intel xeon_e3 l3403
microsoft surface_pro 1796
intel xeon_e5 2667
redhat openstack 7.0
intel atom_z z3745
canonical ubuntu_linux 12.04
microsoft windows_server_2008 r2
intel xeon_platinum 8160t
intel xeon_e3 e6540
intel atom_c c3850
intel xeon_e5 4607
intel xeon_e7 4830_v4
intel xeon_gold 86130f
mitel mivoice_connect -
intel atom_z z3570
intel xeon_e5 2667_v4
intel xeon_platinum 8170
intel xeon_e5_2438l_v3 -
intel xeon_e3_1220_v2 -
intel xeon_e5_2609 -
intel xeon_e5 4655_v3
intel xeon_e7 4820_v2
intel xeon_e5 2697a_v4
redhat mrg_realtime 2.0
intel xeon_e5_2403 -
intel xeon_e5_2630 -
intel xeon_e5 2680_v3
intel xeon_e3_1285_v6 -
intel xeon_e3 l5508_
intel xeon_e7 4807
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 6.6
intel atom_z z2520
oracle solaris 11
mitel mivoice_5000 -
intel xeon_e3_1230l_v3 -
intel xeon_e5_2403_v2 -
intel xeon_e3 1558l_v5
microsoft surface_studio -
intel xeon_platinum 8168
canonical ubuntu_linux 18.04
intel xeon_gold 86130t
intel celeron_j j4005
intel xeon_e5_2440 -
intel xeon_gold 86142m
intel xeon_e5_2650_v3 -
intel atom_c c3858
intel atom_e e3805
intel core_i3 32nm
intel xeon_e5 2695_v2
intel xeon_e5_1630_v4 -
intel xeon_e7 8890_v4
microsoft windows_server_2008 sp2
intel xeon_e5 4650_v4
intel xeon_e5_2618l_v2 -
intel xeon_e5_2630_v4 -
intel xeon_e5 2690_v4
intel xeon_e5_1620 -
intel xeon_e5_2650 -
intel xeon_e3 w5580
redhat virtualization_manager 4.2
redhat enterprise_linux_eus 7.3
intel xeon_e3_1286_v3 -
siemens simatic_ipc647d_firmware *
intel xeon_e5_1680_v4 -
intel xeon_e3_1245_v3 -
intel xeon_e5_2430_v2 -
intel xeon_e5_2418l_v2 -
intel xeon_e5_2640_v3 -
intel xeon_e5_2430l -
intel xeon_e5 4650_v2
intel atom_c c2308
intel xeon_e5_2620_v3 -
intel xeon_e7 4809_v4
microsoft windows_7 -
intel xeon_platinum 8160f
siemens simatic_ipc347e_firmware *
intel xeon_e3_1275_v6 -
intel xeon_e5 2658_v2
microsoft windows_10 1709
intel xeon_e7 8867_v3
intel xeon_e7 8891_v2
intel xeon_e3_1225_v6 -
intel xeon_e5_2609_v4 -
intel xeon_gold 86126t
microsoft surface_book 2
intel core_i3 45nm
intel xeon_e5 4640
intel xeon_silver 4110
intel xeon_e3_1225_v5 -
intel xeon_e5 2690_v2
intel pentium n4100
intel xeon_e7 2880_v2
intel xeon_e5_2430 -
intel xeon_silver 4114
intel core_i7 32nm
intel xeon_e3_1240 -
intel xeon_e5_2418l -
redhat enterprise_linux_server_tus 7.2
intel xeon_gold 85120t
redhat openstack 12
intel xeon_e5_2630l -
intel xeon_e7 2820
siemens simatic_ipc3000_smart_firmware *
intel xeon_e3_1240_v3 -
intel xeon_e3_1280_v5 -
intel xeon_e7 4850
siemens simatic_itp1000_firmware *
redhat enterprise_linux_eus 7.6
intel xeon_e5 4640_v3
intel xeon_e3_1285_v4 -
intel xeon_e3_1505l_v5 -
intel xeon_e7 4809_v2
redhat enterprise_linux_server 6.0
intel xeon_e3_1235 -
redhat enterprise_linux_server_aus 7.7
microsoft windows_10 1803
oracle local_service_management_system *
intel xeon_e5_1650_v2 -
intel xeon_e5 4603_v2
intel xeon_gold 85122
intel xeon_e5_2623_v3 -
intel xeon_e5 4617
intel xeon_e3 e5530
intel xeon_e3_1265l_v3 -
intel atom_c c3338
intel xeon_e5_2628l_v3 -
intel xeon_e3_1268l_v3 -
intel xeon_e3 e5502
intel xeon_e3_1245_v5 -
intel xeon_e7 2803
intel xeon_e3 l3406
intel xeon_e3_1230 -
intel xeon_e5_2628l_v2 -
intel xeon_e3 1585_v5
intel xeon_e5_2603 -
intel xeon_e5_2630l_v2 -
intel xeon_e3_1220l_v3 -
intel xeon_e3_1290_v2 -
intel xeon_e7 8891_v4
intel xeon_e3 l5520
intel xeon_gold 86142f
siemens ruggedcom_ape_firmware -
intel core_m 32nm
intel pentium n4200
redhat openstack 10
microsoft surface_pro_with_lte_advanced 1807
sonicwall web_application_firewall -
intel xeon_e7 8890_v3
intel xeon_e3 l5506
intel xeon_e3_1225_v3 -
intel xeon_e3_1281_v3 -
intel xeon_platinum 8170m
intel xeon_e5 2660_v4
intel xeon_e5_2448l -
intel xeon_e5_2643_v2 -
intel xeon_e5 4607_v2
intel xeon_e7 4830
intel xeon_e3_1275_v5 -
intel xeon_e7 8867_v4
intel xeon_e3_1240_v2 -
intel xeon_e5 4627_v3
intel xeon_e5_1428l_v3 -
intel xeon_e7 4870_v2
intel xeon_e3 1535m_v5
intel atom_z z3590
intel xeon_e3_1270_v6 -
intel xeon_e3_12201 -
intel xeon_e3 e5504
intel atom_c c3830
intel xeon_e5_2608l_v3 -
intel xeon_e5 2680_v2
intel xeon_e7 4850_v3
intel xeon_e5_2420 -
intel xeon_e5_2643_v3 -
intel atom_z z3770
intel xeon_e7 2850_v2
siemens simatic_field_pg_m5_firmware *
intel xeon_e5 2699r_v4
intel xeon_silver 4114t
intel atom_z z3580
intel xeon_e5_1660_v2 -
intel xeon_e3_1240_v5 -
intel xeon_e7 4850_v4
intel xeon_e5_2630_v2 -
intel xeon_e5_2608l_v4 -
intel xeon_gold 5115
intel atom_c c3538
intel xeon_e7 4860_v2
intel xeon_e5_2418l_v3 -
sonicwall email_security -
intel xeon_e7 8870_v3
microsoft windows_10 1703
intel xeon_e5 4624l_v2
intel xeon_e7 8860_v3
intel xeon_e5 4628l_v4
redhat enterprise_linux_desktop 6.0
intel xeon_e5 2660_v3
intel atom_z z3745d
intel xeon_e5 2670_v2
redhat openstack 9
intel xeon_e3_1246_v3 -
intel xeon_e5 4650_v3
intel xeon_e5 4660_v4
intel xeon_silver 4109t
intel atom_c c3955
intel xeon_e5 4640_v2
redhat virtualization_manager 4.3
siemens simatic_ipc477e_pro_firmware *
intel xeon_e5_1428l -
intel xeon_e5 4627_v4
intel xeon_e5 4667_v3
intel xeon_e3 1585l_v5
intel xeon_e5_2648l_v4 -
intel xeon_gold 86144
intel xeon_platinum 8160
intel xeon_e5 4667_v4
intel xeon_platinum 8153
siemens simatic_ipc477e_firmware *
intel xeon_e7 8880l_v2
intel xeon_e5_2620_v2 -
siemens itc1900_pro_firmware *
intel xeon_e3 1515m_v5
intel atom_z z3530
intel xeon_e5_2628l_v4 -
intel xeon_e3 l3426
intel xeon_e3 x3480
intel xeon_platinum 8156
intel xeon_e3_1240_v6 -
intel atom_x5-e3930 -
intel atom_z z3735g
intel xeon_e5_2609_v2 -
siemens sinema_remote_connect_firmware -
intel xeon_e5_2420_v2 -
redhat enterprise_linux_server_tus 7.3
intel atom_e e3826
intel xeon_e3 5600
intel xeon_e3 x5560
intel xeon_gold 86140
redhat enterprise_linux_eus 7.7
intel xeon_e5 2698_v4
intel xeon_e3_1245_v6 -
siemens simatic_ipc847d_firmware *
intel xeon_e7 2860
intel xeon_e7 2890_v2
intel atom_z z3560
schneider-electric struxureware_data_center_expert *
intel xeon_e5_2603_v2 -
intel xeon_e3 e5503
redhat enterprise_linux_desktop 7.0
intel xeon_e5 4610_v3
intel xeon_silver 4108
intel xeon_silver 4116
intel xeon_e7 4880_v2
intel xeon_e7 2850
intel xeon_e3 1220_
intel xeon_e3 125c_
intel atom_x5-e3940 -
intel core_i5 45nm
intel xeon_e7 8837
siemens simatic_ipc827c_firmware *
intel xeon_e5 2658a_v3
intel xeon_e5 2697_v2
intel xeon_e7 4820
redhat enterprise_linux_server_aus 6.4
intel xeon_e3_1505m_v5 -
intel xeon_e5_2640_v4 -
intel xeon_e5 2683_v3
intel xeon_e3_1280_v2 -
intel xeon_e3 e5506
redhat openstack 13
intel xeon_e5_2637_v4 -
mitel micollab -
intel xeon_gold 86138
intel pentium_j j4205
intel xeon_e7 8880_v3
intel xeon_e3_1280_v3 -
intel xeon_e7 8857_v2
siemens itc2200_pro_firmware *
intel xeon_e7 4820_v3
intel xeon_platinum 8158
intel xeon_gold 86134m
redhat enterprise_linux_server_tus 7.6
intel atom_e e3825
nvidia jetson_tx1 *
intel xeon_e3_1270 -
microsoft surface_book -
intel xeon_e5_2623_v4 -
intel xeon_e3_1230_v5 -
intel xeon_e5 4669_v4
intel xeon_e3 l5530
intel xeon_e5 2699_v4
intel xeon_e5 4657l_v2
siemens simatic_ipc847c_firmware *
intel xeon_e7 8894_v4
intel atom_c c3808
intel xeon_e5 2658_v4
intel xeon_gold 86138f
intel pentium_silver n5000
intel xeon_e3_1235l_v5 -
intel xeon_e3 x3460
intel xeon_e3_1260l -
intel xeon_e5_2643 -
intel xeon_e5_2648l_v3 -
intel xeon_gold 85120
intel xeon_e3_1230_v3 -
intel xeon_e3 7500
intel atom_z z3775d
intel xeon_e7 4870
intel xeon_gold 86148
intel xeon_e3 1275_
intel xeon_e-1105c -
microsoft surface -
intel xeon_e3_1501m_v6 -
siemens simatic_et_200_sp_firmware *
intel xeon_e5 2687w_v2
intel xeon_e7 8880_v4
intel atom_z z3775
intel celeron_n n3450
intel xeon_e5 2680
intel atom_c c3308
intel xeon_e5_1428l_v2 -
siemens simatic_ipc427e_firmware *
intel xeon_e3 x5550
intel core_m 45nm
canonical ubuntu_linux 14.04
intel xeon_e5 4620_v2
intel xeon_e3 1565l_v5
intel xeon_e5_2650l_v3 -
intel xeon_e7 8850_v2
mitel open_integration_gateway -
intel atom_c c3558
intel xeon_e5 2667_v2
redhat enterprise_linux_server_aus 7.4
intel xeon_e5_2603_v4 -
intel xeon_e3 x5570
intel xeon_gold 86142
intel xeon_e5 2660
intel xeon_e5_2640 -
intel xeon_e5 2683_v4
intel xeon_e3_1220_v6 -
intel xeon_e7 8860
intel xeon_e3_12201_v2 -
intel xeon_e5_2448l_v2 -
siemens sinumerik_840_d_sl_firmware -
intel xeon_e3_1245 -
intel atom_z z3735d
intel xeon_e5 2695_v4
mitel micloud_management_portal *
CVE-2018-3657 HIGH

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_itp1000_firmware *
intel manageability_engine_firmware *
siemens simatic_pc547g_firmware *
siemens simatic_ipc547e_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc627d_firmware *
siemens simatic_ipc647d_firmware *
siemens simatic_ipc677d_firmware *
intel active_management_technology_firmware *
siemens simatic_ipc427e_firmware *
intel converged_security_management_engine_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc827d_firmware *
siemens simatic_ipc847d_firmware *
CVE-2018-3658 MEDIUM

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
siemens simatic_itp1000_firmware *
intel manageability_engine_firmware *
siemens simatic_pc547g_firmware *
siemens simatic_ipc547e_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc627d_firmware *
siemens simatic_ipc647d_firmware *
siemens simatic_ipc677d_firmware *
intel active_management_technology_firmware *
siemens simatic_ipc427e_firmware *
intel converged_security_management_engine_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc827d_firmware *
siemens simatic_ipc847d_firmware *
CVE-2018-3991 HIGH

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_wincc_open_architecture 3.16
siemens simatic_wincc_open_architecture 3.15
siemens simatic_wincc_open_architecture 3.14
wibu wibukey 6.40.2402.500
CVE-2018-4832 MEDIUM

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_batch 8.2
siemens simatic_route_control 8.1
siemens simatic_wincc_runtime_professional 14
siemens simatic_wincc 7.2
siemens simatic_pcs_7 8.0
siemens simatic_batch 8.0
siemens simatic_batch 7.1
siemens openpcs_7 8.0
siemens openpcs_7 9.0
siemens simatic_wincc 7.3
siemens simatic_wincc_runtime_professional 13
siemens simatic_batch 9.0
siemens openpcs_7 *
siemens simatic_route_control *
siemens sppa-t3000_application_server r8.2
siemens simatic_pcs_7 *
siemens openpcs_7 8.1
siemens simatic_wincc *
siemens simatic_net_pc_software *
siemens simatic_batch 8.1
siemens simatic_wincc 7.4
siemens sppa-t3000_application_server *
siemens openpcs_7 8.2
siemens simatic_net_pc *
siemens simatic_pcs_7 8.2
siemens simatic_route_control 8.0
siemens simatic_net_pc 15
siemens simatic_wincc_runtime_professional *
siemens simatic_pcs_7 9.0
siemens simatic_route_control 9.0
siemens simatic_pcs_7 8.1
CVE-2018-4833 MEDIUM

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-20,

Products Affected

Vendor Product Version
siemens ruggedcom_wimax_firmware 4.4
siemens rfid_181-eip_firmware -
siemens ruggedcom_wimax_firmware 4.5
siemens scalance_x408_firmware -
siemens scalance_x414_firmware -
siemens scalance_x204rna_firmware -
siemens scalance_x200irt_firmware *
siemens scalance_x200_firmware *
siemens simatic_rf182c_firmware -
siemens scalance_x300_firmware -
CVE-2018-4834 HIGH

A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-434,

Products Affected

Vendor Product Version
siemens pxc12/22/36-e.d_firmware *
siemens pxc00/64/128-u_firmware *
siemens pxm20-e_firmware *
siemens pxc00/50/100/200-e.d_firmware *
siemens pxc001-e.d_firmware *
CVE-2018-4835 MEDIUM

A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-200,

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2018-4836 MEDIUM

A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2018-4837 MEDIUM

A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2018-4838 MEDIUM

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_iec_104_firmware -
siemens en100_ethernet_module_dnp3_firmware -
siemens en100_ethernet_module_iec_61850_firmware *
siemens en100_ethernet_module_modbus_tcp_firmware -
siemens en100_ethernet_module_profinet_io_firmware -
CVE-2018-4839 LOW

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.

CVSS 2.0

Severity: LOW

Problem Type: CWE-326,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_iec_104_firmware -
siemens en100_ethernet_module_dnp3_firmware -
siemens en100_ethernet_module_iec_61850_firmware *
siemens siprotec_compact_7sk80_firmware *
siemens digsi_4 *
siemens siprotec_4_7sj66_firmware *
siemens en100_ethernet_module_modbus_tcp_firmware -
siemens siprotec_compact_7sj80_firmware *
siemens en100_ethernet_module_profinet_io_firmware -
CVE-2018-4840 MEDIUM

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_iec_104_firmware -
siemens en100_ethernet_module_dnp3_firmware -
siemens en100_ethernet_module_iec_61850_firmware *
siemens siprotec_compact_7sk80_firmware *
siemens digsi_4 *
siemens siprotec_4_7sj66_firmware *
siemens en100_ethernet_module_modbus_tcp_firmware -
siemens siprotec_compact_7sj80_firmware *
siemens en100_ethernet_module_profinet_io_firmware -
CVE-2018-4841 HIGH

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-303,CWE-287,

Products Affected

Vendor Product Version
siemens tim_1531_irc_firmware *
CVE-2018-4842 LOW

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens scalance_x200irt_firmware *
siemens scalance_x200_firmware *
siemens scalance_x300_firmware -
CVE-2018-4843 MEDIUM

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_s7-300_firmware -
siemens simatic_s7-400_pn/dp_v6_firmware *
siemens simatic_s7-400_pn/dp_v7_firmware -
siemens simatic_s7-400_h_v6_firmware -
siemens simatic_winac_rtx_2010_firmware -
siemens simatic_cp_443-1_firmware -
siemens simatic_s7-410_firmware *
siemens simatic_s7-1500_firmware *
siemens sinumerik_828d_firmware -
siemens softnet_pn-io_linux_firmware -
siemens simatic_cp_343-1_firmware -
CVE-2018-4844 LOW

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N 1.5 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,CWE-269,

Products Affected

Vendor Product Version
siemens simatic_wincc_oa_ui *
CVE-2018-4845 MEDIUM

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-269,

Products Affected

Vendor Product Version
siemens rapidlab_1200_firmware *
siemens rapidpoint_500_firmware *
siemens rapidpoint_400_firmware -
CVE-2018-4846 HIGH

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
siemens rapidlab_1200_firmware *
siemens rapidpoint_500_firmware *
siemens rapidpoint_400_firmware -
CVE-2018-4847 LOW

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.

CVSS 2.0

Severity: LOW

Problem Type: CWE-538,CWE-311,

Products Affected

Vendor Product Version
siemens simatic_wincc_oa_operator -
CVE-2018-4848 MEDIUM

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens scalance_x-200_irt_firmware *
siemens scalance_x-200_firmware *
siemens scalance_x300_firmware *
CVE-2018-4849 MEDIUM

A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. The security vulnerability could be exploited by an attacker in a privileged network position which allows intercepting the communication channel between the affected app and a server (such as Man-in-the-Middle). Furthermore, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate. Successful exploitation requires no user interaction. The vulnerability could allow reading data from and writing data to the encrypted communication channel between the app and a server, impacting the communication's confidentiality and integrity. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
siemens siveillance_vms_video *
CVE-2018-4850 MEDIUM

A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_s7-400_firmware *
siemens simatic_s7-400h_firmware *
CVE-2018-4851 HIGH

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,CWE-20,

Products Affected

Vendor Product Version
siemens siclock_tc400_firmware -
siemens siclock_tc100_firmware -
CVE-2018-4852 HIGH

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,CWE-287,

Products Affected

Vendor Product Version
siemens siclock_tc400_firmware -
siemens siclock_tc100_firmware -
CVE-2018-4853 HIGH

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens siclock_tc400_firmware -
siemens siclock_tc100_firmware -
CVE-2018-4854 HIGH

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens siclock_tc400_firmware -
siemens siclock_tc100_firmware -
CVE-2018-4855 MEDIUM

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-311,

Products Affected

Vendor Product Version
siemens siclock_tc400_firmware -
siemens siclock_tc100_firmware -
CVE-2018-4856 MEDIUM

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens siclock_tc400_firmware -
siemens siclock_tc100_firmware -
CVE-2018-4858 HIGH

A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sicam_scc_firmware -
siemens sicam_pas/pqs *
siemens sicam_pq_analyzer_firmware *
siemens ec_61850_system_configurator_firmware *
siemens digsi_5_firmware *
siemens digsi_4_firmware -
CVE-2018-4859 HIGH

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
siemens scalance_m875_firmware *
CVE-2018-4860 HIGH

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
siemens scalance_m875_firmware *
CVE-2018-4861 MEDIUM

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-200,

Products Affected

Vendor Product Version
siemens scalance_m875_firmware *
CVE-2018-5379 HIGH

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,CWE-415,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 7.4
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.4
quagga quagga *
debian debian_linux 7.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens ruggedcom_rox_ii_firmware *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 14.04
CVE-2018-5380 MEDIUM

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 7.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 17.10
siemens ruggedcom_rox_ii_firmware *
canonical ubuntu_linux 14.04
quagga quagga *
CVE-2018-5381 MEDIUM

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-228,CWE-835,

Products Affected

Vendor Product Version
debian debian_linux 7.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 17.10
siemens ruggedcom_rox_ii_firmware *
canonical ubuntu_linux 14.04
quagga quagga *
CVE-2018-5391 HIGH

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_aus 7.2
microsoft windows_10 -
microsoft windows_server_2016 -
f5 big-ip_advanced_firewall_manager *
linux linux_kernel *
siemens simatic_rf188ci_firmware *
f5 big-ip_domain_name_system *
siemens simatic_rf186ci_firmware *
f5 big-ip_application_security_manager *
microsoft windows_10 1703
siemens scalance_w1700_ieee_802.11ac_firmware *
siemens simatic_net_cp_1243-7_lte_us_firmware *
f5 big-ip_webaccelerator *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
microsoft windows_10 1803
microsoft windows_server_2012 -
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.04
f5 big-ip_edge_gateway *
f5 big-ip_analytics *
redhat enterprise_linux_server_eus 6.7
microsoft windows_server_2016 1709
microsoft windows_server_2016 1803
siemens scalance_m-800_firmware *
siemens simatic_net_cp_1242-7_firmware *
siemens scalance_w700_ieee_802.11a/b/g/n_firmware *
redhat enterprise_linux_workstation 6.0
f5 big-ip_global_traffic_manager *
redhat enterprise_linux_server_aus 7.3
microsoft windows_10 1607
siemens scalance_sc-600_firmware *
siemens sinema_remote_connect_server_firmware *
f5 big-ip_local_traffic_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_application_acceleration_manager *
siemens scalance_s615_firmware *
microsoft windows_server_2012 r2
siemens simatic_net_cp_1543sp-1_firmware *
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.3
microsoft windows_8.1 -
debian debian_linux 8.0
f5 big-ip_link_controller *
microsoft windows_rt_8.1 -
siemens ruggedcom_rox_ii_firmware *
canonical ubuntu_linux 14.04
microsoft windows_7 -
siemens simatic_net_cp_1243-8_irc_firmware *
siemens simatic_rf185c_firmware *
redhat enterprise_linux_desktop 7.0
siemens simatic_rf188_firmware *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.4
microsoft windows_10 1709
redhat enterprise_linux_server_aus 6.5
debian debian_linux 9.0
siemens simatic_net_cp_1543-1_firmware *
canonical ubuntu_linux 12.04
microsoft windows_server_2008 r2
siemens simatic_net_cp_1542sp-1_irc_firmware *
siemens simatic_net_cp_1542sp-1_firmware *
siemens ruggedcom_rm1224_firmware *
redhat enterprise_linux_server_aus 6.4
siemens simatic_net_cp_1243-1_firmware *
siemens simatic_rf186c_firmware *
redhat enterprise_linux_server_tus 7.2
siemens simatic_net_cp_1243-7_lte_eu_firmware *
microsoft windows_server_2008 -
CVE-2018-7064 MEDIUM

A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2018-7082 HIGH

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2018-7083 MEDIUM

If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2018-7084 HIGH

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2018-7891 MEDIUM

The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
milestonesys xprotect *
siemens siveillance_vms *
CVE-2019-0708 HIGH

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
huawei rh2288a_v2_firmware v100r002c00
huawei rh2288h_v2_firmware v100r002c00
siemens mobilett_xp_digital_firmware *
huawei e6000_chassis_firmware v100r001c00
siemens vertix_solitaire_firmware *
huawei rh2285h_v2_firmware v100r002c00
huawei oceanstor_18800f_firmware v100r001c30spc300
huawei ch221_firmware v100r001c00
huawei gtsoftx3000_firmware v200r001c01spc100
siemens streamlab_firmware *
huawei bh620_v2_firmware v100r002c00
siemens rapidpoint_500_firmware *
huawei rh2288_v2_firmware v100r002c00
siemens multix_pro_firmware *
siemens multix_pro_p_firmware *
siemens multix_top_acss_firmware *
huawei gtsoftx3000_firmware v200r002c00spc300
huawei seco_vsm_firmware v200r002c00
huawei x6000_firmware v100r002c00
huawei agile_controller-campus_firmware v100r002c00
huawei gtsoftx3000_firmware v200r002c10spc100
siemens axiom_vertix_solitaire_m_firmware *
siemens centralink_firmware *
huawei smc2.0_firmware v600r006c00
huawei elog_firmware v200r003c10
huawei rh5885_v2_firmware v100r001c00
huawei rh2288e_v2_firmware v100r002c00
huawei rh1288_v2_firmware v100r002c00
huawei bh621_v2_firmware v100r002c00
siemens axiom_multix_m_firmware *
huawei oceanstor_18800_firmware v100r001c30spc300
huawei ch242_firmware v100r001c00
huawei rh2485_v2_firmware v100r002c00
huawei uma_firmware v300r001c00
huawei bh640_v2_firmware v100r002c00
huawei ch140_firmware v100r001c00
siemens multix_top_p_firmware *
huawei agile_controller-campus_firmware v100r002c10
siemens viva_twin_firmware *
siemens multix_pro_navy_firmware *
huawei rh2285_v2_firmware v100r002c00
siemens atellica_solution_firmware *
huawei bh622_v2_firmware v100r001c00
huawei oceanstor_hvs88t_firmware v100r001c00
siemens multix_pro_acss_p_firmware *
huawei rh5885_v3_firmware v100r003c00
siemens aptio_firmware *
huawei rh2268_v2_firmware v100r002c00
huawei oceanstor_18500_firmware v100r001c30spc300
siemens multix_top_acss_p_firmware *
huawei smc2.0_firmware v500r002c00
huawei uma_firmware v200r001c00
microsoft windows_7 -
siemens axiom_vertix_md_trauma_firmware *
huawei ch240_firmware v100r001c00
siemens multix_pro_acss_firmware *
huawei ch242_v3_firmware v100r001c00
huawei x8000_firmware v100r002c20
siemens syngo_lab_process_manager *
microsoft windows_server_2008 r2
siemens multix_top_firmware *
huawei ch220_firmware v100r001c00
huawei espace_ecs_firmware v300r001c00
huawei ch222_firmware v100r002c00
siemens multix_swing_firmware *
huawei oceanstor_hvs85t_firmware v100r001c00
huawei e6000_firmware v100r002c00
huawei oceanstor_hvs85t_firmware v100r001c30spc200
huawei rh1288a_v2_firmware v100r002c00
huawei oceanstor_hvs88t_firmware v100r001c30spc200
siemens viva_e_firmware *
siemens lantis_firmware *
huawei rh2265_v2_firmware v100r002c00
huawei ch121_firmware v100r001c00
microsoft windows_server_2008 -
CVE-2019-10915 MEDIUM

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens sinetplan 2.0
siemens tia_administrator 1.0
CVE-2019-10916 HIGH

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
siemens simatic_wincc *
siemens simatic_wincc_(tia_portal) 15.0
siemens simatic_wincc 7.4
siemens simatic_wincc 7.5
siemens simatic_wincc_(tia_portal) 13.0
siemens simatic_pcs_7 8.2
siemens simatic_wincc 7.3
siemens simatic_wincc_(tia_portal) 14.0
siemens simatic_wincc_runtime_professional *
siemens simatic_pcs_7 9.0
siemens simatic_pcs_7 8.1
siemens simatic_pcs_7 *
CVE-2019-10917 LOW

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-248,CWE-755,

Products Affected

Vendor Product Version
siemens simatic_wincc *
siemens simatic_wincc_(tia_portal) 15.0
siemens simatic_wincc 7.4
siemens simatic_wincc 7.5
siemens simatic_wincc_(tia_portal) 13.0
siemens simatic_pcs_7 8.2
siemens simatic_wincc 7.3
siemens simatic_wincc_(tia_portal) 14.0
siemens simatic_wincc_runtime_professional *
siemens simatic_pcs_7 9.0
siemens simatic_pcs_7 8.1
siemens simatic_pcs_7 *
CVE-2019-10918 HIGH

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-749,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_wincc *
siemens simatic_wincc_(tia_portal) 15.0
siemens simatic_wincc 7.4
siemens simatic_wincc 7.5
siemens simatic_wincc_(tia_portal) 13.0
siemens simatic_pcs_7 8.2
siemens simatic_wincc 7.3
siemens simatic_wincc_(tia_portal) 14.0
siemens simatic_wincc_runtime_professional *
siemens simatic_pcs_7 9.0
siemens simatic_pcs_7 8.1
siemens simatic_pcs_7 *
CVE-2019-10919 HIGH

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens logo!8_bm_firmware *
CVE-2019-10920 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
siemens logo!8_bm_firmware *
CVE-2019-10921 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
siemens logo!8_bm_firmware *
CVE-2019-10922 HIGH

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without "Encrypted Communication", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_wincc *
siemens simatic_pcs_7 *
CVE-2019-10923 MEDIUM

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-300_cpu_315-2_dp_firmware *
siemens sinamics_gh150_firmware *
siemens cp1616_firmware *
siemens simatic_s7-300_cpu_316-2_dp_firmware *
siemens sinumerik_840d_sl *
siemens scalance_x-200irt_firmware *
siemens sinamics_s150_firmware *
siemens sinamics_sl150_firmware 4.7
siemens dk_standard_ethernet_controller_firmware 4.1.1
siemens simatic_s7-400_v6_firmware *
siemens sinamics_dcm_firmware 1.5
siemens sinamics_g110m_firmware 4.7
siemens simatic_s7-300_cpu_315_firmware *
siemens simatic_et_200s_firmware *
siemens simatic_s7-300_cpu_firmware *
siemens sinamics_g130_firmware *
siemens sinamics_gm150_firmware *
siemens simatic_s7-300_cpu_313_firmware *
siemens sinamics_s120_firmware 4.7
siemens simatic_s7-300_cpu_312_ifm_firmware *
siemens ek-ertec_200_firmware 4.5.0
siemens simatic_pn/pn_coupler_6es7158-3ad01-0xa0_firmware *
siemens cp1604_firmware *
siemens sinamics_gl150_firmware 4.8
siemens simatic_winac_rtx_(f)_firmware 2010
siemens simatic_s7-400_dp_v7_firmware *
siemens sinamics_s120_firmware *
siemens simatic_s7-300_cpu_318-2_firmware *
siemens sinamics_dcp_firmware *
siemens simatic_s7-300_cpu_314_firmware *
siemens sinamics_dcm_firmware *
siemens sinamics_gl150_firmware *
siemens dk_standard_ethernet_controller_firmware *
siemens simatic_winac_rtx_(f)_firmware *
siemens simatic_s7-300_cpu_314_ifm_firmware *
siemens sinamics_s110_firmware *
siemens ek-ertec_200p_firmware *
siemens sinamics_g150_firmware *
siemens sinamics_g110m_firmware *
siemens ek-ertec_200_firmware *
siemens simatic_et_200m_firmware *
siemens sinamics_gh150_firmware 4.8
siemens sinamics_g120_firmware 4.7
siemens sinamics_sl150_firmware *
siemens sinamics_g120_firmware *
siemens sinamics_g130_firmware 4.7
siemens sinamics_sm120_firmware *
siemens sinamics_gm150_firmware 4.8
siemens simotion_firmware *
siemens simatic_s7-400_pn_v7_firmware *
siemens sinumerik_828d *
siemens simatic_et_200ecopn_firmware *
siemens sinumerik_828d 4.8
CVE-2019-10924 MEDIUM

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.3). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens logo!_soft_comfort *
CVE-2019-10925 MEDIUM

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_mv420_firmware *
siemens simatic_mv440_firmware *
CVE-2019-10926 LOW

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted.

CVSS 2.0

Severity: LOW

Problem Type: CWE-319,CWE-310,

Products Affected

Vendor Product Version
siemens simatic_mv420_firmware *
siemens simatic_mv440_firmware *
CVE-2019-10927 MEDIUM

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-703,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens scalance_xb-200_firmware 4.1
siemens scalance_xf-200ba_firmware 4.1
siemens scalance_xr-300wg_firmware 4.1
siemens scalance_xp-200_firmware 4.1
siemens scalance_xc-200_firmware 4.1
CVE-2019-10928 MEDIUM

A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-703,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens scalance_sc-600_firmware 2.0
CVE-2019-10929 MEDIUM

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_wincc *
siemens simatic_hmi_panel_firmware *
siemens simatic_s7-plcsim_advanced *
siemens simatic_wincc_open_architecture *
siemens simatic_s7-1500 *
siemens simatic_tim_1531_irc_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_net_pc *
siemens simatic_wincc_open_architecture 3.16
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1500_cpu_1511c_firmware *
siemens simatic_step_7 *
siemens simatic_s7-1500_cpu_1518_firmware *
siemens simatic_cp_1626_firmware *
siemens simatic_wincc_runtime *
siemens simatic_s7-1500_cpu_1512c_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware *
CVE-2019-10930 MEDIUM

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,CWE-434,

Products Affected

Vendor Product Version
siemens siprotec_5_digsi_device_driver 7.90
siemens digsi_5_engineering_software 7.90
CVE-2019-10931 MEDIUM

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-248,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens digsi_5_engineering_software *
siemens siprotec_5_digsi_device_driver *
CVE-2019-10933 MEDIUM

A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens spectrum_power_5 *
siemens spectrum_power_3 *
siemens spectrum_power_4 *
siemens spectrum_power_7 *
CVE-2019-10934 HIGH

A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens totally_integrated_automation_portal *
CVE-2019-10935 MEDIUM

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
siemens simatic_wincc *
siemens simatic_wincc 13
siemens simatic_pcs_7 8.0
siemens simatic_wincc_runtime 15.1
siemens simatic_wincc 7.4
siemens simatic_wincc 14
siemens simatic_wincc 7.5
siemens simatic_wincc 15
siemens simatic_pcs_7 8.2
siemens simatic_wincc 7.3
siemens simatic_wincc_runtime 13
siemens simatic_wincc_runtime 14
siemens simatic_pcs_7 9.0
siemens simatic_pcs_7 8.1
siemens simatic_wincc_runtime 15
CVE-2019-10936 MEDIUM

Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-300_cpu_315-2_dp_firmware *
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_hmi_comfort_panels_22"_firmware *
siemens simatic_s7-300_cpu_316-2_dp_firmware *
siemens sinumerik_840d_sl *
siemens simatic_profinet_driver_firmware *
siemens sinamics_s150_firmware *
siemens sinamics_sl150_firmware 4.7
siemens simatic_hmi_ktp_mobile_panels_firmware *
siemens simatic_s7-400_v6_firmware *
siemens sinamics_dcm_firmware 1.5
siemens sinamics_g110m_firmware 4.7
siemens simatic_s7-300_cpu_315_firmware *
siemens simatic_et_200s_firmware *
siemens simatic_s7-300_cpu_firmware *
siemens sinamics_g130_firmware *
siemens sinamics_gm150_firmware *
siemens ek-ertec_200p_firmware 4.6
siemens simatic_s7-1500_cpu_1518_firmware *
siemens simatic_et_200sp_im_155-6_pn_ba_firmware *
siemens simatic_et_200pro_firmware *
siemens simatic_s7-300_cpu_313_firmware *
siemens simatic_et_200sp_im_155-6_pn_hs_firmware *
siemens simatic_s7-300_cpu_312_ifm_firmware *
siemens simatic_hmi_comfort_panels_4"_firmware *
siemens sinamics_gl150_firmware 4.8
siemens simatic_et_200sp_im_155-6_pn/2_hf_firmware *
siemens simatic_et_200sp_im_155-6_pn_st_firmware *
siemens simatic_winac_rtx_(f)_firmware 2010
siemens simatic_et_200mp_im_155-5_pn_hf_firmware *
siemens simatic_s7-400_dp_v7_firmware *
siemens sinamics_s120_firmware *
siemens sinamics_sm120_firmware -
siemens simatic_s7-300_cpu_318-2_firmware *
siemens sinamics_dcp_firmware *
siemens simatic_s7-300_cpu_314_firmware *
siemens sinamics_dcm_firmware *
siemens simatic_et_200mp_im_155-5_pn_ba_firmware *
siemens sinamics_g130_firmware 5.2
siemens sinamics_gl150_firmware *
siemens dk_standard_ethernet_controller_firmware *
siemens simatic_s7-410_v8_firmware *
siemens simatic_winac_rtx_(f)_firmware *
siemens simatic_s7-300_cpu_314_ifm_firmware *
siemens simatic_et_200sp_im_155-6_pn_ha_firmware *
siemens sinamics_s110_firmware *
siemens simatic_s7-400h_v6_firmware *
siemens simatic_pn/pn_coupler_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1500s_cpu_firmware *
siemens simatic_s7-1500_cpu_1511c_firmware *
siemens sinamics_s150_firmware 5.2
siemens ek-ertec_200p_firmware *
siemens simatic_s7-1500t_cpu_firmware *
siemens simatic_s7-1500_cpu_1512c_firmware *
siemens sinamics_g150_firmware *
siemens sinamics_g110m_firmware *
siemens sinamics_s120_firmware 5.2
siemens ek-ertec_200_firmware *
siemens simatic_s7-1200_cpu_firmware *
siemens simatic_et_200m_firmware *
siemens sinamics_g150_firmware 5.2
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_et_200al_firmware *
siemens simatic_cfu_pa_firmware *
siemens sinamics_g120_firmware 4.7
siemens sinamics_sl150_firmware *
siemens sinamics_g120_firmware *
siemens simatic_et_200mp_im_155-5_pn_st_firmware *
siemens sinamics_gm150_firmware 4.8
siemens simatic_et_200sp_im_155-6_pn_hf_firmware *
siemens simatic_et_200sp_im_155-6_pn/3_hf_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware *
siemens simatic_s7-400_pn_v7_firmware *
siemens sinumerik_828d *
siemens simatic_et_200ecopn_firmware *
siemens sinumerik_828d 4.8
CVE-2019-10937 MEDIUM

A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_tdc_cp51m1_firmware *
CVE-2019-10938 HIGH

A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens siprotec_5_digsi_device_driver *
CVE-2019-10939 MEDIUM

A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-489,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens tim_4r-ie_firmware *
siemens tim_4r-ie_dnp3_firmware *
siemens tim_3v-ie_firmware *
siemens tim_3v-ie_advanced_firmware *
siemens tim_3v-ie_dnp3_firmware *
CVE-2019-10940 HIGH

A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-266,CWE-269,

Products Affected

Vendor Product Version
siemens sinema_server 14.0
siemens sinema_server *
CVE-2019-10941 MEDIUM

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens sinema_server 14.0
siemens sinema_server *
CVE-2019-10942 MEDIUM

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens scalance_x-200irt_firmware *
siemens scalance_x-200_firmware *
siemens scalance_x-200rna_firmware *
CVE-2019-10943 MEDIUM

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-353,CWE-345,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1500_software_controller *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1500_cpu_1511c_firmware *
siemens simatic_s7_plcsim_advanced *
siemens simatic_s7-1500_cpu_1518_firmware *
siemens simatic_s7-1500_cpu_1512c_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware *
CVE-2019-10953 MEDIUM

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
wago pfc100_firmware -
phoenixcontact ilc_151_eth_firmware -
schneider-electric modicon_m221_firmware *
wago ethernet_firmware -
wago knx_ip_firmware -
siemens 6es7314-6eh04-0ab0_firmware -
abb pm554-tp-eth_firmware -
siemens 6es7211-1ae40-0xb0_firmware -
siemens 6ed1052-1cc01-0ba8_firmware -
wago bacnet/ip_firmware -
CVE-2019-11745 MEDIUM

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mozilla firefox_esr *
opensuse leap 15.1
siemens ruggedcom_rox_rx1400_firmware *
debian debian_linux 9.0
siemens ruggedcom_rox_rx1501_firmware *
redhat enterprise_linux_server_aus 6.6
mozilla thunderbird *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
canonical ubuntu_linux 16.04
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
canonical ubuntu_linux 19.10
mozilla firefox *
siemens ruggedcom_rox_rx5000_firmware *
canonical ubuntu_linux 18.04
CVE-2019-12255 HIGH

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7018_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12256 HIGH

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7018_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12257 MEDIUM

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens ruggedcom_win7018_firmware *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12258 MEDIUM

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
windriver vxworks 7.0
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7018_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12259 MEDIUM

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens 9410_power_meter_firmware *
sonicwall sonicos 6.2.7.0
windriver vxworks 7.0
siemens 9810_power_meter_firmware *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens ruggedcom_win7018_firmware *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12260 HIGH

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
windriver vxworks 7.0
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7018_firmware *
siemens power_meter_9810_firmware *
oracle communications_eagle *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12261 HIGH

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
windriver vxworks 7.0
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7018_firmware *
siemens power_meter_9810_firmware *
oracle communications_eagle *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12262 HIGH

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens ruggedcom_win7025_firmware *
windriver vxworks 6.6
siemens ruggedcom_win7018_firmware *
siemens ruggedcom_win7200_firmware *
windriver vxworks 6.7
windriver vxworks 6.9
windriver vxworks 6.8
windriver vxworks 7.0
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12263 MEDIUM

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-787,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
windriver vxworks 7.0
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7018_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12264 MEDIUM

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-88,

Products Affected

Vendor Product Version
windriver vxworks 6.6
windriver vxworks 6.7
windriver vxworks 7.0
siemens ruggedcom_win7025_firmware *
siemens ruggedcom_win7018_firmware *
windriver vxworks 6.9.4
siemens ruggedcom_win7200_firmware *
windriver vxworks 6.8
belden garrettcom_magnum_dx940e_firmware *
windriver vxworks 6.9.3
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12265 MEDIUM

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
sonicwall sonicos 6.2.7.0
windriver vxworks 7.0
netapp e-series_santricity_os_controller *
sonicwall sonicos 6.2.7.1
siemens ruggedcom_win7025_firmware *
sonicwall sonicos 6.2.7.7
windriver vxworks *
sonicwall sonicos *
siemens power_meter_9410_firmware *
siemens ruggedcom_win7018_firmware *
siemens power_meter_9810_firmware *
siemens ruggedcom_win7200_firmware *
siemens siprotec_5_firmware *
belden garrettcom_magnum_dx940e_firmware *
siemens ruggedcom_win7000_firmware *
belden hirschmann_hios *
CVE-2019-12815 HIGH

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-755,

Products Affected

Vendor Product Version
siemens simatic_cp_1543-1_firmware *
fedoraproject fedora 30
fedoraproject fedora 29
debian debian_linux 8.0
debian debian_linux 9.0
proftpd proftpd *
debian debian_linux 10.0
CVE-2019-13918 HIGH

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,CWE-521,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 2.0
siemens sinema_remote_connect_server *
CVE-2019-13919 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 2.0
siemens sinema_remote_connect_server *
CVE-2019-13920 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 2.0
siemens sinema_remote_connect_server *
CVE-2019-13921 MEDIUM

A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-410,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_winac_rtx_(f)_2010 sp2
siemens simatic_winac_rtx_(f)_2010 -
siemens simatic_winac_rtx_(f)_2010 sp1
siemens simatic_winac_rtx_(f)_2010 *
CVE-2019-13922 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-311,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 2.0
siemens sinema_remote_connect_server *
CVE-2019-13923 MEDIUM

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens ie/wsn-pa_link_wirelesshart_gateway_firmware *
CVE-2019-13924 MEDIUM

A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,CWE-1021,

Products Affected

Vendor Product Version
siemens scalance_xr-300_firmware *
siemens scalance_xc-200_firmware *
siemens scalance_x-200irt_firmware *
siemens scalance_xb-200_firmware *
siemens scalance_xf-200_firmware *
siemens scalance_xp-200_firmware *
siemens scalance_x-300_firmware *
siemens scalance_xr-300wg_firmware *
CVE-2019-13925 MEDIUM

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens scalance_s623_firmware *
siemens scalance_s602_firmware *
siemens scalance_s612_firmware *
siemens scalance_s627-2m_firmware *
CVE-2019-13926 HIGH

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens scalance_s623_firmware *
siemens scalance_s602_firmware *
siemens scalance_s612_firmware *
siemens scalance_s627-2m_firmware *
CVE-2019-13927 MEDIUM

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-472,CWE-668,

Products Affected

Vendor Product Version
siemens pxc00-u_firmware *
siemens pxa40-w2_firmware *
siemens pxa30-w2_firmware *
siemens pxc36.1-e.d_firmware *
siemens pxc200-e.d_firmware *
siemens pxc128-u_firmware *
siemens pxc50-e.d_firmware *
siemens pxa30-w0_firmware *
siemens pxa30-w1_firmware *
siemens pxc100-e.d_firmware *
siemens pxa40-w0_firmware *
siemens pxc36-e.d_firmware *
siemens pxc22.1-e.d_firmware *
siemens pxc00-e.d_firmware *
siemens pxc64-u_firmware *
siemens pxa40-w1_firmware *
CVE-2019-13929 MEDIUM

A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-330,

Products Affected

Vendor Product Version
siemens simatic_it_uadm *
CVE-2019-13930 MEDIUM

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-13931 LOW

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-13932 MEDIUM

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-13933 HIGH

A vulnerability has been identified in SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens scalance_x204rna_firmware *
siemens scalance_xr-300_firmware *
siemens siplus_net_csm_1277_firmware *
siemens scalance_x-300_firmware *
siemens scalance_x-200rna_firmware *
siemens scalance_xr-300wg_firmware *
siemens scalance_x408-2_firmware *
CVE-2019-13934 LOW

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
productcert@siemens.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens polarion *
CVE-2019-13935 LOW

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
productcert@siemens.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens polarion *
CVE-2019-13936 LOW

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a persistent XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 2.1 1.4
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens polarion *
CVE-2019-13939 MEDIUM

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens nucleus_rtos *
siemens nucleus_net *
siemens desigo_pxc_firmware *
siemens nucleus_safetycert *
siemens nucleus_readystart *
siemens desigopxc200-e.d_firmware -
siemens simotics_connect_400_firmware *
siemens desigopxc64-u_firmware -
siemens desigo_pxc001-e.d_firmware *
siemens desigo_pxc00-e.d_firmware *
siemens capital_vstar *
siemens desigo_pxc22.1-e.d_firmware *
siemens apogee_modular_building_controller_firmware *
siemens desigo_pxc36.1-e.d_firmware *
siemens apogee_modular_equiment_controller_firmware *
siemens desigopxm20-e_firmware -
siemens desigopxc128-u_firmware -
siemens desigo_pxc22-e.d_firmware *
siemens desigopxc100-e.d_firmware -
siemens desigo_pxc12-e.d_firmware *
siemens desigopxc50-e.d_firmware -
siemens nucleus_source_code *
siemens apogee_pxc_firmware *
siemens desigo_pxc00-u_firmware *
siemens talon_tc_firmware *
siemens desigo_pxm20_firmware *
CVE-2019-13940 MEDIUM

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens s7-1200_cpu_1215c_firmware *
siemens s7-1200_cpu_1217c_firmware *
siemens simatic_s7-300_cpu_319-3_pn/dp_firmware *
siemens simatic_s7-300_cpu_315-2dp_firmware *
siemens s7-1200_cpu_1211c_firmware *
siemens s7-1200_cpu_1214fc_firmware *
siemens simatic_s7-300_cpu_317-2_pn/dp_firmware *
siemens simatic_s7-300_cpu_315-2_pn/dp_firmware *
siemens s7-1200_cpu_1212fc_firmware *
siemens siplus_cpu_1214c_firmware *
siemens siplus_s7-300_cpu_315-2_pn/dp_firmware *
siemens s7-1200_cpu_1214c_firmware *
siemens simatic_s7-300_cpu_317-2_dp_firmware *
siemens siplus_s7-1200_firmware *
siemens s7-1200_cpu_1212c_firmware *
siemens siplus_s7-300_cpu_314_firmware *
siemens simatic_winac_rtx_(f)_2010 *
siemens siplus_cpu_1215c_firmware *
siemens simatic_s7-400_pn/dp_cpu_firmware *
siemens siplus_s7-300_cpu_315-2_dp_firmware *
siemens siplus_s7-300_cpu_317-2_pn/dp_firmware *
siemens siplus_cpu_1211c_firmware *
siemens siplus_cpu_1212c_firmware *
siemens s7-1200_cpu_1215fc_firmware *
CVE-2019-13941 MEDIUM

A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,CWE-552,

Products Affected

Vendor Product Version
siemens ozw672_firmware *
siemens ozw772_firmware *
CVE-2019-13942 MEDIUM

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_with_firmware_variant_profinet_io *
siemens en100_ethernet_module_with_firmware_variant_dnp3_tcp *
siemens en100_ethernet_module_with_firmware_variant_modbus_tcp *
siemens en100_ethernet_module_with_firmware_variant_iec104 *
siemens en100_ethernet_module_with_firmware_variant_iec_61850 *
CVE-2019-13943 MEDIUM

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_with_firmware_variant_profinet_io *
siemens en100_ethernet_module_with_firmware_variant_dnp3_tcp *
siemens en100_ethernet_module_with_firmware_variant_modbus_tcp *
siemens en100_ethernet_module_with_firmware_variant_iec104 *
siemens en100_ethernet_module_with_firmware_variant_iec_61850 *
CVE-2019-13944 MEDIUM

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_with_firmware_variant_profinet_io *
siemens en100_ethernet_module_with_firmware_variant_dnp3_tcp *
siemens en100_ethernet_module_with_firmware_variant_modbus_tcp *
siemens en100_ethernet_module_with_firmware_variant_iec104 *
siemens en100_ethernet_module_with_firmware_variant_iec_61850 *
CVE-2019-13945 MEDIUM

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-749,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_s7-200_smart_cpu_st60_firmware *
siemens simatic_s7-200_smart_cpu_st20_firmware *
siemens simatic_s7-200_smart_cpu_cr20s_firmware *
siemens simatic_s7-200_smart_cpu_cr60s_firmware *
siemens simatic_s7-200_smart_cpu_sr30_firmware *
siemens simatic_s7-1200_firmware *
siemens simatic_s7-200_smart_cpu_sr40_firmware *
siemens simatic_s7-200_smart_cpu_cr60_firmware *
siemens simatic_s7-200_smart_cpu_cr40_firmware *
siemens simatic_s7-200_smart_cpu_sr20_firmware *
siemens simatic_s7-200_smart_cpu_cr30s_firmware *
siemens simatic_s7-200_smart_cpu_cr40s_firmware *
siemens s7-200_smart_firmware *
siemens simatic_s7-200_smart_cpu_sr60_firmware *
siemens simatic_s7-200_smart_cpu_st30_firmware *
siemens simatic_s7-200_smart_cpu_st40_firmware *
CVE-2019-13946 HIGH

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens scalance_x-200irt_firmware *
siemens scalance_xb-200_firmware *
siemens scalance_xr528_firmware *
siemens simatic_et200mp_im155-5_pn_st_firmware *
siemens scalance_x-400_firmware *
siemens im_154-3_pn_hf_firmware *
siemens simatic_mv420_firmware *
siemens scalance_xr552_firmware *
siemens simatic_rf180c_firmware *
siemens simatic_et200m_im153-4_pn_io_st_firmware *
siemens scalance_xr526_firmware *
siemens scalance_x-300_firmware *
siemens scalance_xr-300wg_firmware *
siemens scalance_w700_ieee_802.11n_firmware *
siemens scalance_m-800_firmware *
siemens simatic_cp_1604_firmware *
siemens simatic_rf182c_firmware *
siemens im_154-4_pn_hf_firmware *
siemens simatic_mv440_firmware *
siemens simatic_et200al_im_157-1_pn_firmware *
siemens scalance_xf-200ba_firmware *
siemens sinamics_dcp_firmware *
siemens scalance_s615_firmware *
siemens simatic_et200sp_im155-6_pn_hf_firmware *
siemens simatic_cp_343-1_firmware *
siemens dk_standard_ethernet_controller *
siemens simatic_ipc_support *
siemens simatic_pn/pn_coupler_firmware *
siemens simatic_cp_343-1_advanced_firmware *
siemens ek-ertec_200p_firmware *
siemens simatic_cp_1616_firmware *
siemens simatic_et200sp_im155-6_pn_basic_firmware *
siemens ek-ertec_200_firmware *
siemens simatic_cp_443-1_opc_ua_firmware *
siemens simatic_et200pro_firmware *
siemens simatic_cp_343-1_erpc_firmware *
siemens scalance_xf-200_firmware *
siemens scalance_xp-200_firmware *
siemens profinet_driver *
siemens simatic_cp_443-1_advanced_firmware *
siemens simatic_et200ecopn_firmware *
siemens simatic_et200mp_im155-5_pn_hf_firmware *
siemens ruggedcom_rm1224_firmware *
siemens scalance_xc-200_firmware *
siemens simatic_et200s_firmware *
siemens scalance_xm-400_firmware *
siemens simatic_cp_343-1_lean_firmware *
siemens simatic_cp_443-1_firmware *
siemens simatic_et200m_im153-4_pn_io_hf_firmware *
siemens simatic_rf600_firmware *
siemens scalance_xr524_firmware *
siemens simatic_et200sp_im155-6_pn_st_firmware *
CVE-2019-13947 MEDIUM

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
productcert@siemens.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-317,CWE-312,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-15681 MEDIUM

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,CWE-665,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2019-16905 MEDIUM

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
siemens scalance_x204rna_firmware *
netapp steelstore_cloud_integrated_storage -
openbsd openssh *
netapp cloud_backup -
siemens scalance_x204rna_ecc_firmware *
CVE-2019-17006 HIGH

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-119,

Products Affected

Vendor Product Version
mozilla network_security_services *
siemens ruggedcom_rox_rx1400_firmware *
netapp hci_compute_node -
netapp hci_storage_node -
siemens ruggedcom_rox_rx1501_firmware *
netapp solidfire -
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx5000_firmware *
netapp hci_management_node -
CVE-2019-17007 MEDIUM

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1512_firmware *
mozilla network_security_services *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2019-18283 HIGH

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18284 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-306,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18285 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18286 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-200,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18287 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-200,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18288 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-434,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18289 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18290 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18291 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18292 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18293 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18294 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18295 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18296 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18297 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18298 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18299 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18300 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18301 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18302 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18303 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18304 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18305 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18306 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18307 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18308 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18309 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18310 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18311 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-952,CWE-306,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18312 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18313 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18314 HIGH

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18315 HIGH

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18316 HIGH

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18317 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18318 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18319 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18320 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-434,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18321 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18322 MEDIUM

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18323 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18324 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18325 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18326 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18327 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18328 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18329 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18330 HIGH

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sppa-t3000_ms3000_migration_server *
CVE-2019-18331 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18332 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-287,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18333 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18334 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18335 MEDIUM

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
siemens sppa-t3000_application_server r8.2
siemens sppa-t3000_application_server *
CVE-2019-18336 HIGH

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-300_cpu_315-2_dp_firmware *
siemens simatic_s7-300_cpu_314_firmware *
siemens simatic_s7-300_cpu_313_firmware *
siemens simatic_s7-300_cpu_316-2_dp_firmware *
siemens sinumerik_840d_sl *
siemens simatic_tdc_cp51m1_firmware *
siemens simatic_s7-300_cpu_312_ifm_firmware *
siemens simatic_tdc_cpu555_firmware *
siemens simatic_s7-300_cpu_314_ifm_firmware *
siemens simatic_s7-300_cpu_315_firmware *
siemens simatic_s7-300_cpu_firmware *
siemens simatic_s7-300_cpu_318-2_firmware *
CVE-2019-18337 MEDIUM

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-18338 MEDIUM

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
productcert@siemens.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-18339 HIGH

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-18340 LOW

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-18341 MEDIUM

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-18342 HIGH

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-749,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens control_center_server *
CVE-2019-19242 MEDIUM

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
canonical ubuntu_linux 16.04
sqlite sqlite 3.30.1
canonical ubuntu_linux 12.04
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
oracle mysql_workbench *
redhat enterprise_linux 8.0
CVE-2019-19244 MEDIUM

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
canonical ubuntu_linux 19.10
canonical ubuntu_linux 19.04
oracle mysql_workbench *
CVE-2019-19276 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware 16
siemens simatic_hmi_ktp_mobile_panels_firmware 16
CVE-2019-19277 MEDIUM

A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-778,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens siport_mp *
CVE-2019-19278 HIGH

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,CWE-362,

Products Affected

Vendor Product Version
siemens sinamics_perfect_harmony_gh180_firmware *
CVE-2019-19279 HIGH

A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens siprotec_compact *
siemens siprotec_4 *
CVE-2019-19281 HIGH

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_1517-3_dp_firmware *
siemens simatic_s7-1500_cpu_1513-1_pn_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn_firmware *
siemens simatic_s7-1500_cpu_1507s_firmware *
siemens simatic_s7-1500_cpu_1508s_f_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_s7-1500_cpu_1508s_firmware *
siemens simatic_s7-1500_cpu_1518-4_dp_firmware *
siemens simatic_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn_firmware *
siemens simatic_s7-1500_cpu_1516-3_dp_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn_firmware *
siemens simatic_s7-1500_cpu_1515-2_pn_firmware *
siemens simatic_s7-1500_cpu_1507s_f_firmware *
CVE-2019-19282 HIGH

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-131,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_wincc 15.1
siemens simatic_wincc 13
siemens simatic_wincc 7.4
siemens simatic_net_pc 16
siemens simatic_wincc 14.0.1
siemens simatic_wincc 7.5
siemens simatic_net_pc *
siemens openpcs_7 9.0
siemens simatic_pcs_7 8.2
siemens simatic_batch 9.0
siemens openpcs_7 9.0_update_1
siemens simatic_pcs_7 9.0
siemens simatic_route_control *
siemens simatic_route_control 9.0
siemens simatic_pcs_7 8.1
siemens simatic_wincc 7.5.1
siemens simatic_wincc 16
CVE-2019-19283 MEDIUM

A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-19284 LOW

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-19285 LOW

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow injections that could lead to XSS attacks if unsuspecting users are tricked into accessing a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-19286 MEDIUM

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-19287 MEDIUM

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-19288 MEDIUM

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-19289 MEDIUM

A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
siemens xhq *
CVE-2019-19290 MEDIUM

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-19291 LOW

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-313,CWE-312,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-19292 MEDIUM

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-19293 MEDIUM

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N 1.6 4.0
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-19294 LOW

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N 1.8 4.0
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-19295 MEDIUM

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-778,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-19296 MEDIUM

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
productcert@siemens.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-19297 MEDIUM

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens sinvr_3_video_server *
siemens sinvr_3_central_control_server *
CVE-2019-19298 MEDIUM

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens sinvr/sivms_video_server *
CVE-2019-19299 MEDIUM

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,CWE-326,

Products Affected

Vendor Product Version
siemens sinvr/sivms_video_server *
CVE-2019-19300 MEDIUM

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET 200eco PN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET 200eco PN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET 200eco PN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET 200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_et200sp_im155-6_pn_ha_firmware *
siemens simatic_s7-410_cpu_firmware *
siemens simatic_s7-1500_cpu_1513-1_pn_firmware *
siemens sinamics_s/g_control_unit_firmware *
siemens simatic_et200sp_im155-6_pn_hf_firmware *
siemens simatic_et200sp_im155-6_mf_hf_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens simatic_tdc_cpu555_firmware *
siemens simatic_pn/pn_coupler_firmware *
siemens simatic_s7-400_pn/dp_firmware *
siemens simatic_s7-300_cpu_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware *
siemens simatic_micro-drive_pdc_firmware *
siemens sidoor_ate530s_coated_firmware *
siemens ktk_ate530s_firmware *
siemens simatic_tdc_cp51m1_firmware *
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware *
siemens simatic_s7-1500 *
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_et200mp_im155-5_pn_hf_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens simatic_winac_rtx_(f)_2010_firmware *
siemens sidoor_ate531s_firmware *
siemens simatic_et200sp_im155-6_pn/2_hf_firmware *
siemens simatic_s7-1500_cpu_1515-2_pn_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware *
siemens sidoor_atd430w_firmware *
CVE-2019-19301 MEDIUM

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens scalance_x-200irt_firmware *
siemens scalance_xb-200_firmware *
siemens simatic_rf182c_firmware *
siemens scalance_xf-200_firmware *
siemens scalance_xp-200_firmware *
siemens simatic_cp_443-1_advanced_firmware *
siemens scalance_x-200irt_pro_firmware *
siemens scalance_xr-300_firmware *
siemens simatic_rf180c_firmware *
siemens scalance_xc-200_firmware *
siemens scalance_x-300_firmware *
siemens simatic_cp_443-1_firmware *
siemens scalance_xr-300wg_firmware *
CVE-2019-19317 HIGH

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-681,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
netapp ontap_select_deploy_administration_utility -
netapp cloud_backup -
oracle mysql_workbench *
CVE-2019-19603 MEDIUM

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
apache guacamole 1.3.0
netapp ontap_select_deploy_administration_utility -
netapp cloud_backup -
oracle mysql_workbench *
siemens sinec_infrastructure_network_services 1.0.1.1
CVE-2019-19645 LOW

alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-674,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
netapp ontap_select_deploy_administration_utility -
netapp cloud_backup -
oracle mysql_workbench *
sqlite sqlite *
tenable tenable.sc *
CVE-2019-19646 HIGH

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-754,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
netapp ontap_select_deploy_administration_utility -
netapp cloud_backup -
oracle mysql_workbench *
sqlite sqlite *
tenable tenable.sc *
CVE-2019-19880 MEDIUM

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse backports_sle 15.0
opensuse leap 15.1
debian debian_linux 9.0
netapp cloud_backup -
debian debian_linux 10.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
suse package_hub -
redhat enterprise_linux_server 6.0
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
oracle mysql_workbench *
CVE-2019-19923 MEDIUM

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse backports_sle 15.0
opensuse leap 15.1
debian debian_linux 9.0
netapp cloud_backup -
debian debian_linux 10.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
suse package_hub -
redhat enterprise_linux_server 6.0
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
oracle mysql_workbench *
CVE-2019-19924 MEDIUM

SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
apache bookkeeper 4.12.1
netapp cloud_backup -
oracle mysql_workbench *
CVE-2019-19925 MEDIUM

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
opensuse backports_sle 15.0
opensuse leap 15.1
debian debian_linux 9.0
netapp cloud_backup -
debian debian_linux 10.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
suse package_hub -
redhat enterprise_linux_server 6.0
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
oracle mysql_workbench *
CVE-2019-19926 MEDIUM

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opensuse backports_sle 15.0
opensuse leap 15.1
debian debian_linux 9.0
netapp cloud_backup -
debian debian_linux 10.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
suse package_hub -
redhat enterprise_linux_server 6.0
siemens sinec_infrastructure_network_services *
sqlite sqlite 3.30.1
oracle mysql_workbench *
CVE-2019-19956 MEDIUM

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,CWE-772,

Products Affected

Vendor Product Version
fedoraproject fedora 30
netapp steelstore_cloud_integrated_storage -
siemens sinema_remote_connect_server *
debian debian_linux 9.0
canonical ubuntu_linux 12.04
netapp ontap_select_deploy_administration_utility -
netapp manageability_software_development_kit -
netapp active_iq_unified_manager -
canonical ubuntu_linux 16.04
xmlsoft libxml2 *
debian debian_linux 8.0
netapp clustered_data_ontap -
canonical ubuntu_linux 19.10
oracle real_user_experience_insight 13.3.1.0
netapp clustered_data_ontap_antivirus_connector -
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
fedoraproject fedora 32
CVE-2019-20788 HIGH

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2019-20839 MEDIUM

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
canonical ubuntu_linux 20.04
opensuse leap 15.2
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2019-20840 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
canonical ubuntu_linux 20.04
opensuse leap 15.2
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2019-3822 HIGH

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
debian debian_linux 9.0
oracle communications_operations_monitor 3.4
oracle services_tools_bundle 19.2
siemens sinema_remote_connect_client *
oracle enterprise_manager_ops_center 12.3.3
netapp clustered_data_ontap *
oracle communications_operations_monitor 4.0
canonical ubuntu_linux 16.04
oracle secure_global_desktop 5.4
netapp snapcenter -
oracle mysql_server *
netapp oncommand_workflow_automation -
netapp active_iq_unified_manager *
haxx libcurl *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
netapp oncommand_insight -
oracle enterprise_manager_ops_center 12.4.0
redhat enterprise_linux 8.0
CVE-2019-5317 MEDIUM

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2019-5318 HIGH

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
siemens scalance_w1750d_firmware -
arubanetworks arubaos *
CVE-2019-5319 HIGH

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2019-6109 MEDIUM

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-116,

Products Affected

Vendor Product Version
fedoraproject fedora 30
fujitsu m12-2s_firmware *
redhat enterprise_linux_eus 8.4
netapp storage_automation_store -
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
canonical ubuntu_linux 16.04
debian debian_linux 8.0
fujitsu m10-4s_firmware *
netapp ontap_select_deploy -
netapp element_software -
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
winscp winscp *
redhat enterprise_linux 8.0
fujitsu m10-1_firmware *
fujitsu m12-2_firmware *
redhat enterprise_linux_eus 8.2
fujitsu m10-4_firmware *
openbsd openssh *
debian debian_linux 9.0
redhat enterprise_linux_server_tus 8.6
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.1
fujitsu m12-1_firmware *
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 18.10
siemens scalance_x204rna_eec_firmware *
CVE-2019-6110 MEDIUM

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-838,CWE-838,

Products Affected

Vendor Product Version
siemens scalance_x204rna_firmware *
openbsd openssh *
netapp storage_automation_store -
netapp ontap_select_deploy -
netapp element_software -
siemens scalance_x204rna_eec_firmware *
winscp winscp *
CVE-2019-6111 MEDIUM

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
fedoraproject fedora 30
fujitsu m12-2s_firmware *
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
apache mina_sshd 2.2.0
redhat enterprise_linux_server_aus 8.2
canonical ubuntu_linux 16.04
debian debian_linux 8.0
freebsd freebsd 12.0
fujitsu m10-4s_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
winscp winscp *
redhat enterprise_linux 8.0
fujitsu m10-1_firmware *
fujitsu m12-2_firmware *
redhat enterprise_linux_eus 8.2
fujitsu m10-4_firmware *
openbsd openssh *
debian debian_linux 9.0
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux 7.0
freebsd freebsd *
siemens scalance_x204rna_firmware *
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_eus 8.1
fujitsu m12-1_firmware *
redhat enterprise_linux_eus 8.6
canonical ubuntu_linux 18.10
siemens scalance_x204rna_eec_firmware *
CVE-2019-6567 LOW

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-257,CWE-522,

Products Affected

Vendor Product Version
siemens scalance_x-200irt_firmware *
siemens scalance_x-414-3e_firmware *
siemens scalance_x-200_firmware *
siemens scalance_x-300_firmware *
CVE-2019-6568 MEDIUM

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens sinamics_gh150_firmware *
siemens cp1616_firmware *
siemens simatic_s7-1500s_firmware *
siemens simatic_s7-plcsim_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_teleservice_adapter_ie_standard_firmware *
siemens simatic_cp443-1_advanced_firmware *
siemens simatic_s7-1500f_firmware *
siemens simatic_rf188c_firmware *
siemens sinamics_s150_firmware *
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens sitop_ups1600_firmware *
siemens simocode_pro_v_eip_firmware *
siemens simatic_ipc_diagmonitor *
siemens sinamics_g130_firmware *
siemens sinamics_gm150_firmware *
siemens simatic_rf600r_firmware *
siemens simatic_hmi_comfort_panels_firmware 15.1
siemens simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware *
siemens tim_1531_irc_firmware *
siemens sinamics_s210_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens simatic_cp443-1_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware 15.1
siemens simatic_s7-1500_software_controller *
siemens simatic_rf182c_firmware *
siemens simatic_s7-plcsim_advanced 2.0
siemens simatic_wincc_runtime_advanced 15.1
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens cp1604_firmware *
siemens simatic_teleservice_adapter_ie_basic_firmware *
siemens simatic_s7-1500t_firmware *
siemens sinamics_sm150_firmware *
siemens sinamics_gl150_firmware 4.8
siemens simatic_s7-300_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens sinamics_s120_firmware *
siemens simatic_winac_rtx_firmware *
siemens sinamics_s150_firmware 5.1
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens sinamics_gl150_firmware *
siemens sinamics_s210_firmware 5.1
siemens sitop_psu8600_firmware *
siemens simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_s7-400_pn/dp_firmware *
siemens simatic_s7-400_pn_firmware *
siemens sinamics_g150_firmware *
siemens simatic_s7-1500_firmware *
siemens sinamics_sm150_firmware 5.1
siemens simocode_pro_v_pn_firmware *
siemens simatic_cp343-1_advanced_firmware *
siemens simatic_rf185c_firmware *
siemens sinamics_gh150_firmware 4.8
siemens sinamics_sl150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens sinamics_sm120_firmware *
siemens simatic_rf181-eip_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens sinamics_gm150_firmware 4.8
siemens sitop_manager *
siemens simatic_winac_rtx_firmware 2010
siemens sinamics_sl150_firmware 4.8
siemens sinamics_sm120_firmware 4.8
siemens simatic_rf186c_firmware *
siemens simatic_teleservice_adapter_ie_advanced_firmware *
siemens simatic_cp443-1_opc_ua *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2019-6569 MEDIUM

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-440,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens scalance_xc-200_firmware *
siemens scalance_x-200_firmware *
siemens scalance_xf-200_firmware *
siemens scalance_xp-200_firmware *
siemens scalance_x-300_firmware *
CVE-2019-6570 HIGH

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-280,CWE-863,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2019-6571 HIGH

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). An attacker with network access to port 10005/tcp of the LOGO! device could cause a Denial-of-Service condition by sending specially crafted packets. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
siemens logo!8_firmware *
CVE-2019-6572 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-798,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_tp_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_wincc_runtime *
siemens simatic_wincc_(tia_portal) *
siemens simatic_hmi_mp_firmware *
siemens simatic_hmi_op_firmware *
CVE-2019-6574 MEDIUM

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4_firmware *
CVE-2019-6575 HIGH

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-248,CWE-755,

Products Affected

Vendor Product Version
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_s7-1500s_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_s7-1500f_firmware *
siemens simatic_cp443-1_opc_ua_firmware *
siemens simatic_rf188c_firmware *
siemens simatic_wincc_runtime_hsp_comfort *
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens simatic_ipc_diagmonitor_firmware *
siemens simatic_wincc_runtime_mobile *
siemens sinema_server *
siemens simatic_net_pc_software_firmware *
siemens simatic_rf600r_firmware *
siemens simatic_s7-1500_firmware *
siemens sinumerik_opc_ua_server *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens opc_unified_architecture *
siemens simatic_hmi_comfort_outdoor_panels_firmware 15.1
siemens simatic_s7-1500_software_controller *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_et_200_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_wincc_runtime_comfort *
siemens simatic_s7-1500t_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens sinec-nms *
siemens simatic_wincc_oa *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens sinec-nms 1.0
siemens telecontrol_server_basic *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2019-6576 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,CWE-310,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_tp_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_wincc_runtime *
siemens simatic_wincc_(tia_portal) *
siemens simatic_hmi_mp_firmware *
siemens simatic_hmi_op_firmware *
CVE-2019-6577 LOW

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known.

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_tp_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_wincc_runtime *
siemens simatic_wincc_(tia_portal) *
siemens simatic_hmi_mp_firmware *
siemens simatic_hmi_op_firmware *
CVE-2019-6578 MEDIUM

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2_firmware *
siemens sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4_firmware *
CVE-2019-6579 HIGH

A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens spectrum_power_4 -
CVE-2019-6580 HIGH

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
siemens siveillance_video_management_software_2018_r2 *
siemens siveillance_video_management_software_2017_r2 *
siemens siveillance_video_management_software_2019_r1 *
siemens siveillance_video_management_software_2018_r1 *
siemens siveillance_video_management_software_2018_r3 *
CVE-2019-6581 MEDIUM

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change user roles without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens siveillance_video_management_software_2018_r2 *
siemens siveillance_video_management_software_2017_r2 *
siemens siveillance_video_management_software_2019_r1 *
siemens siveillance_video_management_software_2018_r1 *
siemens siveillance_video_management_software_2018_r3 *
CVE-2019-6582 MEDIUM

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP can change user-defined event properties without proper authorization. The security vulnerability could be exploited by an authenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises integrity of the user-defined event properties and the availability of corresponding functionality. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-863,

Products Affected

Vendor Product Version
siemens siveillance_video_management_software_2018_r2 *
siemens siveillance_video_management_software_2017_r2 *
siemens siveillance_video_management_software_2019_r1 *
siemens siveillance_video_management_software_2018_r1 *
siemens siveillance_video_management_software_2018_r3 *
CVE-2019-6584 MEDIUM

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). The integrated webserver does not invalidate the Session ID upon user logout. An attacker that successfully extracted a valid Session ID is able to use it even after the user logs out. The security vulnerability could be exploited by an attacker in a privileged network position who is able to read the communication between the affected device and the user or by an attacker who is able to obtain valid Session IDs through other means. The user must invoke a session to the affected device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,CWE-613,

Products Affected

Vendor Product Version
siemens logo!8_firmware *
CVE-2019-6585 MEDIUM

A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens scalance_s623_firmware *
siemens scalance_s602_firmware *
siemens scalance_s612_firmware *
siemens scalance_s627-2m_firmware *
CVE-2019-8258 HIGH

UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8259 MEDIUM

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,CWE-401,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8262 HIGH

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8263 MEDIUM

UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8268 HIGH

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,CWE-193,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8269 MEDIUM

UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8271 HIGH

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8272 HIGH

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,CWE-193,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8273 HIGH

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8274 HIGH

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8275 HIGH

UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-170,NVD-CWE-Other,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8276 MEDIUM

UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2019-8277 MEDIUM

UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,CWE-665,

Products Affected

Vendor Product Version
uvnc ultravnc *
siemens sinumerik_access_mymachine/p2p *
siemens sinumerik_pcu_base_win10_software/ipc *
siemens sinumerik_pcu_base_win7_software/ipc *
CVE-2020-0543 LOW

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-459,

Products Affected

Vendor Product Version
intel xeon_e-2278gel -
intel core_i7-3537u -
intel pentium_g3250 -
intel celeron_1017u -
intel celeron_g3940 -
intel core_i7-8709g -
opensuse leap 15.2
intel xeon_e3-1578l_v5 -
intel core_i5-6360u -
intel pentium_g4520 -
siemens simatic_ipc527g_firmware *
intel core_i3-7167u -
intel xeon_e3-1545m_v5 -
intel core_i5-8600k -
intel xeon_e3-1258l_v4 -
intel xeon_e3-1280_v3 -
intel core_i5-7210u -
intel core_i7-4710mq -
intel core_i5-3570 -
intel xeon_e3-1276_v3 -
intel core_i7-4500u -
intel core_i3-2115c -
intel core_i5-3470s -
intel core_i9-9900k -
siemens simatic_ipc477d_firmware *
intel core_i3-7101e -
intel xeon_e3-1231_v3 -
intel core_9750hf -
intel pentium_g4540 -
intel core_i3-6110u -
intel core_i7-4700mq -
intel core_i5-8300h -
intel core_m-5y70 -
intel core_i7-6500u -
intel celeron_1007u -
intel core_i7-9850h -
intel core_i3-7110u -
intel core_i5-3320m -
intel core_i5-3439y -
intel core_i5-8600t -
intel celeron_2957u -
intel xeon_e3-1225_v5 -
siemens simatic_field_pg_m4_firmware *
intel core_i5-3570t -
intel xeon_e3-1235_v2 -
intel core_i7-8700b -
intel celeron_1005m -
intel core_m3-6y30 -
intel xeon_e-2226ge -
intel xeon_e3-1230_v6 -
intel core_i5-4690t -
intel core_i3-8130u -
intel core_i3-3120m -
intel core_i5-4210u -
intel pentium_2117u_v2 -
intel core_i5-7300hq -
opensuse leap 15.1
intel xeon_e3-1505m_v6 -
intel core_m-5y10a -
intel core_i5-6300u -
intel xeon_e3-1285l_v3 -
intel pentium_g5500 -
intel pentium_4405u -
intel core_i7-4700hq -
intel core_i7-7600u -
intel core_i3-7020u -
intel core_i3-6300t -
intel core_i7-4790s -
intel core_i7-6600u -
intel core_i5-6440eq -
intel core_i7-5600u -
intel core_i3-4360 -
intel core_i7-7y75 -
intel core_i3-5006u -
intel celeron_g1610t -
intel core_i5-4300u -
intel core_m-5y10 -
intel core_m-5y10c -
intel xeon_e3-1575m_v5 -
intel core_i5-4440s -
intel core_i5-7200u -
intel core_i5-3317u -
intel core_i5-8350u -
intel pentium_g4400t -
intel core_i7-4770s -
intel core_i7-4800mq -
intel xeon_e-2186g -
intel core_i5-8400b -
intel xeon_e3-1270_v2 -
intel core_i7-7510u -
siemens simatic_ipc677e_firmware *
intel core_i7-4850hq -
intel core_i5-9400f -
intel core_i5-3475s -
intel core_i5-7442eq -
intel core_i7-4750hq -
intel core_i5-6600k -
siemens simatic_ipc827d_firmware *
intel core_i3-4150 -
intel core_i5-4278u -
intel core_i7-8569u -
intel core_i7-3517ue -
intel pentium_g2100t_v2 -
intel pentium_g2120t_v2 -
intel pentium_3215u -
siemens simatic_ipc547g_firmware *
intel core_i7-6820hq -
intel celeron_g4900t -
intel core_i5-3339y -
intel pentium_3558u -
intel core_i7-5950hq -
intel core_i5-8550 -
intel core_i5-8420 -
intel core_i7-3615qm -
intel core_i5-6200u -
intel core_i7-4980hq -
intel core_i7-6700te -
intel core_i3-8350k -
intel core_i3-6167u -
intel pentium_g2020_v2 -
intel pentium_2129y_v2 -
intel xeon_e3-1125c -
intel core_i7-6700 -
intel core_i5-7600 -
intel core_i7-5850hq -
intel celeron_g1610 -
intel core_i5-4690s -
intel xeon_e3-1285_v3 -
intel celeron_g1840 -
intel xeon_e3-1270_v6 -
intel core_i5-3340 -
intel celeron_g3920t -
intel core_i5-6400 -
intel core_i3-4012y -
intel xeon_e-2144g -
intel xeon_e3-1105c -
intel xeon_e3-1275_v5 -
intel celeron_g1840t -
intel core_i5-8650k -
intel core_i5-7300u -
intel pentium_g5400t -
intel core_i3-6100t -
intel core_m5-6y57 -
intel xeon_e-2288g -
intel core_i7-7567u -
intel celeron_g1850 -
intel xeon_e-2124g -
intel xeon_e3-1286l_v3 -
intel core_i3-3250t -
intel core_i7-8565u -
intel celeron_g3930e -
intel xeon_e-2184g -
intel core_i7-7700hq -
intel core_i3-6100te -
intel core_i5-7640x -
intel core_i7-9700kf -
intel pentium_g3260 -
intel core_i5-7500 -
intel xeon_e3-1270_v5 -
intel core_i7-4770r -
intel pentium_a1018_v2 -
intel celeron_g4900 -
intel core_i7-4870hq -
intel core_8269u -
intel core_i7-8850h -
intel xeon_e3-1235l_v5 -
intel pentium_3805u -
intel xeon_e3-1225_v2 -
intel core_i5-3330 -
intel core_m-5y51 -
intel core_i3-8120 -
intel core_i5-3570s -
intel xeon_e3-1280_v5 -
intel core_i5-7400 -
intel core_i7-4700eq -
intel core_4410y -
intel celeron_1047ue -
intel core_i5-7287u -
intel core_i5-4590 -
intel pentium_g3240 -
intel core_i7-8809g -
intel core_i3-4100u -
intel core_i5-10110y -
intel core_i3-3130m -
intel core_i7-8700k -
intel core_i3-3227u -
intel core_i5-8310y -
intel core_i7-4910mq -
intel core_i7-6870hq -
intel core_i5-7500t -
intel core_i3-7102e -
intel celeron_2970m -
intel core_i5-3550s -
intel core_i7-3555le -
siemens simatic_ipc547e_firmware *
intel core_i7-3770 -
intel core_i5-3210m -
intel core_i3-8100t -
intel celeron_1019y -
intel core_i5-4250u -
siemens simatic_ipc647e_firmware *
intel core_i5-6442eq -
intel core_i3-6100u -
intel core_i5-8600 -
intel core_i7-5500u -
intel core_i3-6320t -
intel core_i5-4670s -
intel core_i3-3220 -
intel core_i5-3427u -
intel core_i3-4370 -
intel core_i3-4010u -
intel core_i5-8400t -
intel core_i5-4670 -
intel core_i7-4702mq -
intel celeron_3965u -
intel core_i7-8665u -
intel xeon_e3-1558l_v5 -
intel pentium_gold_6405u -
intel pentium_3825u -
intel core_i5-6210u -
intel core_i7-3940xm -
intel pentium_g5600 -
intel pentium_g2030t_v2 -
intel core_5405u -
intel core_i3-5005u -
intel xeon_e3-1505m_v5 -
intel core_i3-8000t -
intel celeron_1000m -
intel celeron_g1620 -
intel core_i5-8365u -
intel core_i3-4360t -
intel core_i5-3470 -
intel core_i5-8400 -
intel core_i5-4670k -
intel core_i3-8100h -
intel core_i7-6920hq -
intel core_i3-4025u -
intel celeron_g3900te -
intel core_i3-8300 -
siemens simatic_ipc427d_firmware *
intel core_i7-6820hk -
intel core_i3-3217ue -
intel core_i7-4510u -
intel core_i7-4950hq -
intel xeon_e3-1268l_v5 -
intel core_i5-6350hq -
intel core_i7-4785t -
intel celeron_927ue -
intel core_i3-4370t -
intel xeon_e3-1585l_v5 -
intel core_i5-4288u -
intel pentium_2030m_v2 -
intel xeon_e3-1105c_v2 -
intel pentium_g3430 -
intel core_i3-4170 -
intel core_i7-3770s -
intel core_i3-7120 -
intel core_i5-7440hq -
intel core_i7-4770t -
intel xeon_e-2174g -
intel xeon_e3-1241_v3 -
intel core_i7-4770 -
intel xeon_e3-1265l_v4 -
intel core_i9-9880h -
fedoraproject fedora 31
intel pentium_g3220 -
intel xeon_e3-1225_v3 -
intel celeron_g4920 -
intel core_i5-7267u -
intel core_i7-8750h -
intel xeon_e3-1220_v3 -
intel xeon_e3-1230_v3 -
intel core_i3-3240 -
intel core_i7-8500y -
intel xeon_e-2278g -
intel core_4205u -
intel xeon_e3-1240_v2 -
intel core_i5-3230m -
intel core_i7-8700 -
intel core_i5-6267u -
intel core_i3-8100 -
intel core_i3-3120me -
intel xeon_e3-1285_v4 -
intel core_i7-8700t -
intel core_i5-10210y -
intel celeron_2955u -
intel xeon_e3-1220_v6 -
intel core_i5-4350u -
intel core_i5-4460s -
intel core_m3-7y30 -
intel xeon_e3-1246_v3 -
intel core_i3-5157u -
intel xeon_e3-1281_v3 -
intel core_i7-6970hq -
intel core_i3-6100e -
intel celeron_725c -
intel core_i7-4702ec -
intel pentium_g3450 -
intel core_i3-4350t -
intel core_i5-7y57_ -
intel core_i3-8145u -
intel pentium_b915c -
intel xeon_e3-1245_v2 -
intel core_i7-6820eq -
intel pentium_3665u -
intel core_i7-8670t -
intel core_i5-8420t -
intel xeon_e3-1275l_v3 -
intel core_i3-4030y -
intel pentium_3560y -
intel pentium_g3258 -
siemens simatic_ipc627e_firmware *
intel core_i7-4712mq -
intel core_i7-6700k -
siemens simatic_ipc627d_firmware *
intel core_i3-4005u -
intel core_i7-8706g -
intel xeon_e3-1565l_v5 -
intel xeon_e3-1226_v3 -
intel core_i5-9400h -
siemens simatic_ipc677d_firmware *
intel xeon_e3-1220_v5 -
intel core_i5-4210y -
intel xeon_e-2284g -
intel core_i7-3632qm -
siemens simatic_ipc847e_firmware *
siemens simotion_p320-4e_firmware *
intel pentium_3560m -
intel pentium_g2140_v2 -
intel core_i7-3689y -
intel core_i7-4790 -
intel core_i3-6120t -
intel celeron_g4930 -
intel core_i3-3217u -
intel core_i5-3360m -
canonical ubuntu_linux 12.04
intel core_i7-5750hq -
intel core_i5-4202y -
intel core_i5-4670r -
intel core_i7-7820hq -
intel core_i7-6567u -
intel core_i5-4430 -
intel xeon_e-2134 -
intel core_i3-4100m -
intel core_m7-6y75 -
intel core_i3-4120u -
intel core_i7-3630qm -
intel pentium_g2020t_v2 -
intel core_i3-3250 -
intel core_i3-3220t -
intel core_i3-4340 -
intel core_i9-9900kf -
intel core_i7-7700k -
intel xeon_e3-1535m_v6 -
intel core_i7-6822eq -
intel celeron_g4950 -
intel pentium_g2120_v2 -
intel core_i5-7500u -
intel core_i5-6400t -
intel core_i7-7660u -
intel xeon_e3-1515m_v5 -
canonical ubuntu_linux 16.04
intel core_i3-4158u -
intel core_i7-3610qm -
intel xeon_e3-1275_v6 -
canonical ubuntu_linux 18.04
intel core_i5-7600k -
intel xeon_e-2254me -
intel core_i9-9980hk -
intel core_i3-4160t -
intel core_i3-4170t -
mcafee threat_intelligence_exchange_server 3.0.0
intel core_i7-3820qm -
intel xeon_e3-1290_v2 -
intel xeon_e-2176g -
intel core_i3-i3-8100h -
intel core_i7-7820hk -
intel core_i5-9600k -
intel pentium_g3440t -
intel core_i7-5550u -
intel core_i7-6660u -
intel core_i5-6260u -
intel pentium_g4420t -
intel celeron_3955u -
intel xeon_e3-1265l_v2 -
intel celeron_g3920 -
intel pentium_3561y -
intel core_i5-4460t -
intel core_i7-4702hq -
intel xeon_e-2224 -
intel core_i5-8400h -
intel core_i5-5287u -
intel core_i5-4200y -
intel core_i3-3240t -
intel core_i3-5015u -
intel core_i7-5650u -
intel pentium_3205u -
intel xeon_e3-1220l_v3 -
intel core_i7-3667u -
intel core_i7-7500u -
intel xeon_e3-1271_v3 -
intel xeon_e-2276m -
intel core_i7-4770k -
intel celeron_5305u -
intel core_i3-7007u -
intel xeon_e3-1225_v6 -
intel core_i7-9700k -
intel core_i5-6310u -
siemens simatic_ipc647d_firmware *
intel core_i5-8250u -
intel core_i3-4020y -
intel core_i5-4670t -
intel xeon_e-2246g -
intel core_i5-6500te -
intel xeon_e3-1270 -
intel pentium_g4420 -
intel xeon_e3-1280_v6 -
intel core_i5-8500b -
intel core_i3-4030u -
intel core_i7-4760hq -
intel core_i7-3615qe -
intel core_i5-5200u -
mcafee threat_intelligence_exchange_server *
siemens simatic_ipc347e_firmware *
intel celeron_3765u -
intel core_i3-4350 -
intel core_i3-4130t -
intel xeon_e3-1275_v3 -
intel core_i5-4590s -
intel core_i5-6300hq -
intel core_i7-6510u -
intel core_i7-3840qm_ -
intel core_i7-5700eq -
intel core_i3-8109u -
intel xeon_e-2224g -
intel core_i7-7700t -
intel core_i3-4110m -
siemens simatic_ipc3000_smart_firmware *
intel core_i5-3610me -
siemens simatic_itp1000_firmware *
intel core_i7-4578u -
intel pentium_g3260t -
intel core_i5-5350 -
intel xeon_e3-1125c_v2 -
intel core_i5-8200y -
intel xeon_e-2286m -
intel core_i7-5775c -
intel core_i7-5700hq -
intel pentium_g5500t -
intel core_i5-4210h -
intel core_i7-6650u -
intel xeon_e-2244g -
intel core_i3-6102e -
intel core_i5-4570r -
intel core_i7-10510u -
intel pentium_g3220t -
intel xeon_e3-1501m_v6 -
intel pentium_b925c -
intel core_i7-4700ec -
intel core_i7-4558u -
intel core_i7-4712hq -
intel xeon_e-2234 -
intel pentium_g3440 -
intel xeon_e-2124 -
intel celeron_3865u -
intel core_i7-7700 -
intel celeron_g1620t -
intel core_i5-4460 -
intel xeon_e-2276g -
intel core_i5-4570t -
intel core_i3-8300t -
intel core_i7-7820eq -
intel core_i5-7360u -
intel core_i5-6500 -
siemens simotion_p320-4s_firmware *
intel celeron_1020m -
intel core_i7-8557u -
intel pentium_2127u_v2 -
intel core_i3-3229y -
intel core_i7-4771 -
intel pentium_4405y -
intel celeron_1020e -
intel pentium_g4500t -
intel xeon_e-2146g -
intel core_i5-8650 -
intel core_i5-4570s -
intel core_i7-3770t -
canonical ubuntu_linux 20.04
intel xeon_e3-1278l_v4 -
intel xeon_e-2126g -
intel xeon_e3-1268l_v3 -
intel xeon_e3-1286_v3 -
intel xeon_e3-1220_v2 -
intel core_i7-4720hq -
intel pentium_g5420t -
intel pentium_g4500 -
intel core_i5-9400 -
intel celeron_1037u -
intel xeon_e3-1230l_v3 -
intel xeon_e3-1285_v6 -
intel celeron_g1820t -
intel core_m3-8100y -
intel core_i5-8210y -
intel core_i5-10310y -
intel core_i7-4790t -
intel core_i7-3635qm -
intel core_i5-4220y -
intel xeon_e3-1220l_v2 -
canonical ubuntu_linux 19.10
intel xeon_e-2236 -
intel xeon_e3-1505l_v6 -
intel core_i5-8500 -
intel core_i3-6100h -
intel celeron_2980u -
intel celeron_g1820 -
intel core_i7-3610qe -
intel xeon_e-2226g -
intel core_i5-3350p -
intel pentium_3765u -
intel core_9300h -
intel core_i7-4765t -
intel xeon_e-2278ge -
intel core_i7-3520m -
intel xeon_e3-1505l_v5 -
intel core_i5-4402ec -
intel core_i9-8950hk -
intel core_i5-3570k -
intel core_i5-8265u -
siemens simatic_field_pg_m5_firmware *
intel xeon_e3-1230_v5 -
intel core_i5-4300y -
intel celeron_g3930te -
intel core_i3-6120 -
intel pentium_g4400 -
intel pentium_g5420 -
intel pentium_4415u -
intel core_i7-4810mq -
intel celeron_g3900t -
intel core_i5-6600 -
intel core_i7-4610y -
intel core_i7-5775r -
intel core_i5-3340m -
intel core_i7-4860hq -
intel xeon_e3-1240_v6 -
intel pentium_g3250t -
intel core_i3-8020 -
intel core_4415y -
intel celeron_g3900 -
intel core_i3-6300 -
intel core_i3-6100 -
intel core_i7-4600u -
intel core_i5-4690 -
intel core_i5-5675r -
intel core_i5-3380m -
intel celeron_3855u -
intel celeron_g1830 -
intel xeon_e3-1265l -
intel core_i5-5250u -
intel core_i3-3245 -
intel celeron_g3902e -
intel core_i3-7101te -
intel core_i7-3740qm -
intel pentium_g4400te -
intel core_i5-3330s -
intel core_i3-7100e -
siemens simatic_ipc477e_pro_firmware *
intel core_i5-3450s -
intel core_i5-3550 -
intel xeon_e3-1280_v2 -
intel core_i3-5010u -
intel core_i5-5350u -
intel core_i5-4200u -
intel core_i3-4150t -
intel core_i5-8305g -
intel celeron_2981u -
intel core_i3-5020u -
intel core_i3-4330 -
intel pentium_g3450t -
intel xeon_e-2176m -
siemens simatic_ipc477e_firmware *
intel core_i5-6500t -
intel xeon_e3-1245_v5 -
intel core_i7-3687u -
intel core_i7-4650u -
intel xeon_e-2254ml -
intel pentium_g3460 -
intel core_i5-3450 -
intel pentium_g3420t -
intel core_i7-6700hq -
intel core_i5-4430s -
intel core_i3-7100u -
intel core_i7-3612qm -
intel pentium_g2130_v2 -
intel core_i7-7740x -
intel core_i5-10210u -
intel xeon_e-2186m -
intel core_i7-3770k -
intel core_i5-6287u -
intel core_i5-3340s -
intel core_i7-3517u -
intel core_i7-10510y -
intel xeon_e3-1535m_v5 -
intel core_i7-6560u -
intel core_i7-4770hq -
intel core_i7-3612qe -
intel core_i5-5575r -
siemens simatic_ipc847d_firmware *
intel core_i5-6600t -
siemens simatic_field_pg_m6_firmware *
fedoraproject fedora 32
intel core_m-5y71 -
intel core_i3-8000 -
intel celeron_3755u -
intel pentium_g2010_v2 -
intel core_i7-8705g -
intel core_i3-7320t -
intel core_i3-4130 -
intel core_i7-3920xm -
intel xeon_e-2276ml -
intel pentium_g3240t -
intel xeon_e-2276me -
intel core_i5-4440 -
intel xeon_e3-1230_v2 -
intel pentium_g3460t -
intel xeon_e3-1501l_v6 -
intel celeron_3965y -
intel xeon_e3-1585_v5 -
intel xeon_e3-1240_v5 -
intel core_i5-4308u -
intel core_i5-8500t -
intel core_i3-3110m -
intel core_i7-8559u -
intel xeon_e3-1240l_v5 -
intel core_i5-7400t -
intel core_i5-6440hq -
intel xeon_e3-1275_v2 -
intel core_i5-3437u -
intel core_m-5y3 -
intel core_i7-6700t -
intel core_i7-7560u -
intel pentium_g3470 -
intel core_i3-7130u -
intel core_i5-7600t -
intel core_i5-7260u -
intel core_m5-6y54 -
intel xeon_e-2274g -
intel core_i7-5557u -
intel core_i3-3210 -
intel core_i3-3225 -
intel core_i5-4570 -
intel core_i3-7100h -
intel core_i7-3720qm -
intel core_i3-6320 -
intel core_i5-4590t -
intel xeon_e3-1260l_v5 -
intel xeon_e3-1240l_v3 -
intel pentium_3556u -
intel core_i3-4330t -
intel core_i3-7120t -
intel core_i7-8670 -
intel pentium_g5400 -
intel core_i5-3470t -
intel core_i7-7920hq -
intel core_i7-8560u -
intel core_i3-4010y -
intel core_i5-3337u -
intel core_i5-7440eq -
intel pentium_g2030_v2 -
intel pentium_1405_v2 -
intel core_i7-3540m -
intel pentium_2020m_v2 -
intel core_i5-4258u -
intel core_i3-4160 -
intel core_i7-4550u -
intel core_i3-7340 -
intel core_i5-4260u -
intel xeon_e3-1221_v3 -
intel xeon_e3-1245_v3 -
intel core_i3-3115c -
intel core_i7-8650u -
siemens simatic_ipc427e_firmware *
intel core_i5-5257u -
intel pentium_g4520t -
intel xeon_e3-1245_v6 -
canonical ubuntu_linux 14.04
intel pentium_g3420 -
intel xeon_e3-1240_v3 -
intel core_i7-4710hq -
intel core_i7-4900mq -
intel core_i7-8510y -
intel core_i5-8259u -
intel core_i5-9600kf -
intel xeon_e-2136 -
intel celeron_g1630 -
intel core_i7-8550u -
intel core_i7-4960hq -
intel core_i5-4302y -
intel core_i5-5675c -
intel core_i7-4722hq -
intel core_i7-6770hq -
intel core_i7-5850eq -
intel core_i5-7y54 -
CVE-2020-0590 MEDIUM

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
intel xeon_gold_6230_firmware -
intel xeon_gold_6226_firmware -
intel xeon_gold_6242_firmware -
intel xeon_silver_4215_firmware -
intel xeon_gold_5220r_firmware -
intel xeon_gold_6138t_firmware -
intel xeon_gold_6126f_firmware -
intel xeon_gold_6150_firmware -
siemens simatic_ipc527g_firmware *
intel xeon_gold_6132_firmware -
intel xeon_gold_6254_firmware -
intel xeon_platinum_8253_firmware -
intel xeon_gold_5215l_firmware -
intel xeon_gold_6230n_firmware -
intel xeon_gold_6148f_firmware -
intel xeon_platinum_8170_firmware -
intel xeon_silver_4110_firmware -
intel xeon_gold_5220_firmware -
intel xeon_gold_6142f_firmware -
intel xeon_gold_6240r_firmware -
intel xeon_gold_6238t_firmware -
intel xeon_gold_5222_firmware -
intel xeon_gold_6238r_firmware -
intel xeon_gold_5120t_firmware -
intel xeon_platinum_8280_firmware -
intel xeon_gold_6246_firmware -
intel xeon_gold_6210u_firmware -
siemens simatic_ipc647e_firmware *
intel xeon_silver_4108_firmware -
intel xeon_gold_6252n_firmware -
intel xeon_silver_4114t_firmware -
intel xeon_platinum_9222_firmware -
intel xeon_gold_5220t_firmware -
intel xeon_gold_5220s_firmware -
intel xeon_platinum_9242_firmware -
intel xeon_gold_6222v_firmware -
intel xeon_gold_6230t_firmware -
intel xeon_platinum_8180_firmware -
intel xeon_gold_6138p_firmware -
intel xeon_silver_4116t_firmware -
intel xeon_silver_4215r_firmware -
intel xeon_platinum_9221_firmware -
intel xeon_gold_6240y_firmware -
intel xeon_silver_4216_firmware -
intel xeon_platinum_9282_firmware -
intel xeon_gold_6142_firmware -
intel xeon_gold_6136_firmware -
intel xeon_platinum_8160_firmware -
intel xeon_silver_4214_firmware -
intel xeon_gold_6240_firmware -
intel xeon_platinum_8276l_firmware -
intel xeon_gold_6126_firmware -
netapp cloud_backup -
intel xeon_gold_6238l_firmware -
intel xeon_gold_6144_firmware -
intel xeon_platinum_8256_firmware -
netapp fas/aff_bios -
intel xeon_gold_6262v_firmware -
intel xeon_silver_4214r_firmware -
netapp clustered_data_ontap -
intel xeon_gold_5118_firmware -
intel xeon_gold_6234_firmware -
intel xeon_platinum_8270_firmware -
intel xeon_silver_4114_firmware -
intel xeon_platinum_8160f_firmware -
intel xeon_gold_6212u_firmware -
intel xeon_gold_6250_firmware -
intel xeon_silver_4116_firmware -
intel xeon_platinum_8168_firmware -
intel xeon_gold_6258r_firmware -
siemens simatic_ipc677e_firmware *
intel xeon_bronze_3206r_firmware -
intel xeon_gold_6226r_firmware -
intel xeon_platinum_8164_firmware -
intel xeon_gold_6146_firmware -
intel xeon_gold_5215_firmware -
intel xeon_gold_6130_firmware -
intel xeon_gold_6128_firmware -
intel xeon_gold_6244_firmware -
intel xeon_platinum_8176f_firmware -
intel xeon_gold_5218t_firmware -
intel xeon_platinum_8156_firmware -
siemens simatic_ipc547g_firmware *
intel xeon_platinum_8158_firmware -
intel xeon_platinum_8276_firmware -
intel xeon_gold_6138f_firmware -
intel xeon_platinum_8268_firmware -
intel xeon_bronze_3106_firmware -
intel xeon_gold_6230r_firmware -
intel xeon_silver_4210t_firmware -
intel xeon_gold_6240l_firmware -
intel xeon_gold_5218r_firmware -
intel xeon_gold_6242r_firmware -
intel xeon_gold_6126t_firmware -
intel xeon_gold_5218n_firmware -
intel xeon_silver_4210_firmware -
intel xeon_gold_5218b_firmware -
intel xeon_gold_6140_firmware -
intel xeon_silver_4109t_firmware -
intel xeon_gold_5122_firmware -
intel xeon_gold_6238_firmware -
intel xeon_platinum_8176_firmware -
intel xeon_bronze_3204_firmware -
intel xeon_gold_6138_firmware -
intel xeon_silver_4112_firmware -
intel xeon_gold_6208u_firmware -
intel xeon_gold_5119t_firmware -
intel xeon_platinum_8280l_firmware -
intel xeon_gold_5115_firmware -
intel xeon_platinum_8260l_firmware -
siemens simatic_ipc627e_firmware *
intel xeon_gold_6209u_firmware -
intel xeon_gold_6130t_firmware -
intel xeon_bronze_3104_firmware -
intel xeon_platinum_8260y_firmware -
intel xeon_gold_6130f_firmware -
intel xeon_platinum_8260_firmware -
siemens simatic_ipc847e_firmware *
intel xeon_gold_5217_firmware -
intel xeon_silver_4214y_firmware -
intel xeon_silver_4208_firmware -
intel xeon_gold_6250l_firmware -
intel xeon_gold_6256_firmware -
intel xeon_gold_6248_firmware -
intel xeon_gold_6152_firmware -
intel xeon_gold_6252_firmware -
intel xeon_platinum_8153_firmware -
intel xeon_gold_6148_firmware -
intel xeon_silver_4209t_firmware -
intel xeon_platinum_8160t_firmware -
intel xeon_gold_5218_firmware -
intel xeon_gold_6248r_firmware -
intel xeon_gold_6134_firmware -
intel xeon_gold_6154_firmware -
intel xeon_gold_5120_firmware -
intel xeon_silver_4210r_firmware -
intel xeon_gold_6246r_firmware -
CVE-2020-0591 MEDIUM

Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_cpu_1518f-4_firmware *
intel bios -
siemens simatic_cpu_1518-4_firmware *
CVE-2020-10037 MEDIUM

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). By performing a flooding attack against the web server, an attacker might be able to gain read access to the device's memory, possibly revealing confidential information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10038 HIGH

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the device's web server might be able to execute administrative commands without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10039 MEDIUM

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-311,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10040 LOW

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with local access to the device might be able to retrieve some passwords in clear text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-916,CWE-916,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10041 MEDIUM

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A stored Cross-Site-Scripting (XSS) vulnerability is present in different locations of the web application. An attacker might be able to take over a session of a legitimate user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10042 HIGH

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10043 MEDIUM

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10044 MEDIUM

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10045 MEDIUM

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-294,CWE-294,

Products Affected

Vendor Product Version
siemens sicam_mmu_firmware *
siemens sicam_sgu_firmware -
siemens sicam_t_firmware *
CVE-2020-10048 LOW

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-288,CWE-287,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.5
siemens simatic_wincc *
siemens simatic_pcs_7 *
CVE-2020-10049 MEDIUM

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2020-10050 HIGH

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2020-10051 HIGH

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2020-10052 LOW

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2020-10053 LOW

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2020-10054 LOW

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2020-10055 HIGH

A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT) that contains a remote code execution vulnerability if the Advanced Reporting Engine is enabled. The vulnerability could allow a remote unauthenticated attacker to execute arbitrary commands on the server with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
siemens desigo_consumption_control_compact 3.0
siemens desigo_consumption_control 3.0
siemens desigo_consumption_control 4.0
siemens desigo_consumption_control_compact 4.0
CVE-2020-10056 HIGH

A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-250,CWE-269,

Products Affected

Vendor Product Version
siemens license_management_utility *
CVE-2020-11655 MEDIUM

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
canonical ubuntu_linux 20.04
oracle communications_element_manager *
oracle outside_in_technology 8.5.5
oracle communications_network_charging_and_control *
netapp ontap_select_deploy_administration_utility -
oracle mysql *
oracle communications_network_charging_and_control 12.0.2
oracle enterprise_manager_ops_center 12.4.0.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
oracle mysql_workbench *
sqlite sqlite *
tenable tenable.sc *
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.3
oracle communications_messaging_server 8.1
debian debian_linux 9.0
oracle communications_session_route_manager *
oracle outside_in_technology 8.5.4
oracle communications_network_charging_and_control 6.0.1
oracle instantis_enterprisetrack 17.2
siemens sinec_infrastructure_network_services *
oracle hyperion_infrastructure_technology 11.1.2.4
oracle communications_session_report_manager *
CVE-2020-11656 HIGH

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
oracle communications_messaging_server 8.1
oracle outside_in_technology 8.5.5
oracle communications_network_charging_and_control *
oracle outside_in_technology 8.5.4
netapp ontap_select_deploy_administration_utility -
oracle mysql *
oracle communications_network_charging_and_control 6.0.1
oracle communications_network_charging_and_control 12.0.2
siemens sinec_infrastructure_network_services *
oracle enterprise_manager_ops_center 12.4.0.0
oracle mysql_workbench *
sqlite sqlite *
tenable tenable.sc *
oracle hyperion_infrastructure_technology 11.1.2.4
CVE-2020-12357 MEDIUM

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
netapp e-series_bios -
siemens simatic_ipc547g_firmware *
siemens simatic_ipc477e_pro_firmware *
siemens simatic_itp1000_firmware *
netapp hci_storage_node_bios -
intel bios -
netapp aff_bios -
netapp cloud_backup -
siemens simatic_ipc477e_firmware *
netapp hci_compute_node_bios -
siemens simatic_ipc627e_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc677e_firmware *
netapp solidfire_bios -
netapp fas_bios -
siemens simatic_ipc427e_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_cpu_1518-4_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2020-12358 LOW

Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
netapp e-series_bios -
siemens simatic_ipc547g_firmware *
netapp solidfire_bios -
netapp fas_bios -
netapp hci_storage_node_bios -
intel bios -
netapp aff_bios -
netapp cloud_backup -
netapp hci_compute_node_bios -
CVE-2020-12360 MEDIUM

Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens simatic_cpu_1518f-4_firmware *
netapp e-series_bios -
siemens simatic_ipc547g_firmware *
netapp solidfire_bios -
netapp fas_bios -
netapp hci_storage_node_bios -
intel bios -
netapp aff_bios -
siemens simatic_cpu_1518-4_firmware *
netapp cloud_backup -
netapp hci_compute_node_bios -
CVE-2020-12762 MEDIUM

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens sinec_ins -
fedoraproject fedora 30
canonical ubuntu_linux 20.04
json-c_project json-c *
debian debian_linux 9.0
canonical ubuntu_linux 12.04
debian debian_linux 10.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens sinec_ins 1.0
fedoraproject fedora 31
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
canonical ubuntu_linux 14.04
fedoraproject fedora 32
CVE-2020-13630 MEDIUM

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
canonical ubuntu_linux 20.04
oracle outside_in_technology 8.5.5
oracle communications_network_charging_and_control *
apple macos *
brocade fabric_operating_system -
canonical ubuntu_linux 16.04
netapp solidfire,_enterprise_sds_&_hci_storage_node -
apple itunes *
apple icloud *
canonical ubuntu_linux 19.10
apple watchos *
canonical ubuntu_linux 18.04
sqlite sqlite *
apple tvos *
netapp hci_compute_node_firmware -
fedoraproject fedora 32
debian debian_linux 9.0
apple iphone_os *
oracle outside_in_technology 8.5.4
netapp cloud_backup -
oracle communications_network_charging_and_control 6.0.1
apple ipados *
siemens sinec_infrastructure_network_services *
CVE-2020-13631 LOW

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
canonical ubuntu_linux 20.04
apple iphone_os *
oracle outside_in_technology 8.5.5
oracle communications_network_charging_and_control *
oracle outside_in_technology 8.5.4
apple macos *
netapp cloud_backup -
oracle communications_network_charging_and_control 6.0.1
apple ipados *
siemens sinec_infrastructure_network_services *
brocade fabric_operating_system -
canonical ubuntu_linux 16.04
netapp solidfire,_enterprise_sds_&_hci_storage_node -
apple itunes *
apple icloud *
canonical ubuntu_linux 19.10
apple watchos *
canonical ubuntu_linux 18.04
sqlite sqlite *
apple tvos *
netapp hci_compute_node_firmware -
fedoraproject fedora 32
CVE-2020-13632 LOW

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
canonical ubuntu_linux 20.04
debian debian_linux 9.0
oracle outside_in_technology 8.5.5
oracle communications_network_charging_and_control *
oracle outside_in_technology 8.5.4
netapp cloud_backup -
oracle communications_network_charging_and_control 6.0.1
siemens sinec_infrastructure_network_services *
brocade fabric_operating_system -
canonical ubuntu_linux 16.04
netapp solidfire,_enterprise_sds_&_hci_storage_node -
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
sqlite sqlite *
netapp hci_compute_node_firmware -
fedoraproject fedora 32
CVE-2020-13871 MEDIUM

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
sqlite sqlite 3.32.2
oracle communications_messaging_server 8.1
debian debian_linux 9.0
netapp ontap_select_deploy_administration_utility -
netapp cloud_backup -
oracle communications_network_charging_and_control 6.0.1
oracle communications_network_charging_and_control 12.0.2
siemens sinec_infrastructure_network_services *
oracle enterprise_manager_ops_center 12.4.0.0
fedoraproject fedora 33
oracle mysql_workbench *
oracle hyperion_infrastructure_technology 11.1.2.4
CVE-2020-13987 MEDIUM

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
open-iscsi_project open-iscsi *
siemens sentron_pac3200_firmware *
siemens sentron_pac4200_firmware *
siemens sentron_3va_com100_firmware *
siemens sentron_3va_com800_firmware *
uip_project uip *
CVE-2020-14396 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
canonical ubuntu_linux 20.04
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2020-14397 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
canonical ubuntu_linux 20.04
opensuse leap 15.2
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2020-14398 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
canonical ubuntu_linux 20.04
opensuse leap 15.2
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2020-14401 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
siemens simatic_itc1900_firmware *
opensuse leap 15.1
opensuse leap 15.2
siemens simatic_itc1500_pro_firmware *
libvncserver_project libvncserver *
debian debian_linux 8.0
debian debian_linux 9.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
CVE-2020-14402 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
canonical ubuntu_linux 20.04
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2020-14403 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
canonical ubuntu_linux 20.04
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2020-14404 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
canonical ubuntu_linux 20.04
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2020-14405 MEDIUM

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
siemens simatic_itc1900_firmware *
siemens simatic_itc1500_pro_firmware *
debian debian_linux 9.0
libvnc_project libvncserver *
siemens simatic_itc1900_pro_firmware *
siemens simatic_itc2200_pro_firmware *
canonical ubuntu_linux 16.04
debian debian_linux 8.0
siemens simatic_itc1500_firmware *
siemens simatic_itc2200_firmware *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
CVE-2020-15358 LOW

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 20.04
oracle communications_messaging_server 8.1
apple iphone_os *
oracle outside_in_technology 8.5.5
oracle outside_in_technology 8.5.4
apple macos *
oracle mysql *
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_network_charging_and_control 6.0.1
apple ipados *
oracle communications_network_charging_and_control 12.0.2
siemens sinec_infrastructure_network_services *
oracle enterprise_manager_ops_center 12.4.0.0
apple icloud *
apple watchos *
sqlite sqlite *
apple tvos *
oracle hyperion_infrastructure_technology 11.1.2.4
CVE-2020-15781 MEDIUM

A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens sicam_a8000_firmware *
CVE-2020-15782 HIGH

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens s7-1200_cpu_firmware *
siemens simatic_s7-1500__software_controller *
siemens simatic_s7-plcsim_advanced *
siemens s7-1500_cpu_firmware *
siemens et_200sp_open_controller_firmware *
siemens simatic_driver_controller_firmware *
CVE-2020-15783 HIGH

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-300_cpu_315-2_dp_firmware *
siemens simatic_s7-300_cpu_314_firmware *
siemens simatic_s7-300_cpu_315f-2_pn_firmware *
siemens sinumerik_840d_sl_firmware *
siemens simatic_s7-300_cpu_315-2_pn_firmware *
siemens simatic_tdc_cpu555_firmware *
siemens simatic_s7-300_cpu_317-2_pn_firmware *
siemens simatic_s7-300_cpu_317f-2_pn_firmware *
siemens simatic_s7-300_cpu_315f-2_dp_firmware *
siemens simatic_s7-300_cpu_317-2_dp_firmware *
siemens simatic_s7-300_cpu_312_firmware *
siemens simatic_s7-300_cpu_317f-2_dp_firmware *
CVE-2020-15784 MEDIUM

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
siemens spectrum_power_4 4.70
siemens spectrum_power_4 *
CVE-2020-15785 MEDIUM

A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
siemens siveillance_video_client *
CVE-2020-15786 MEDIUM

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_basic_panels_2nd_generation_firmware *
siemens simatic_hmi_mobile_panels_firmware *
siemens simatic_hmi_united_comfort_panels_firmware *
CVE-2020-15787 MEDIUM

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-305,CWE-287,

Products Affected

Vendor Product Version
siemens simatic_hmi_united_comfort_panels_firmware *
CVE-2020-15788 MEDIUM

A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens polarion_subversion_webclient *
CVE-2020-15789 MEDIUM

A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
siemens polarion_subversion_webclient *
CVE-2020-15790 MEDIUM

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-548,CWE-200,

Products Affected

Vendor Product Version
siemens spectrum_power_4 4.70
siemens spectrum_power_4 *
CVE-2020-15791 LOW

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
siemens simatic_s7-300_cpu_315-2_dp_firmware *
siemens simatic_s7-300_cpu_314_firmware *
siemens simatic_s7-300_cpu_315f-2_pn_firmware *
siemens simatic_s7-400_cpu_417_firmware *
siemens simatic_s7-300_cpu_315-2_pn_firmware *
siemens simatic_s7-300_cpu_317-2_pn_firmware *
siemens simatic_s7-400_cpu_412_firmware *
siemens simatic_s7-400_cpu_416_firmware *
siemens simatic_s7-300_cpu_317f-2_pn_firmware *
siemens simatic_s7-300_cpu_315f-2_dp_firmware *
siemens simatic_s7-300_cpu_317-2_dp_firmware *
siemens simatic_s7-400_cpu_414_firmware *
siemens simatic_s7-300_cpu_312_firmware *
siemens simatic_s7-300_cpu_317f-2_dp_firmware *
CVE-2020-15792 MEDIUM

A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens desigo_insight *
siemens desigo_insight 6.0
CVE-2020-15793 MEDIUM

A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,

Products Affected

Vendor Product Version
siemens desigo_insight *
siemens desigo_insight 6.0
CVE-2020-15794 MEDIUM

A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-209,

Products Affected

Vendor Product Version
siemens desigo_insight *
siemens desigo_insight 6.0
CVE-2020-15795 MEDIUM

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
productcert@siemens.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens nucleus_source_code -
CVE-2020-15796 MEDIUM

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-248,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_software_controller_firmware *
siemens simatic_et_200sp_open_controller_firmware *
CVE-2020-15797 HIGH

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode”) and access the underlying operating system. Successful exploitation requires direct physical access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
siemens dca_vantage_analyzer_firmware *
CVE-2020-15798 HIGH

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens sinamics_sl150_firmware -
siemens sinamics_sh150_firmware -
siemens sinamics_gl150_firmware -
siemens sinamics_sm150i_firmware -
siemens sinamics_gh150_firmware -
siemens sinamics_sm150_firmware -
siemens simatic_hmi_ktp_mobile_panels_firmware *
siemens simatic_hmi_comfort_panels_firmware 16.0
siemens sinamics_gm150_firmware -
siemens simatic_hmi_ktp_mobile_panels_firmware 16.0
siemens sinamics_sm120_firmware -
CVE-2020-15799 HIGH

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens scalance_xb213-3_firmware *
siemens scalance_xc206-2g_poe__firmware *
siemens scalance_x320-3ldfe_firmware *
siemens scalance_xp208eec_firmware *
siemens scalance_xp208_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xc216_firmware *
siemens scalance_xc206-2sfp_firmware *
siemens scalance_xc224-4c_g__firmware *
siemens scalance_xp208_(eip)_firmware *
siemens scalance_xc208g_eec_firmware *
siemens scalance_x202-2pirt_siplus_net_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_xf204_dna_firmware *
siemens scalance_x307-3ld_firmware *
siemens scalance_xf208_firmware *
siemens scalance_xp216_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xp208poe_eec_firmware *
siemens scalance_x310_firmware *
siemens scalance_xc208g_firmware *
siemens scalance_xc224-4c_g_(e/ip)_firmware *
siemens scalance_x201-3pirt_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xb216_firmware *
siemens scalance_xc224-4c_g_eec_firmware *
siemens scalance_xc206-2sfp_g_(e/ip)_firmware *
siemens scalance_xp216eec_firmware *
siemens scalance_xb205-3_firmware *
siemens scalance_x202-2pirt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_xc208g_(e/ip)_firmware *
siemens scalance_xc206-2g_poe_eec_firmware *
siemens scalance_xc216eec_firmware *
siemens scalance_xc224__firmware *
siemens scalance_xc206-2sfp_eec_firmware *
siemens scalance_xc216-4c_g_(e/ip)_firmware *
siemens scalance_xc216-4c_g_eec_firmware *
siemens scalance_xc206-2_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_xc206-2sfp_g_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_xp216_(eip)_firmware *
siemens scalance_x200-4pirt_firmware *
siemens scalance_xb205-3ld_firmware *
siemens scalance_xf204_firmware *
siemens scalance_xf204-2ba_dna_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_xc216-4c_firmware *
siemens scalance_xp216poe_eec_firmware *
siemens scalance_xc216-4c_g_firmware *
siemens scalance_xc208g_poe_firmware *
siemens scalance_xc208_firmware *
siemens scalance_xb213-3ld_firmware *
siemens scalance_xb208_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xc208eec_firmware *
siemens scalance_xc206-2sfp_g_eec_firmware *
CVE-2020-15800 HIGH

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens scalance_xb213-3_firmware *
siemens scalance_xc206-2g_poe__firmware *
siemens scalance_x320-3ldfe_firmware *
siemens scalance_xp208eec_firmware *
siemens scalance_xp208_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xc216_firmware *
siemens scalance_xc206-2sfp_firmware *
siemens scalance_xc224-4c_g__firmware *
siemens scalance_xp208_(eip)_firmware *
siemens scalance_xc208g_eec_firmware *
siemens scalance_x202-2pirt_siplus_net_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_xf204_dna_firmware *
siemens scalance_x307-3ld_firmware *
siemens scalance_xf208_firmware *
siemens scalance_xp216_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xp208poe_eec_firmware *
siemens scalance_x310_firmware *
siemens scalance_xc208g_firmware *
siemens scalance_xc224-4c_g_(e/ip)_firmware *
siemens scalance_x201-3pirt_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xb216_firmware *
siemens scalance_xc224-4c_g_eec_firmware *
siemens scalance_xc206-2sfp_g_(e/ip)_firmware *
siemens scalance_xp216eec_firmware *
siemens scalance_xb205-3_firmware *
siemens scalance_x202-2pirt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_xc208g_(e/ip)_firmware *
siemens scalance_xc206-2g_poe_eec_firmware *
siemens scalance_xc216eec_firmware *
siemens scalance_xc224__firmware *
siemens scalance_xc206-2sfp_eec_firmware *
siemens scalance_xc216-4c_g_(e/ip)_firmware *
siemens scalance_xc216-4c_g_eec_firmware *
siemens scalance_xc206-2_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_xc206-2sfp_g_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_xp216_(eip)_firmware *
siemens scalance_x200-4pirt_firmware *
siemens scalance_xb205-3ld_firmware *
siemens scalance_xf204_firmware *
siemens scalance_xf204-2ba_dna_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_xc216-4c_firmware *
siemens scalance_xp216poe_eec_firmware *
siemens scalance_xc216-4c_g_firmware *
siemens scalance_xc208g_poe_firmware *
siemens scalance_xc208_firmware *
siemens scalance_xb213-3ld_firmware *
siemens scalance_xb208_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xc208eec_firmware *
siemens scalance_xc206-2sfp_g_eec_firmware *
CVE-2020-17437 MEDIUM

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
open-iscsi_project open-iscsi *
siemens sentron_pac3200_firmware *
siemens sentron_pac4200_firmware *
siemens sentron_pac2200_clp_firmware -
siemens sentron_3va_com100_firmware *
siemens sentron_3va_com800_firmware *
siemens sentron_pac3220_firmware *
siemens sentron_pac3200t_firmware *
siemens sentron_3va_dsp800_firmware *
siemens sentron_pac2200_firmware *
uip_project uip *
CVE-2020-1971 MEDIUM

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
oracle graalvm 19.3.4
netapp hci_compute_node -
oracle enterprise_communications_broker pcz3.1
oracle mysql *
debian debian_linux 10.0
netapp e-series_santricity_os_controller *
netapp solidfire -
oracle communications_subscriber-aware_load_balancer cz8.4
oracle api_gateway 11.1.2.4.0
nodejs node.js *
oracle communications_diameter_intelligence_hub *
netapp clustered_data_ontap_antivirus_connector -
netapp data_ontap -
oracle communications_subscriber-aware_load_balancer cz8.2
oracle communications_subscriber-aware_load_balancer cz8.3
oracle communications_session_router cz8.2
oracle peoplesoft_enterprise_peopletools 8.56
oracle enterprise_manager_base_platform 13.4.0.0
oracle enterprise_session_border_controller cz8.4
tenable log_correlation_engine *
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
fedoraproject fedora 33
oracle graalvm 20.3.0
openssl openssl *
oracle business_intelligence 5.5.0.0.0
oracle enterprise_communications_broker pcz3.2
tenable nessus_network_monitor *
netapp hci_management_node -
netapp santricity_smi-s_provider -
oracle enterprise_session_border_controller cz8.2
oracle jd_edwards_enterpriseone_tools *
netapp plug-in_for_symantec_netbackup -
netapp hci_storage_node -
oracle communications_session_router cz8.4
netapp ef600a_firmware -
oracle peoplesoft_enterprise_peopletools 8.58
oracle enterprise_manager_ops_center 12.4.0.0
oracle communications_session_router cz8.3
netapp aff_a250_firmware -
oracle enterprise_manager_base_platform 13.3.0.0
netapp oncommand_workflow_automation -
oracle http_server 12.2.1.4.0
oracle communications_session_border_controller cz8.3
netapp oncommand_insight -
fedoraproject fedora 32
oracle peoplesoft_enterprise_peopletools 8.57
debian debian_linux 9.0
oracle enterprise_manager_for_storage_management 13.4.0.0
oracle business_intelligence 12.2.1.4.0
oracle business_intelligence 5.9.0.0.0
oracle jd_edwards_world_security a9.4
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
netapp manageability_software_development_kit -
netapp active_iq_unified_manager -
oracle communications_session_border_controller cz8.4
netapp snapcenter -
oracle communications_unified_session_manager scz8.2.5
oracle enterprise_session_border_controller cz8.3
oracle mysql_server *
oracle communications_session_border_controller cz8.2
oracle business_intelligence 12.2.1.3.0
oracle enterprise_communications_broker pcz3.3
CVE-2020-24486 LOW

Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
netapp e-series_bios -
siemens simatic_ipc547g_firmware *
netapp solidfire_bios -
netapp fas_bios -
netapp hci_storage_node_bios -
intel bios -
netapp aff_bios -
netapp cloud_backup -
netapp hci_compute_node_bios -
CVE-2020-24506 LOW

Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens simatic_ipc647e_firmware *
siemens simatic_ipc677e_firmware *
intel converged_security_and_manageability_engine *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
siemens simatic_ipc627e_firmware *
CVE-2020-24507 LOW

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-665,

Products Affected

Vendor Product Version
siemens simatic_ipc547g_firmware *
siemens simatic_ipc477e_pro_firmware *
siemens simatic_itp1000_firmware *
intel converged_security_and_manageability_engine *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc527g_firmware *
siemens simatic_ipc627e_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc677e_firmware *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2020-24513 LOW

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
intel atom_c3558rc -
siemens simatic_ipc127e_firmware *
intel celeron_n3350 -
debian debian_linux 10.0
intel atom_c3758r -
intel atom_c3708 -
intel p5962b -
intel atom_c3538 -
intel pentium_silver_j5040 -
siemens simatic_drive_controller_firmware *
intel celeron_n4000 -
intel celeron_j4105 -
intel atom_x5-a3950 -
intel celeron_n3450 -
intel celeron_j4005 -
intel pentium_silver_n5000 -
intel atom_x6211e -
intel p5921b -
siemens simatic_et_200sp_open_controller_firmware *
intel celeron_n3350e -
intel atom_c3558 -
intel atom_c3758 -
intel celeron_j3355 -
intel atom_c3750 -
intel pentium_silver_n5030 -
intel atom_c3436l -
intel celeron_n4020 -
intel atom_x5-a3930 -
intel pentium_silver_j5005 -
intel atom_x6212re -
intel atom_x5-a3940 -
intel p5931b -
intel pentium_n4200 -
intel atom_c3508 -
intel pentium_j4205 -
intel atom_c3336 -
intel pentium_j6425 -
intel pentium_n6415 -
intel atom_x6413e -
intel atom_x6427fe -
intel celeron_j3455 -
intel celeron_j3355e -
intel celeron_n4120 -
intel pentium_n4200e -
intel atom_c3338 -
intel atom_x6425re -
intel atom_c3955 -
intel atom_c3308 -
intel atom_x6425e -
debian debian_linux 9.0
intel atom_p5942b -
intel celeron_n4100 -
intel atom_c3858 -
intel atom_x5-a3960 -
intel atom_c3950 -
intel atom_c3338r -
intel atom_c3558r -
intel atom_c3830 -
intel atom_x6200fe -
intel celeron_j4025 -
intel celeron_j4125 -
intel atom_c3808 -
intel core_i5-l16g7 -
intel atom_c3850 -
intel atom_c3958 -
intel core_i3-l13g4 -
intel celeron_j6413 -
intel celeron_n6211 -
intel celeron_j3455e -
CVE-2020-24588 LOW

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
arista o-90_firmware -
cisco ir829gw-lte-vz-ak9_firmware -
cisco meraki_gr60_firmware -
arista c-200_firmware -
microsoft windows_10 2004
microsoft windows_server_2016 -
cisco meraki_mx68w_firmware -
intel ac_9260_firmware -
linux linux_kernel *
intel proset_wi-fi_6e_ax210_firmware -
cisco aironet_1852_firmware -
siemens scalance_w1788-1_firmware -
siemens scalance_w1788-2ia_firmware -
cisco meraki_mx67w_firmware -
arista c-110_firmware -
intel proset_wi-fi_6_ax200_firmware -
cisco meraki_mr46_firmware -
cisco meraki_mr66_firmware -
microsoft windows_server_2012 -
intel proset_wireless_7265_(rev_d)_firmware -
cisco 1109-4p_firmware -
cisco catalyst_9117_ap_firmware -
siemens scalance_w734-1_firmware -
cisco meraki_mr84_firmware -
arista c-230_firmware -
cisco webex_room_kit_firmware -
arista c-235_firmware -
cisco catalyst_9130axe_firmware -
cisco aironet_1800i_firmware -
cisco aironet_1832_firmware -
cisco ip_phone_6861_firmware -
cisco aironet_1815_firmware -
intel proset_ac_3165_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
cisco meraki_mr52_firmware -
siemens scalance_w738-1_firmware -
intel killer_wi-fi_6_ax1650_firmware -
microsoft windows_10 1607
cisco webex_room_70_firmware -
cisco aironet_1800_firmware -
cisco catalyst_9130_firmware -
cisco meraki_mr20_firmware -
arista c-130_firmware -
cisco ir829-2lte-ea-ek9_firmware -
cisco meraki_mr42e_firmware -
siemens scalance_w748-1_firmware -
intel ac_9560_firmware -
cisco ip_phone_8861_firmware -
cisco meraki_mr70_firmware -
microsoft windows_10 20h2
cisco webex_room_70_dual_firmware -
cisco meraki_mr76_firmware -
cisco webex_board_55_firmware -
cisco webex_board_85s_firmware -
cisco meraki_mx67cw_firmware -
cisco webex_dx80_firmware -
cisco meraki_gr10_firmware -
cisco aironet_ap803_firmware -
arista o-105_firmware -
siemens scalance_w721-1_firmware -
intel wi-fi_6_ax200_firmware -
arista c-260_firmware -
cisco webex_room_kit_mini_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
cisco webex_board_55s_firmware -
cisco meraki_mx64w_firmware -
siemens scalance_wam766-1_6ghz_firmware -
microsoft windows_8.1 -
arista w-118_firmware -
cisco 1109-2p_firmware -
cisco aironet_iw3702_firmware -
cisco catalyst_9115_firmware -
cisco meraki_z3_firmware -
cisco catalyst_9117_firmware -
siemens scalance_w788-2_firmware -
microsoft windows_7 -
cisco ir829gw-lte-ga-ek9_firmware -
cisco catalyst_9117axi_firmware -
cisco aironet_1815i_firmware -
siemens scalance_wum763-1_firmware -
cisco catalyst_9120axi_firmware -
debian debian_linux 9.0
cisco meraki_mr34_firmware -
cisco 1100-8p_firmware -
cisco webex_room_55_dual_firmware -
siemens scalance_w774-1_firmware -
arista c-75_firmware -
cisco ir829-2lte-ea-bk9_firmware -
cisco webex_board_70_firmware -
cisco catalyst_9120_ap_firmware -
cisco meraki_mr56_firmware -
cisco catalyst_9115_ap_firmware -
cisco catalyst_9124axd_firmware -
cisco catalyst_9115axe_firmware -
intel proset_ac_8260_firmware -
intel proset_ac_9260_firmware -
intel proset_wi-fi_6_ax201_firmware -
microsoft windows_server_2008 -
cisco ip_phone_8832_firmware -
microsoft windows_10 1809
microsoft windows_10 -
cisco catalyst_9105_firmware -
intel killer_ac_1550_firmware -
cisco meraki_mr86_firmware -
linux mac80211 -
cisco meraki_mr53e_firmware -
cisco meraki_mx65w_firmware -
intel proset_ac_8265_firmware -
microsoft windows_server_2016 2004
cisco meraki_mr33_firmware -
microsoft windows_10 1803
cisco 1100_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
cisco webex_dx70_firmware -
cisco meraki_mr72_firmware -
siemens scalance_wum766-1_firmware -
intel ac_8265_firmware -
cisco catalyst_9120_firmware -
intel proset_ac_3168_firmware -
cisco catalyst_9130_ap_firmware -
siemens scalance_wum766-1_6ghz_firmware -
intel proset_ac_9462_firmware -
siemens scalance_w788-1_firmware -
cisco catalyst_9120axe_firmware -
cisco meraki_mr53_firmware -
cisco meraki_mr44_firmware -
cisco meraki_mx68cw_firmware -
cisco meraki_mr12_firmware -
arista c-65_firmware -
siemens scalance_w786-1_firmware -
cisco catalyst_9124axi_firmware -
cisco catalyst_9105axw_firmware -
microsoft windows_server_2019 -
arista c-250_firmware -
cisco ir829-2lte-ea-ak9_firmware -
siemens scalance_w1748-1_firmware -
cisco aironet_1532_firmware -
arista c-100_firmware -
cisco webex_room_55_firmware -
siemens scalance_w761-1_firmware -
cisco meraki_mr55_firmware -
cisco meraki_mr42_firmware -
cisco meraki_mr74_firmware -
cisco 1100-4p_firmware -
cisco catalyst_9115axi_firmware -
cisco meraki_mr46e_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
arista c-120_firmware -
cisco meraki_mr26_firmware -
cisco catalyst_9130axi_firmware -
intel proset_ac_9461_firmware -
cisco 1101-4p_firmware -
microsoft windows_10 1909
microsoft windows_rt_8.1 -
cisco ip_phone_8821_firmware -
cisco meraki_mr32_firmware -
cisco aironet_1810_firmware -
cisco catalyst_9120axp_firmware -
cisco catalyst_9124_firmware -
cisco aironet_1810w_firmware -
siemens scalance_w722-1_firmware -
siemens scalance_w786-2_firmware -
cisco aironet_1542d_firmware -
cisco webex_board_70s_firmware -
cisco catalyst_9105axi_firmware -
cisco aironet_1842_firmware -
siemens scalance_w1750d_firmware -
siemens scalance_w778-1_firmware -
siemens scalance_wam766-1_firmware -
siemens scalance_w1788-2_firmware -
arista w-68_firmware -
siemens scalance_w786-2ia_firmware -
cisco meraki_mr36_firmware -
microsoft windows_server_2008 r2
siemens scalance_wam763-1_firmware -
cisco webex_room_70_single_g2_firmware -
cisco meraki_mr30h_firmware -
cisco ip_phone_8865_firmware -
intel proset_ac_9560_firmware -
cisco aironet_1542i_firmware -
intel ac_8260_firmware -
cisco meraki_z3c_firmware -
cisco ir829gw-lte-na-ak9_firmware -
intel wi-fi_6_ax201_firmware -
ieee ieee_802.11 *
cisco meraki_mr62_firmware -
cisco webex_room_70_dual_g2_firmware -
cisco meraki_mr45_firmware -
cisco webex_room_70_single_firmware -
CVE-2020-24635 HIGH

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2020-24636 HIGH

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2020-25226 HIGH

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens scalance_xb213-3_firmware *
siemens scalance_xc206-2g_poe__firmware *
siemens scalance_x320-3ldfe_firmware *
siemens scalance_xp208eec_firmware *
siemens scalance_xp208_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xc216_firmware *
siemens scalance_xc206-2sfp_firmware *
siemens scalance_xc224-4c_g__firmware *
siemens scalance_xp208_(eip)_firmware *
siemens scalance_xc208g_eec_firmware *
siemens scalance_x202-2pirt_siplus_net_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_xf204_dna_firmware *
siemens scalance_x307-3ld_firmware *
siemens scalance_xf208_firmware *
siemens scalance_xp216_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xp208poe_eec_firmware *
siemens scalance_x310_firmware *
siemens scalance_xc208g_firmware *
siemens scalance_xc224-4c_g_(e/ip)_firmware *
siemens scalance_x201-3pirt_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xb216_firmware *
siemens scalance_xc224-4c_g_eec_firmware *
siemens scalance_xc206-2sfp_g_(e/ip)_firmware *
siemens scalance_xp216eec_firmware *
siemens scalance_xb205-3_firmware *
siemens scalance_x202-2pirt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_xc208g_(e/ip)_firmware *
siemens scalance_xc206-2g_poe_eec_firmware *
siemens scalance_xc216eec_firmware *
siemens scalance_xc224__firmware *
siemens scalance_xc206-2sfp_eec_firmware *
siemens scalance_xc216-4c_g_(e/ip)_firmware *
siemens scalance_xc216-4c_g_eec_firmware *
siemens scalance_xc206-2_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_xc206-2sfp_g_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_xp216_(eip)_firmware *
siemens scalance_x200-4pirt_firmware *
siemens scalance_xb205-3ld_firmware *
siemens scalance_xf204_firmware *
siemens scalance_xf204-2ba_dna_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_xc216-4c_firmware *
siemens scalance_xp216poe_eec_firmware *
siemens scalance_xc216-4c_g_firmware *
siemens scalance_xc208g_poe_firmware *
siemens scalance_xc208_firmware *
siemens scalance_xb213-3ld_firmware *
siemens scalance_xb208_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xc208eec_firmware *
siemens scalance_xc206-2sfp_g_eec_firmware *
CVE-2020-25228 HIGH

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-25229 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-25230 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-25231 LOW

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
siemens logo!_soft_comfort *
CVE-2020-25232 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-25233 LOW

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-321,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-25234 LOW

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.5 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-321,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-25235 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-25236 MEDIUM

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device executing the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-25237 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens sinema_server 14.0
siemens sinema_server *
siemens sinec_network_management_system 1.0
siemens sinec_network_management_system *
CVE-2020-25238 HIGH

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-427,

Products Affected

Vendor Product Version
siemens totally_integrated_automation_portal 15
siemens totally_integrated_automation_portal 16
siemens simatic_process_control_system_neo *
siemens totally_integrated_automation_portal 15.1
CVE-2020-25239 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2020-25240 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2020-25241 MEDIUM

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1285,CWE-129,

Products Affected

Vendor Product Version
siemens simatic_mv440_sr_firmware *
siemens simatic_mv420_sr-b_body_firmware *
siemens simatic_mv420_sr-p_firmware *
siemens simatic_mv420_sr-b_firmware *
siemens simatic_mv440_hr_firmware *
siemens simatic_mv420_sr-p_body_firmware *
siemens simatic_mv440_ur_firmware *
CVE-2020-25242 HIGH

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
siemens simatic_net_cp_343-1_lean_firmware *
siemens simatic_net_cp_343-1_advanced_firmware *
siemens simatic_net_cp_343-1_standard_firmware *
CVE-2020-25243 HIGH

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a system takeover by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 2.5 2.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens logo!_soft_comfort *
CVE-2020-25244 HIGH

A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). The software insecurely loads libraries which makes it vulnerable to DLL hijacking. Successful exploitation by a local attacker could lead to a takeover of the system where the software is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
siemens logo!_soft_comfort *
CVE-2020-25245 HIGH

A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
siemens digsi_4 4.94
siemens digsi_4 *
CVE-2020-26140 LOW

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
cisco ir829gw-lte-vz-ak9_firmware -
arista c-200_firmware -
intel proset_wi-fi_6e_ax210_firmware -
cisco meraki_mx67w_firmware -
intel proset_wi-fi_6_ax200_firmware -
cisco meraki_mr46_firmware -
cisco meraki_mr66_firmware -
cisco esw6300_firmware -
siemens scalance_w734-1_firmware -
cisco meraki_mr84_firmware -
cisco webex_room_kit_firmware -
cisco catalyst_9130axe_firmware -
cisco aironet_1800i_firmware -
cisco aironet_1832_firmware -
cisco aironet_1560_firmware -
cisco ip_phone_6861_firmware -
cisco aironet_1815_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
cisco meraki_mr52_firmware -
siemens scalance_w738-1_firmware -
cisco esw-6300-con-x-k9_firmware -
cisco catalyst_9130_firmware -
arista c-130_firmware -
intel ac_9560_firmware -
cisco ip_phone_8861_firmware -
cisco aironet_4800_firmware -
cisco meraki_mr76_firmware -
cisco aironet_ap803_firmware -
arista c-260_firmware -
cisco webex_room_kit_mini_firmware -
cisco webex_board_55s_firmware -
cisco 1109-2p_firmware -
cisco aironet_iw3702_firmware -
cisco meraki_z3_firmware -
cisco catalyst_9117axi_firmware -
cisco 1100-8p_firmware -
siemens scalance_w774-1_firmware -
cisco ir829-2lte-ea-bk9_firmware -
cisco webex_board_70_firmware -
cisco catalyst_9120_ap_firmware -
cisco meraki_mr56_firmware -
cisco catalyst_9115_ap_firmware -
cisco catalyst_9115axe_firmware -
intel proset_ac_9260_firmware -
cisco ip_phone_8832_firmware -
intel killer_ac_1550_firmware -
cisco meraki_mr86_firmware -
cisco aironet_1562d_firmware -
cisco meraki_mr53e_firmware -
cisco catalyst_iw6300_dcw_firmware -
cisco webex_dx70_firmware -
siemens scalance_wum766-1_firmware -
intel ac_8265_firmware -
cisco catalyst_9130_ap_firmware -
cisco catalyst_9120axe_firmware -
cisco meraki_mr53_firmware -
cisco meraki_mr44_firmware -
cisco meraki_mr12_firmware -
arista c-65_firmware -
cisco catalyst_9105axw_firmware -
cisco ir829-2lte-ea-ak9_firmware -
siemens scalance_w1748-1_firmware -
arista c-100_firmware -
siemens scalance_w761-1_firmware -
cisco meraki_mr42_firmware -
cisco aironet_3702_firmware -
cisco catalyst_9130axi_firmware -
cisco 1101-4p_firmware -
cisco ip_phone_8821_firmware -
cisco catalyst_9120axp_firmware -
cisco aironet_1562i_firmware -
cisco aironet_1810w_firmware -
cisco webex_board_70s_firmware -
cisco aironet_2800i_firmware -
cisco aironet_3800p_firmware -
siemens scalance_wam766-1_firmware -
siemens scalance_w1788-2_firmware -
cisco aironet_3800e_firmware -
siemens scalance_wam763-1_firmware -
cisco webex_room_70_single_g2_firmware -
cisco meraki_mr30h_firmware -
cisco ip_phone_8865_firmware -
cisco aironet_1542i_firmware -
cisco meraki_mr62_firmware -
cisco webex_room_70_dual_g2_firmware -
cisco meraki_mr45_firmware -
cisco aironet_1562e_firmware -
arista o-90_firmware -
cisco meraki_gr60_firmware -
cisco meraki_mx68w_firmware -
intel ac_9260_firmware -
cisco aironet_1852_firmware -
siemens scalance_w1788-1_firmware -
siemens scalance_w1788-2ia_firmware -
cisco catalyst_iw6300_ac_firmware -
arista c-110_firmware -
intel proset_wireless_7265_(rev_d)_firmware -
cisco 1109-4p_firmware -
cisco aironet_1702_firmware -
cisco catalyst_9117_ap_firmware -
arista c-230_firmware -
arista c-235_firmware -
cisco aironet_2800e_firmware -
intel proset_ac_3165_firmware -
intel killer_wi-fi_6_ax1650_firmware -
cisco webex_room_70_firmware -
cisco aironet_1800_firmware -
cisco meraki_mr20_firmware -
cisco ir829-2lte-ea-ek9_firmware -
cisco meraki_mr42e_firmware -
siemens scalance_w748-1_firmware -
cisco aironet_3800_firmware -
cisco meraki_mr70_firmware -
cisco webex_room_70_dual_firmware -
cisco webex_board_55_firmware -
cisco webex_board_85s_firmware -
cisco meraki_mx67cw_firmware -
cisco webex_dx80_firmware -
cisco meraki_gr10_firmware -
arista o-105_firmware -
siemens scalance_w721-1_firmware -
intel wi-fi_6_ax200_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
cisco meraki_mx64w_firmware -
siemens scalance_wam766-1_6ghz_firmware -
arista w-118_firmware -
cisco catalyst_9115_firmware -
cisco catalyst_9117_firmware -
siemens scalance_w788-2_firmware -
cisco ir829gw-lte-ga-ek9_firmware -
cisco aironet_1815i_firmware -
siemens scalance_wum763-1_firmware -
cisco catalyst_9120axi_firmware -
cisco meraki_mr34_firmware -
cisco webex_room_55_dual_firmware -
arista c-75_firmware -
cisco catalyst_9124axd_firmware -
intel proset_ac_8260_firmware -
intel proset_wi-fi_6_ax201_firmware -
cisco catalyst_9105_firmware -
cisco meraki_mx65w_firmware -
intel proset_ac_8265_firmware -
cisco catalyst_iw6300_dc_firmware -
cisco meraki_mr33_firmware -
cisco 1100_firmware -
cisco aironet_1572_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
cisco meraki_mr72_firmware -
cisco aironet_3800i_firmware -
cisco catalyst_9120_firmware -
intel proset_ac_3168_firmware -
siemens scalance_wum766-1_6ghz_firmware -
intel proset_ac_9462_firmware -
siemens scalance_w788-1_firmware -
cisco aironet_2800_firmware -
cisco aironet_1552h_firmware -
cisco meraki_mx68cw_firmware -
cisco catalyst_iw6300_firmware -
siemens scalance_w786-1_firmware -
cisco catalyst_9124axi_firmware -
arista c-250_firmware -
cisco aironet_1532_firmware -
cisco webex_room_55_firmware -
cisco meraki_mr55_firmware -
cisco meraki_mr74_firmware -
cisco 1100-4p_firmware -
cisco catalyst_9115axi_firmware -
cisco meraki_mr46e_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
arista c-120_firmware -
cisco meraki_mr26_firmware -
intel proset_ac_9461_firmware -
cisco meraki_mr32_firmware -
cisco aironet_1810_firmware -
cisco catalyst_9124_firmware -
siemens scalance_w722-1_firmware -
siemens scalance_w786-2_firmware -
cisco aironet_1542d_firmware -
cisco catalyst_9105axi_firmware -
cisco aironet_1842_firmware -
siemens scalance_w1750d_firmware -
siemens scalance_w778-1_firmware -
arista w-68_firmware -
siemens scalance_w786-2ia_firmware -
cisco meraki_mr36_firmware -
intel proset_ac_9560_firmware -
cisco aironet_1552_firmware -
alfa awus036h_firmware 6.1316.1209
cisco aironet_2702_firmware -
intel ac_8260_firmware -
cisco meraki_z3c_firmware -
cisco ir829gw-lte-na-ak9_firmware -
intel wi-fi_6_ax201_firmware -
cisco webex_room_70_single_firmware -
CVE-2020-26141 LOW

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-354,

Products Affected

Vendor Product Version
siemens 6gk5748-1fc00-0ab0_firmware -
siemens 6gk5788-2fc00-0aa0_firmware -
cisco meraki_mr44_firmware *
siemens 6gk5788-2gd00-0ab0_firmware -
siemens 6gk5734-1fx00-0aa0_firmware -
cisco meraki_mr74_firmware *
siemens 6gk5786-1fc00-0ab0_firmware -
cisco meraki_mx67w_firmware *
cisco meraki_mr55_firmware *
cisco meraki_mr53_firmware *
siemens 6gk5788-1fc00-0ab0_firmware -
cisco meraki_mr62_firmware *
siemens 6gk5774-1fx00-0ab0_firmware -
cisco meraki_z3_firmware *
siemens 6gk5738-1gy00-0aa0_firmware -
siemens 6gk5748-1gd00-0aa0_firmware -
siemens 6gk5734-1fx00-0ab6_firmware -
siemens 6gk5778-1gy00-0tb0_firmware -
cisco meraki_mr42_firmware *
siemens 6gk5774-1fy00-0tb0_firmware -
cisco meraki_mr66_firmware *
siemens 6gk5786-2hc00-0aa0_firmware -
cisco meraki_mx68w_firmware *
siemens 6gk5786-2fc00-0aa0_firmware -
cisco meraki_mr56_firmware *
cisco meraki_mr86_firmware *
cisco meraki_mr30h_firmware *
cisco ip_phone_8865_firmware *
siemens 6gk5788-2fc00-0ac0_firmware -
cisco wireless_ip_phone_8821_firmware *
siemens 6gk5788-2gd00-0ta0_firmware -
siemens 6gk5786-1fc00-0aa0_firmware -
cisco meraki_mr36_firmware *
siemens 6gk5738-1gy00-0ab0_firmware -
siemens 6gk5786-2fc00-0ac0_firmware -
cisco ip_phone_6861_firmware *
cisco meraki_mr76_firmware *
siemens 6gk5722-1fc00-0ab0_firmware -
siemens 6gk5788-2gd00-0tb0_firmware -
cisco meraki_mr84_firmware *
siemens 6gk5774-1fx00-0aa0_firmware -
siemens 6gk5788-1fc00-0aa0_firmware -
siemens 6gk5788-1gd00-0ab0_firmware -
siemens 6gk5721-1fc00-0ab0_firmware -
siemens 6gk5722-1fc00-0ac0_firmware -
cisco meraki_mx67cw_firmware *
cisco webex_room_series_firmware *
cisco meraki_mr32_firmware *
siemens 6gk5778-1gy00-0ta0_firmware -
siemens 6gk5786-2fc00-0ab0_firmware -
cisco meraki_mr46e_firmware *
cisco meraki_mr53e_firmware *
cisco webex_desk_series_firmware *
siemens 6gk5748-1gd00-0ab0_firmware -
cisco webex_board_series_firmware *
siemens 6gk5761-1fc00-0ab0_firmware -
cisco meraki_mr72_firmware *
cisco ip_conference_phone_8832_firmware *
cisco meraki_mr52_firmware *
siemens 6gk5786-2hc00-0ab0_firmware -
siemens 6gk5774-1fy00-0ta0_firmware -
siemens 6gk5761-1fc00-0aa0_firmware -
cisco meraki_mr46_firmware *
cisco meraki_mr42e_firmware *
cisco meraki_gr60_firmware *
cisco webex_wireless_phone_840_firmware *
cisco meraki_mr26_firmware *
siemens 6gk5774-1fx00-0aa6_firmware -
siemens 6gk5778-1gy00-0aa0_firmware -
siemens 6gk5788-2gd00-0tc0_firmware -
cisco meraki_mr33_firmware *
cisco meraki_z3c_firmware *
siemens 6gk5748-1fc00-0aa0_firmware -
siemens 6gk5722-1fc00-0aa0_firmware -
cisco meraki_mx68cw_firmware *
cisco meraki_mr20_firmware *
cisco meraki_mx65w_firmware *
cisco meraki_mx64w_firmware *
cisco meraki_gr10_firmware *
cisco meraki_mr18_firmware *
siemens 6gk5788-2gd00-0aa0_firmware -
siemens 6gk5734-1fx00-0ab0_firmware -
siemens 6gk5721-1fc00-0aa0_firmware -
cisco meraki_mr70_firmware *
siemens 6gk5788-1gd00-0aa0_firmware -
alfa awus036h_firmware 6.1316.1209
cisco meraki_mr12_firmware *
siemens 6gk5774-1fx00-0ab6_firmware -
siemens 6gk5788-2fc00-0ab0_firmware -
cisco webex_wireless_phone_860_firmware *
cisco ip_phone_8861_firmware *
cisco meraki_mr45_firmware *
siemens 6gk5778-1gy00-0ab0_firmware -
cisco meraki_mr34_firmware *
siemens 6gk5734-1fx00-0aa6_firmware -
CVE-2020-26143 LOW

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_w700_ieee_802.11n_firmware *
arista o-90_firmware -
arista c-65_firmware -
arista w-68_firmware -
alfa awus036h_firmware 1030.36.604
arista c-75_firmware -
CVE-2020-26144 LOW

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_w700_ieee_802.11n_firmware *
arista o-90_firmware -
arista c-100_firmware *
arista c-230_firmware *
arista w-68_firmware -
siemens scalance_w700_ieee_802.11ax_firmware *
arista c-250_firmware *
arista w-118_firmware *
arista c-130_firmware *
arista c-235_firmware *
arista c-260_firmware *
arista c-120_firmware *
arista c-75_firmware -
arista c-110_firmware *
arista c-200_firmware *
arista c-65_firmware -
samsung galaxy_i9305_firmware 4.4.4
arista o-105_firmware *
CVE-2020-26145 LOW

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens 6gk5766-1ge00-7db0_firmware *
siemens 6gk5763-1al00-3aa0_firmware *
siemens 6gk5766-1je00-7da0_firmware *
siemens 6gk5766-1ge00-3da0_firmware *
siemens 6gk5766-1je00-3da0_firmware *
siemens 6gk5766-1ge00-7da0_firmware *
siemens 6gk5763-1al00-3da0_firmware *
siemens 6gk5766-1je00-7ta0_firmware *
siemens 6gk5763-1al00-7da0_firmware *
siemens 6gk5766-1ge00-3db0_firmware *
samsung galaxy_i9305_firmware 4.4.4
siemens 6gk5766-1ge00-7ta0_firmware *
siemens 6gk5766-1ge00-7tb0_firmware *
CVE-2020-26146 LOW

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_w700_ieee_802.11n_firmware *
arista o-90_firmware -
arista c-100_firmware *
arista c-230_firmware *
arista w-68_firmware -
arista c-250_firmware *
arista w-118_firmware *
arista c-130_firmware *
arista c-235_firmware *
siemens scalance_w1700_ieee_802.11ac_firmware *
arista c-260_firmware *
arista c-120_firmware *
arista c-75_firmware -
arista c-110_firmware *
arista c-200_firmware *
arista c-65_firmware -
samsung galaxy_i9305_firmware 4.4.4
arista o-105_firmware *
siemens scalance_w1750d_firmware *
CVE-2020-26147 LOW

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N 1.2 4.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens scalance_w700_ieee_802.11n_firmware *
arista o-90_firmware -
arista c-65_firmware -
arista w-68_firmware -
linux linux_kernel *
debian debian_linux 9.0
siemens scalance_w1700_ieee_802.11ac_firmware *
arista c-75_firmware -
CVE-2020-26980 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-843,CWE-843,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26981 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26982 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26983 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26984 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26985 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26986 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26987 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26988 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26989 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens solid_edge *
siemens jt2go *
siemens solid_edge se2021
CVE-2020-26990 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-843,CWE-843,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26991 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-822,CWE-476,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26992 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26993 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26994 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26995 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26996 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26997 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-822,CWE-119,

Products Affected

Vendor Product Version
siemens solid_edge_se2020 *
siemens solid_edge_se2021 *
CVE-2020-26998 LOW

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-26999 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27000 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27001 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27002 LOW

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27003 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-822,CWE-119,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27004 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27005 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27006 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27007 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27008 LOW

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-27009 MEDIUM

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
productcert@siemens.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-823,CWE-787,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens nucleus_source_code -
CVE-2020-27304 HIGH

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
civetweb_project civetweb *
CVE-2020-27339 HIGH

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens ruggedcom_apr1808_firmware -
siemens simatic_ipc127e_firmware -
siemens simatic_ipc227g_firmware -
siemens simatic_field_pg_m5_firmware -
siemens simatic_ipc277g_firmware -
siemens simatic_ipc677e_firmware -
siemens simatic_ipc477e_firmware -
siemens simatic_ipc427e_firmware -
siemens simatic_ipc847e_firmware -
siemens simatic_ipc647e_firmware -
insyde insydeh2o *
siemens simatic_ipc477e_pro_firmware -
siemens simatic_ipc377g_firmware -
siemens simatic_field_pg_m6_firmware -
siemens simatic_itp1000_firmware -
siemens simatic_ipc627e_firmware -
siemens simatic_ipc327g_firmware -
CVE-2020-27632 MEDIUM

In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_mv420_firmware *
siemens simatic_mv440_firmware *
CVE-2020-27736 MEDIUM

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 2.2 4.2
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 2.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-170,CWE-125,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens nucleus_source_code -
siemens nucleus_readystart_v3 *
siemens simotics_connect_400_firmware *
siemens nucleus_readystart_v4 *
CVE-2020-27737 MEDIUM

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 2.2 4.2
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 2.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens nucleus_source_code -
siemens nucleus_readystart_v3 *
siemens simotics_connect_400_firmware *
siemens nucleus_readystart_v4 *
CVE-2020-27738 MEDIUM

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 2.2 5.2
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H 2.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-788,CWE-119,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens nucleus_source_code -
siemens nucleus_readystart_v3 *
siemens simotics_connect_400_firmware *
siemens nucleus_readystart_v4 *
CVE-2020-27827 HIGH

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
siemens tim_1531_irc_firmware *
lldpd_project lldpd *
redhat openshift_container_platform 4.0
siemens simatic_net_cp_1542sp-1_firmware -
siemens simatic_net_cp_1542sp-1_irc_firmware -
siemens simatic_net_cp_1543-1_firmware -
siemens simatic_net_cp_1545-1_firmware -
redhat enterprise_linux 7.0
redhat virtualization 4.0
siemens simatic_net_cp_1243-1_firmware -
redhat openstack 13
siemens sinumerik_one_firmware *
fedoraproject fedora 33
openvswitch openvswitch *
siemens simatic_hmi_unified_comfort_panels_firmware *
siemens simatic_net_cp_1243-8_irc_firmware -
redhat openstack 10
redhat enterprise_linux 8.0
siemens simatic_net_cp_1543sp-1_firmware -
CVE-2020-28168 MEDIUM

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
axios axios *
siemens sinec_ins *
CVE-2020-28381 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2020
siemens solid_edge *
siemens solid_edge se2021
CVE-2020-28382 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2020
siemens solid_edge *
siemens solid_edge se2021
CVE-2020-28383 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2020
siemens teamcenter_visualization *
siemens jt2go *
siemens solid_edge se2021
CVE-2020-28384 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2020
siemens solid_edge *
siemens solid_edge se2021
CVE-2020-28385 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2020
siemens solid_edge *
siemens solid_edge se2021
CVE-2020-28386 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2020
siemens solid_edge *
siemens solid_edge se2021
CVE-2020-28387 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2021
CVE-2020-28388 MEDIUM

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-342,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens capital_vstar *
siemens nucleus_source_code *
siemens pluscontrol_1st_gen *
siemens nucleus_readystart *
CVE-2020-28390 LOW

A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
siemens opcenter_execution_core 8.2
siemens opcenter_execution_core 8.3
CVE-2020-28391 MEDIUM

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
siemens scalance_xb213-3_firmware *
siemens scalance_xc206-2g_poe__firmware *
siemens scalance_x320-3ldfe_firmware *
siemens scalance_xp208eec_firmware *
siemens scalance_xp208_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xc216_firmware *
siemens scalance_xc206-2sfp_firmware *
siemens scalance_xc224-4c_g__firmware *
siemens scalance_xp208_(eip)_firmware *
siemens scalance_xc208g_eec_firmware *
siemens scalance_x202-2pirt_siplus_net_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_xf204_dna_firmware *
siemens scalance_x307-3ld_firmware *
siemens scalance_xf208_firmware *
siemens scalance_xp216_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xp208poe_eec_firmware *
siemens scalance_x310_firmware *
siemens scalance_xc208g_firmware *
siemens scalance_xc224-4c_g_(e/ip)_firmware *
siemens scalance_x201-3pirt_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xb216_firmware *
siemens scalance_xc224-4c_g_eec_firmware *
siemens scalance_xc206-2sfp_g_(e/ip)_firmware *
siemens scalance_xp216eec_firmware *
siemens scalance_xb205-3_firmware *
siemens scalance_x202-2pirt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_xc208g_(e/ip)_firmware *
siemens scalance_xc206-2g_poe_eec_firmware *
siemens scalance_xc216eec_firmware *
siemens scalance_xc224__firmware *
siemens scalance_xc206-2sfp_eec_firmware *
siemens scalance_xc216-4c_g_(e/ip)_firmware *
siemens scalance_xc216-4c_g_eec_firmware *
siemens scalance_xc206-2_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_xc206-2sfp_g_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_xp216_(eip)_firmware *
siemens scalance_x200-4pirt_firmware *
siemens scalance_xb205-3ld_firmware *
siemens scalance_xf204_firmware *
siemens scalance_xf204-2ba_dna_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_xc216-4c_firmware *
siemens scalance_xp216poe_eec_firmware *
siemens scalance_xc216-4c_g_firmware *
siemens scalance_xc208g_poe_firmware *
siemens scalance_xc208_firmware *
siemens scalance_xb213-3ld_firmware *
siemens scalance_xb208_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xc208eec_firmware *
siemens scalance_xc206-2sfp_g_eec_firmware *
CVE-2020-28392 MEDIUM

A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
siemens simaris_configuration *
CVE-2020-28393 HIGH

An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-682,

Products Affected

Vendor Product Version
siemens scalance_xm416-4c_l3_firmware *
siemens scalance_xr552_firmware *
siemens scalance_xm408-4c_firmware *
siemens scalance_xm408-8c_firmware *
siemens scalance_xm416-4c_firmware *
siemens scalance_xm-400_firmware *
siemens scalance_xr528_firmware *
siemens scalance_xm408-8c_l3_firmware *
siemens scalance_xr526_firmware *
siemens scalance_xr524_firmware *
siemens scalance_xm408-4c_l3_firmware *
CVE-2020-28394 LOW

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2020-28395 MEDIUM

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
siemens scalance_xr324-12m_firmware *
siemens scalance_xr324wg_firmware *
siemens scalance_xr326-2c_poe_wg_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_xr328-4c_wg_firmware *
CVE-2020-28396 MEDIUM

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N 2.1 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,CWE-327,

Products Affected

Vendor Product Version
siemens sicam_a8000_cp-8021_firmware *
siemens sicam_a8000_cp-8022_firmware *
siemens sicam_a8000_cp-8000_firmware *
CVE-2020-28397 MEDIUM

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
siemens cpu_1511-1pn_firmware *
siemens siplus_cpu_1518f-4_pn/dp_firmware *
siemens cpu_1517f-3_pn/dp_firmware *
siemens cpu_1515-2_firmware *
siemens cpu_1212fc_firmware 4.4
siemens cpu_1516tf-3_pn/dp_firmware *
siemens cpu_1214fc_firmware 4.4
siemens cpu_1515t-2_pn_firmware *
siemens cpu_1215c_firmware 4.4
siemens siplus_cpu_1512sp-1_pn_firmware *
siemens cpu_1516pro_f-2_pn_firmware *
siemens tim_1531_irc_firmware 2.1
siemens cpu_1518-4_pn/dp_firmware *
siemens cpu_1511c-1_pn_firmware *
siemens cpu_1516f-3_firmware *
siemens simatic_s7-1500_software_controller *
siemens siplus_cpu_1510sp_f-1pn_firmware *
siemens cpu_1214c_firmware 4.4
siemens siplus_cpu_1512sp_f-1pn_firmware *
siemens cpu_1504d_tf_firmware *
siemens simatic_s7_plcsim_advanced_firmware *
siemens siplus_cpu_1513f-1_pn_firmware *
siemens cpu_1512sp-1_pn_firmware *
siemens cpu_1516-3_firmware *
siemens cpu_1517t-3_pn/dp_firmware *
siemens cpu_1515sp_pc2_tf_firmware *
siemens siplus_cpu_1513-1_pn_firmware *
siemens siplus_cpu_1511-1_pn_firmware *
siemens cpu_1211c_firmware 4.4
siemens cpu_1215fc_firmware 4.4
siemens cpu_1513f-1_pn_firmware *
siemens siplus_cpu-1516f-3_pn/dp_firmware *
siemens cpu_1515r-2_pn_firmware *
siemens cpu_1515f-2_firmware *
siemens cpu_1212c_firmware 4.4
siemens cpu_1511t-1pn_firmware *
siemens cpu_1217c_firmware 4.4
siemens cpu1510sp_f-1_firmware *
siemens cpu_1510sp-1pn_firmware *
siemens cpu_1511tf-1pn_firmware *
siemens cpu_1516pro-2_pn_firmware *
siemens siplus_cpu_1516-3_pn/dp_firmware *
siemens cpu_1517tf-3_pn/dp_firmware *
siemens cpu_1513pro_f-2_pn_firmware *
siemens cpu_1511f-1pn_firmware *
siemens cpu_1517-3_pn/dp_firmware *
siemens cpu_1516t-3_pn/dp_firmware *
siemens cpu_1515tf-2_pn_firmware *
siemens cpu_1507d_tf_firmware *
siemens cpu_1512sp_f-1_pn_firmware *
siemens cpu_1513-1_pn_firmware *
siemens cpu_1512c-1_pn_firmware *
siemens cpu_1513r-1_pn_firmware *
siemens siplus_cpu_1511f-1_pn_firmware *
siemens cpu_1518f-4_pn/dp_firmware *
siemens siplus_cpu_1518-4_pn/dp_firmware *
CVE-2020-28400 MEDIUM

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
siemens scalance_x320-3ldfe_firmware *
siemens softnet-ie_pnio_firmware *
siemens scalance_x204-2ld_firmware *
siemens scalance_xb-200_firmware *
siemens scalance_x308-2lh_firmware *
siemens simatic_profinet_driver_firmware *
siemens simatic_s7-1200_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x204-2fm_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x208_firmware *
siemens scalance_x208pro_firmware *
siemens scalance_x212-2_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_xr-300wg_firmware *
siemens scalance_x204-2ts_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x307-3ld_firmware *
siemens scalance_xf208_firmware *
siemens scalance_m-800_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_x310_firmware *
siemens scalance_w1700_firmware *
siemens scalance_xf204_irt_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x202-2_irt_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x308-2m_poe_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens simatic_net_cp1626_firmware *
siemens simatic_ie/pb-link_v3_firmware *
siemens scalance_xf-200ba_firmware *
siemens simatic_net_cm_1542-1_firmware *
siemens scalance_x307-2eec_firmware *
siemens scalance_s615_firmware *
siemens scalance_xr500_firmware *
siemens dk_standard_ethernet_controller_evaluation_kit_firmware *
siemens scalance_x200-4_p_irt_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens simatic_net_cp1604_firmware *
siemens simatic_power_line_booster_plb_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens ek-ertec_200p_evaluation_kit_firmware *
siemens scalance_x212-2ld_firmware *
siemens scalance_x308-2ld_firmware *
siemens simatic_mv500_firmware *
siemens simatic_net_dk-16xx_pn_io *
siemens scalance_w700_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_xf204_firmware *
siemens scalance_x206-1ld_firmware *
siemens scalance_x204_irt_firmware *
siemens scalance_x308-2lh+_firmware *
siemens simatic_cfu_pa_firmware *
siemens simatic_net_cp1616_firmware *
siemens scalance_x224_firmware *
siemens scalance_x204_irt_pro_firmware *
siemens scalance_xp-200_firmware *
siemens scalance_x204-2_firmware *
siemens scalance_xm400_firmware *
siemens simocode_prov_profinet_firmware *
siemens ruggedcom_rm1224_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_xc-200_firmware *
siemens scalance_x204-2ld_ts_firmware *
siemens simocode_prov_ethernet/ip_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens ek-ertec_200_evaulation_kit_firmware *
siemens scalance_x216_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x206-1_firmware *
CVE-2020-28500 MEDIUM

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
report@snyk.io 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_policy 1.11.0
oracle jd_edwards_enterpriseone_tools *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle communications_services_gatekeeper 7.0
oracle banking_credit_facilities_process_management 14.5.0
oracle banking_supply_chain_finance 14.3.0
siemens sinec_ins *
oracle enterprise_communications_broker 3.2.0
lodash lodash *
oracle peoplesoft_enterprise_peopletools 8.58
oracle banking_corporate_lending_process_management 14.3.0
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_unifier *
oracle banking_extensibility_workbench 14.5.0
oracle primavera_gateway *
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle banking_supply_chain_finance 14.5.0
oracle communications_session_border_controller 8.4
oracle banking_corporate_lending_process_management 14.5.0
siemens sinec_ins 1.0
oracle communications_design_studio 7.4.2
oracle banking_trade_finance_process_management 14.5.0
oracle banking_trade_finance_process_management 14.2.0
oracle banking_extensibility_workbench 14.2.0
oracle primavera_unifier 19.12
oracle banking_credit_facilities_process_management 14.2.0
oracle primavera_unifier 20.12
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle banking_corporate_lending_process_management 14.2.0
oracle banking_credit_facilities_process_management 14.3.0
oracle communications_session_border_controller 9.0
oracle banking_trade_finance_process_management 14.3.0
oracle health_sciences_data_management_workbench 2.5.2.1
oracle primavera_unifier 18.8
oracle banking_extensibility_workbench 14.3.0
oracle banking_supply_chain_finance 14.2.0
oracle enterprise_communications_broker 3.3.0
oracle health_sciences_data_management_workbench 3.0.0.0
CVE-2020-35683 MEDIUM

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
hcc-embedded nichestack 3.0
siemens 7km9300-0ae02-0aa0_firmware *
CVE-2020-35684 MEDIUM

An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hcc-embedded nichestack 3.0
siemens sentron_3wl_com35_firmware *
siemens sentron_3wa_com190_firmware *
CVE-2020-35685 MEDIUM

An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
hcc-embedded nichestack 3.0
siemens sentron_3wl_com35_firmware *
siemens sentron_3wa_com190_firmware *
CVE-2020-36475 MEDIUM

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-131,

Products Affected

Vendor Product Version
siemens simatic_rtu3000c_firmware *
arm mbed_tls *
siemens logo!_cmr2040_firmware *
siemens simatic_rtu3041c_firmware *
debian debian_linux 9.0
siemens simatic_rtu3031c_firmware *
siemens logo!_cmr2020_firmware *
debian debian_linux 10.0
siemens simatic_rtu3030c_firmware *
CVE-2020-36478 MEDIUM

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
siemens simatic_rtu3000c_firmware *
arm mbed_tls *
siemens logo!_cmr2040_firmware *
siemens simatic_rtu3041c_firmware *
debian debian_linux 9.0
siemens simatic_rtu3031c_firmware *
siemens logo!_cmr2020_firmware *
debian debian_linux 10.0
siemens simatic_rtu3030c_firmware *
CVE-2020-5953 MEDIUM

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating privilege from ring 0 to ring -2).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_ipc127e_firmware -
siemens simatic_ipc227g_firmware -
siemens ruggedcom_ape1808_firmware -
siemens simatic_field_pg_m5_firmware -
insyde insydeh2o 5.33.15.0034
siemens simatic_ipc277g_firmware -
siemens simatic_ipc677e_firmware -
siemens simatic_ipc477e_firmware -
siemens simatic_ipc427e_firmware -
siemens simatic_ipc847e_firmware -
siemens simatic_ipc647e_firmware -
siemens simatic_ipc477e_pro_firmware -
insyde insydeh2o 5.12.09.0074
insyde insydeh2o 5.34.03.0029
siemens simatic_ipc377g_firmware -
insyde insydeh2o 5.42.03.0010
siemens simatic_field_pg_m6_firmware -
siemens simatic_itp1000_firmware -
insyde insydeh2o 5.23.45.0023
siemens simatic_ipc627e_firmware -
siemens simatic_ipc327g_firmware -
insyde insydeh2o 5.23.04.0045
CVE-2020-7461 HIGH

In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
freebsd freebsd 11.4
freebsd freebsd 12.1
siemens simatic_rf350m_firmware *
siemens simatic_rf650m_firmware *
freebsd freebsd 11.3
CVE-2020-7574 MEDIUM

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens climatix_pol908_firmware *
siemens climatix_pol909_firmware *
CVE-2020-7575 MEDIUM

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens climatix_pol908_firmware *
siemens climatix_pol909_firmware *
CVE-2020-7576 LOW

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens opcenter_execution_core *
CVE-2020-7577 MEDIUM

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Through the use of several vulnerable fields of the application, an authenticated user could perform an SQL Injection attack by passing a modified SQL query downstream to the back-end server. The exploit of this vulnerability could be used to read, and potentially modify application data to which the user has access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
siemens opcenter_execution_core *
CVE-2020-7578 MEDIUM

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-269,

Products Affected

Vendor Product Version
siemens opcenter_execution_core *
CVE-2020-7579 MEDIUM

A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens spectrum_power_5 *
siemens spectrum_power_5 5.50
CVE-2020-7580 HIGH

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
siemens simatic_wincc_open_architecture 3.17
siemens simatic_wincc *
siemens simatic_pcs_neo *
siemens simatic_s7-1500_software_controller *
siemens simatic_wincc_runtime_advanced *
siemens sinumerik_one_virtual *
siemens simatic_prosave *
siemens simatic_wincc 7.4
siemens simatic_s7-150_firmware *
siemens simatic_net_pc 16
siemens sinema_server *
siemens sinamics_starter_commissioning_tool *
siemens simatic_wincc 7.5
siemens simatic_net_pc *
siemens simatic_wincc_open_architecture 3.16
siemens simatic_step_7 5.6
siemens simatic_automatic_tool *
siemens simatic_wincc_runtime_professional *
siemens sinumerik_operate *
siemens simatic_step_7 *
siemens sinamics_startdrive *
siemens simatic_pcs_7 *
siemens sinec_network_management_system *
CVE-2020-7581 HIGH

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
siemens soft_starter_es *
siemens opcenter_execution_foundation *
siemens opcenter_rd&l 8.0
siemens simatic_pcs_neo *
siemens opcenter_execution_process *
siemens opcenter_execution_discrete *
siemens opcenter_intelligence *
siemens simocode_es *
siemens simatic_step_7 *
siemens simatic_step_7 16
siemens simatic_notifier_server *
siemens opcenter_quality *
CVE-2020-7583 MEDIUM

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-863,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2020-7584 MEDIUM

A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-200_smart_sr_cpu_firmware *
siemens simatic_s7-200_smart_st_cpu_firmware *
CVE-2020-7585 MEDIUM

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
siemens simatic_step_7 5.6
siemens simatic_step_7 *
siemens sinamics_starter *
siemens sinamics_starter 5.4
siemens simatic_pcs_7 *
siemens simatic_process_device_manager *
CVE-2020-7586 MEDIUM

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens simatic_step_7 5.6
siemens simatic_step_7 *
siemens sinamics_starter *
siemens sinamics_starter 5.4
siemens simatic_pcs_7 *
siemens simatic_process_device_manager *
CVE-2020-7587 MEDIUM

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens soft_starter_es *
siemens opcenter_execution_foundation *
siemens soft_starter_es 15.1
siemens simatic_pcs_neo 3.0
siemens opcenter_rd&l 8.0
siemens simatic_pcs_neo *
siemens opcenter_execution_process *
siemens opcenter_execution_discrete *
siemens opcenter_intelligence *
siemens simocode_es *
siemens simatic_it_production_suite *
siemens simatic_step_7 *
siemens simatic_step_7 16
siemens simocode_es 15.1
siemens simocode_es 16
siemens simatic_notifier_server *
siemens simatic_it_lms *
siemens simatic_step_7 15.1
siemens opcenter_quality *
CVE-2020-7588 MEDIUM

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens soft_starter_es *
siemens opcenter_execution_foundation *
siemens opcenter_rd&l 8.0
siemens simatic_pcs_neo *
siemens opcenter_execution_process *
siemens opcenter_execution_discrete *
siemens opcenter_intelligence *
siemens simocode_es *
siemens simatic_it_production_suite *
siemens simatic_step_7 *
siemens simatic_step_7 16
siemens simatic_notifier_server *
siemens simatic_it_lms *
siemens opcenter_quality *
CVE-2020-7589 MEDIUM

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
CVE-2020-7590 MEDIUM

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-259,

Products Affected

Vendor Product Version
siemens dca_vantage_analyzer_firmware *
CVE-2020-7591 HIGH

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-603,CWE-287,

Products Affected

Vendor Product Version
siemens siport_mp *
CVE-2020-7592 LOW

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_mobile_panels_2nd_generation_firmware *
siemens simatic_hmi_ktp700f_mobile_arctic_firmware *
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_basic_panels_2nd_generation *
siemens simatic_hmi_basic_panels_1st_generation *
CVE-2020-7593 HIGH

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
siemens logo!_8_bm_firmware 1.82.01
siemens logo!_8_bm_firmware 1.82.02
CVE-2020-7595 MEDIUM

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,CWE-835,

Products Affected

Vendor Product Version
netapp snapdrive -
fedoraproject fedora 30
oracle real_user_experience_insight 13.5.1.0
xmlsoft libxml2 2.9.10
netapp h700s_firmware -
oracle peoplesoft_enterprise_peopletools 8.58
oracle enterprise_manager_ops_center 12.4.0.0
oracle enterprise_manager_base_platform 13.5.0.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
netapp h500e_firmware -
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
oracle mysql_workbench *
netapp h700e_firmware -
canonical ubuntu_linux 14.04
netapp h410s_firmware -
fedoraproject fedora 32
netapp symantec_netbackup -
netapp h500s_firmware -
netapp steelstore_cloud_integrated_storage -
siemens sinema_remote_connect_server *
debian debian_linux 9.0
oracle real_user_experience_insight 13.4.1.0
canonical ubuntu_linux 12.04
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle enterprise_manager_base_platform 13.4.0.0
netapp h410c_firmware -
netapp h300e_firmware -
netapp h300s_firmware -
netapp clustered_data_ontap -
oracle real_user_experience_insight 13.3.1.0
netapp smi-s_provider -
CVE-2020-7774 HIGH

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
oracle graalvm 19.3.5
y18n_project y18n *
oracle graalvm 21.0.0.2
oracle graalvm 20.3.1.2
y18n_project y18n 4.0.0
CVE-2020-7793 MEDIUM

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ua-parser-js_project ua-parser-js *
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2020-8169 MEDIUM

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
splunk universal_forwarder 9.1.0
siemens simatic_tim_1531_irc_firmware *
debian debian_linux 10.0
haxx curl *
CVE-2020-8177 MEDIUM

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-99,CWE-74,

Products Affected

Vendor Product Version
fujitsu m12-2_firmware *
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
fujitsu m12-2s_firmware *
fujitsu m10-4_firmware *
fujitsu m12-1_firmware *
fujitsu m10-4s_firmware *
splunk universal_forwarder 9.1.0
debian debian_linux 10.0
haxx curl *
fujitsu m10-1_firmware *
CVE-2020-8231 MEDIUM

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
splunk universal_forwarder 9.1.0
haxx libcurl *
oracle communications_cloud_native_core_policy 1.14.0
debian debian_linux 10.0
CVE-2020-8265 MEDIUM

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
oracle graalvm 19.3.4
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
oracle graalvm 20.3.0
nodejs node.js *
debian debian_linux 10.0
fedoraproject fedora 32
CVE-2020-8284 MEDIUM

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apple mac_os_x 10.15.7
fujitsu m12-2s_firmware *
apple macos 11.2
netapp hci_storage_node -
oracle communications_billing_and_revenue_management 12.0.0.3.0
apple mac_os_x 10.14.6
debian debian_linux 10.0
oracle peoplesoft_enterprise_peopletools 8.58
splunk universal_forwarder *
apple mac_os_x *
netapp solidfire -
fujitsu m10-4s_firmware *
fedoraproject fedora 32
fujitsu m10-1_firmware *
fujitsu m12-2_firmware *
apple macos 11.0.1
fujitsu m10-4_firmware *
netapp hci_bootstrap_os -
debian debian_linux 9.0
oracle communications_cloud_native_core_policy 1.14.0
haxx curl *
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
fedoraproject fedora 33
fujitsu m12-1_firmware *
netapp clustered_data_ontap -
apple macos 11.1
splunk universal_forwarder 9.1.0
netapp hci_management_node -
CVE-2020-8285 MEDIUM

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-674,CWE-787,

Products Affected

Vendor Product Version
apple mac_os_x 10.15.7
fujitsu m12-2s_firmware *
oracle communications_billing_and_revenue_management 12.0.0.3.0
apple mac_os_x 10.14.6
apple macos *
debian debian_linux 10.0
oracle peoplesoft_enterprise_peopletools 8.58
splunk universal_forwarder *
apple mac_os_x *
netapp solidfire -
fujitsu m10-4s_firmware *
haxx libcurl *
fedoraproject fedora 32
fujitsu m10-1_firmware *
netapp hci_storage_node_firmware -
fujitsu m12-2_firmware *
fujitsu m10-4_firmware *
netapp hci_bootstrap_os -
debian debian_linux 9.0
oracle communications_cloud_native_core_policy 1.14.0
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
fedoraproject fedora 33
fujitsu m12-1_firmware *
netapp clustered_data_ontap -
splunk universal_forwarder 9.1.0
netapp hci_management_node -
CVE-2020-8286 MEDIUM

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
apple mac_os_x 10.15.7
netapp hci_bootstrap_os -
debian debian_linux 9.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
apple mac_os_x 10.14.6
apple macos *
siemens simatic_tim_1531_irc_firmware *
oracle communications_cloud_native_core_policy 1.14.0
debian debian_linux 10.0
oracle peoplesoft_enterprise_peopletools 8.58
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
fedoraproject fedora 33
apple mac_os_x *
netapp solidfire -
netapp clustered_data_ontap -
splunk universal_forwarder 9.1.0
haxx libcurl *
netapp hci_management_node -
fedoraproject fedora 32
netapp hci_storage_node_firmware -
CVE-2020-8287 MEDIUM

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
oracle graalvm 19.3.4
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
oracle graalvm 20.3.0
nodejs node.js *
debian debian_linux 10.0
fedoraproject fedora 32
CVE-2020-8625 MEDIUM

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
isc bind 9.11.27
isc bind 9.11.5
isc bind 9.11.6
debian debian_linux 9.0
isc bind 9.11.3
netapp cloud_backup -
netapp 500f_firmware -
debian debian_linux 10.0
isc bind 9.11.8
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
isc bind 9.17.0
netapp a250_firmware -
isc bind 9.11.7
isc bind 9.16.8
isc bind 9.16.11
fedoraproject fedora 34
isc bind 9.17.1
isc bind *
fedoraproject fedora 32
isc bind 9.11.21
CVE-2020-8670 MEDIUM

Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
siemens simatic_ipc547g_firmware *
siemens simatic_ipc477e_pro_firmware *
siemens simatic_itp1000_firmware *
netapp hci_storage_node_bios -
intel bios -
netapp aff_bios -
netapp cloud_backup -
siemens simatic_ipc477e_firmware *
netapp hci_compute_node_bios -
siemens simatic_ipc527g_firmware *
siemens simatic_ipc627e_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc677e_firmware *
netapp solidfire_bios -
netapp fas_bios -
siemens simatic_ipc427e_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2020-8698 LOW

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-668,

Products Affected

Vendor Product Version
intel microcode -
siemens simatic_ipc477e_pro_firmware *
siemens simatic_itp1000_firmware *
netapp hci_storage_node_bios -
debian debian_linux 9.0
siemens simatic_ipc477e_firmware *
netapp hci_compute_node_bios -
siemens simatic_ipc627e_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc677e_firmware *
netapp solidfire_bios -
netapp clustered_data_ontap -
siemens simatic_ipc427e_firmware *
fedoraproject fedora 31
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2020-8703 MEDIUM

Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_ipc547g_firmware *
siemens simatic_ipc477e_pro_firmware *
siemens simatic_itp1000_firmware *
intel converged_security_and_manageability_engine *
netapp cloud_backup -
siemens simatic_ipc477e_firmware *
siemens simatic_ipc527g_firmware *
siemens simatic_ipc627e_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc677e_firmware *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2020-8704 MEDIUM

Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
siemens simatic_ipc547g_firmware *
siemens simatic_ipc477e_pro_firmware *
siemens simatic_itp1000_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc527g_firmware *
siemens simatic_ipc627e_firmware *
intel local_manageability_service *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc677e_firmware *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2020-8744 MEDIUM

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
intel server_platform_services *
siemens simatic_s7-1500_firmware -
intel trusted_execution_engine *
siemens simatic_s7-1518f-4_pn/dp_mfp_firmware -
intel converged_security_and_management_engine *
siemens simatic_s7-1518-4_pn/dp_mfp_firmware -
CVE-2020-8745 MEDIUM

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_ipc547g_firmware *
siemens simatic_et200sp_1515sp_pc2_firmware *
siemens simatic_itp1000_firmware *
siemens simatic_ipc667e_firmware *
siemens simatic_ipc127e_firmware *
intel converged_security_and_manageability_engine *
siemens sinumerik_one_firmware -
siemens simatic_ipc477e_firmware *
siemens simatic_ipc527g_firmware *
siemens simatic_ipc627e_firmware *
siemens sinumerik_one_ncu_1740_firmware *
siemens sinumerik_mc_mcu_1720_firmware *
siemens simatic_ipc647e_firmware *
siemens sinumerik_one_ppu_1740_firmware *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_drive_controller_firmware *
siemens sinumerik_828d_hw_pu.4_firmware *
siemens simatic_field_pg_m6_firmware -
siemens sinumerik_840d_sl_ht_10_firmware -
intel trusted_execution_technology *
CVE-2020-9272 MEDIUM

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens simatic_net_cp_1545-1_firmware *
opensuse backports_sle 15.0
opensuse leap 15.1
siemens simatic_net_cp_1543-1_firmware *
proftpd proftpd *
CVE-2020-9273 HIGH

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 30
opensuse backports_sle 15.0
opensuse leap 15.1
proftpd proftpd 1.3.7
siemens simatic_net_cp_1545-1_firmware -
debian debian_linux 8.0
debian debian_linux 9.0
fedoraproject fedora 31
siemens simatic_net_cp_1543-1_firmware *
debian debian_linux 10.0
CVE-2020-9327 MEDIUM

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
oracle communications_messaging_server 8.1
oracle outside_in_technology 8.5.5
oracle communications_network_charging_and_control *
oracle outside_in_technology 8.5.4
netapp cloud_backup -
oracle communications_network_charging_and_control 6.0.1
oracle communications_network_charging_and_control 12.0.2
siemens sinec_infrastructure_network_services *
oracle enterprise_manager_ops_center 12.4.0.0
canonical ubuntu_linux 16.04
sqlite sqlite 3.31.1
canonical ubuntu_linux 19.10
canonical ubuntu_linux 18.04
oracle mysql_workbench *
oracle hyperion_infrastructure_technology 11.1.2.4
CVE-2021-20093 MEDIUM

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens sicam_230_firmware *
siemens simit_simulation_platform 10.3
siemens simatic_pcs_neo *
siemens sinema_remote_connect_server *
siemens simit_simulation_platform *
siemens pss_cape -
siemens sinec_infrastructure_network_services *
siemens sinema_remote_connect_server 3.0
siemens simatic_wincc_oa 3.18
siemens simatic_information_server 2019
wibu codemeter *
siemens simatic_wincc_oa 3.17
siemens simatic_information_server 2020
siemens simatic_process_historian 2020
siemens simatic_process_historian *
siemens sinec_infrastructure_network_services 1.0.1
CVE-2021-20094 MEDIUM

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
wibu codemeter *
siemens pss_cape -
siemens sicam_230_firmware -
CVE-2021-22643 MEDIUM

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
luxion keyshot *
luxion keyshot_viewer *
luxion keyvr *
siemens solid_edge_se2021_firmware *
luxion keyshot_network_rendering *
siemens solid_edge_se2020_firmware *
CVE-2021-22645 MEDIUM

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-357,NVD-CWE-Other,

Products Affected

Vendor Product Version
luxion keyshot *
luxion keyshot_viewer *
luxion keyvr *
siemens solid_edge_se2021_firmware *
luxion keyshot_network_rendering *
siemens solid_edge_se2020_firmware *
CVE-2021-22647 MEDIUM

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
luxion keyshot *
luxion keyshot_viewer *
luxion keyvr *
siemens solid_edge_se2021_firmware *
luxion keyshot_network_rendering *
siemens solid_edge_se2020_firmware *
CVE-2021-22649 MEDIUM

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-822,CWE-119,

Products Affected

Vendor Product Version
luxion keyshot *
luxion keyshot_viewer *
luxion keyvr *
siemens solid_edge_se2021_firmware *
luxion keyshot_network_rendering *
siemens solid_edge_se2020_firmware *
CVE-2021-22651 MEDIUM

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
luxion keyshot *
luxion keyshot_viewer *
luxion keyvr *
siemens solid_edge_se2021_firmware *
luxion keyshot_network_rendering *
siemens solid_edge_se2020_firmware *
CVE-2021-22663 MEDIUM

Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens cscape 9.90
hornerautomation cscape *
CVE-2021-22876 MEDIUM

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-359,CWE-200,

Products Affected

Vendor Product Version
broadcom fabric_operating_system -
netapp hci_compute_node -
netapp hci_storage_node -
debian debian_linux 9.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
fedoraproject fedora 33
netapp solidfire -
splunk universal_forwarder 9.1.0
haxx libcurl *
netapp hci_management_node -
fedoraproject fedora 34
fedoraproject fedora 32
CVE-2021-22883 HIGH

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-772,

Products Affected

Vendor Product Version
oracle jd_edwards_enterpriseone_tools *
oracle nosql_database *
oracle graalvm 19.3.5
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
netapp e-series_performance_analyzer -
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
oracle graalvm 21.0.0.2
nodejs node.js *
oracle graalvm 20.3.1.2
oracle mysql_cluster *
fedoraproject fedora 34
fedoraproject fedora 32
CVE-2021-22884 MEDIUM

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-350,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle jd_edwards_enterpriseone_tools *
oracle nosql_database *
oracle graalvm 19.3.5
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
netapp active_iq_unified_manager -
netapp e-series_performance_analyzer -
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
oracle graalvm 21.0.0.2
netapp snapcenter -
nodejs node.js *
oracle graalvm 20.3.1.2
netapp oncommand_workflow_automation -
oracle mysql_cluster *
netapp oncommand_insight -
fedoraproject fedora 34
fedoraproject fedora 32
CVE-2021-22890 MEDIUM

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-300,CWE-290,

Products Affected

Vendor Product Version
broadcom fabric_operating_system -
netapp hci_storage_node -
debian debian_linux 9.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
fedoraproject fedora 33
netapp solidfire -
splunk universal_forwarder 9.1.0
haxx libcurl *
netapp hci_management_node -
fedoraproject fedora 34
fedoraproject fedora 32
CVE-2021-22897 MEDIUM

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-840,CWE-668,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp h700s_firmware -
splunk universal_forwarder *
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp h500e_firmware -
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
netapp h700e_firmware -
netapp hci_compute_node_firmware -
netapp h410s_firmware -
netapp h500s_firmware -
oracle communications_cloud_native_core_network_repository_function 1.15.0
netapp cloud_backup -
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
haxx curl *
netapp h300e_firmware -
siemens sinec_infrastructure_network_services *
netapp h300s_firmware -
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle mysql_server *
splunk universal_forwarder 9.1.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle essbase *
CVE-2021-22898 LOW

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-909,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_network_repository_function 1.15.0
debian debian_linux 9.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
haxx curl *
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle mysql_server *
splunk universal_forwarder 9.1.0
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
fedoraproject fedora 34
oracle essbase *
CVE-2021-22901 MEDIUM

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
netapp solidfire_baseboard_management_controller_firmware -
netapp h700s_firmware -
splunk universal_forwarder *
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp h500e_firmware -
netapp oncommand_workflow_automation -
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
netapp h700e_firmware -
netapp oncommand_insight -
netapp hci_compute_node_firmware -
netapp h410s_firmware -
netapp h500s_firmware -
oracle communications_cloud_native_core_network_repository_function 1.15.0
netapp cloud_backup -
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
haxx curl *
netapp active_iq_unified_manager -
netapp h300e_firmware -
siemens sinec_infrastructure_network_services *
netapp h300s_firmware -
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
netapp snapcenter -
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle mysql_server *
splunk universal_forwarder 9.1.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle essbase *
CVE-2021-22918 MEDIUM

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
nodejs node.js *
CVE-2021-22921 MEDIUM

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
nodejs node.js *
CVE-2021-22922 MEDIUM

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-840,CWE-755,

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp cloud_backup -
netapp h700s_firmware -
haxx curl *
netapp h300e_firmware -
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
netapp solidfire -
netapp h300s_firmware -
netapp clustered_data_ontap -
netapp h500e_firmware -
oracle mysql_server *
splunk universal_forwarder 9.1.0
netapp h700e_firmware -
netapp hci_management_node -
netapp h410s_firmware -
CVE-2021-22923 LOW

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

CVSS 2.0

Severity: LOW

Problem Type: CWE-319,CWE-319,CWE-522,

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp cloud_backup -
netapp h700s_firmware -
haxx curl *
netapp h300e_firmware -
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
netapp solidfire -
netapp h300s_firmware -
netapp clustered_data_ontap -
netapp h500e_firmware -
oracle mysql_server *
splunk universal_forwarder 9.1.0
netapp h700e_firmware -
netapp hci_management_node -
netapp h410s_firmware -
CVE-2021-22924 MEDIUM

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-706,

Products Affected

Vendor Product Version
siemens siplus_net_cp_1543-1_firmware *
siemens scalance_m812-1_firmware *
siemens logo!_cmr2040_firmware *
siemens scalance_m874-3_firmware *
netapp solidfire_&_hci_management_node -
siemens scalance_s615_firmware *
debian debian_linux 11.0
netapp solidfire_baseboard_management_controller_firmware -
debian debian_linux 10.0
siemens simatic_rtu3010c_firmware *
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
splunk universal_forwarder *
siemens simatic_cp_1543-1_firmware *
haxx libcurl *
siemens scalance_mum856-1_firmware *
siemens ruggedcomrm_1224_lte_firmware *
siemens scalance_m804pb_firmware *
oracle peoplesoft_enterprise_peopletools 8.57
siemens sinema_remote_connect_server *
debian debian_linux 9.0
siemens sinema_remote_connect *
siemens simatic_rtu3031c_firmware *
siemens simatic_cp_1545-1_firmware *
netapp cloud_backup -
siemens scalance_m816-1_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_m876-3_firmware *
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
netapp clustered_data_ontap -
oracle mysql_server *
splunk universal_forwarder 9.1.0
siemens logo!_cmr2020_firmware *
siemens simatic_rtu3030c_firmware *
siemens scalance_m826-2_firmware *
siemens simatic_rtu_3041c_firmware *
siemens scalance_m876-4_firmware *
CVE-2021-22925 MEDIUM

curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-908,

Products Affected

Vendor Product Version
apple mac_os_x 10.15.7
apple macos 11.2
apple macos 11.3.1
apple macos 11.2.1
netapp h700s_firmware -
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
splunk universal_forwarder *
netapp solidfire -
netapp h500e_firmware -
netapp h700e_firmware -
apple macos 11.0
netapp h410s_firmware -
apple macos 11.0.1
netapp h500s_firmware -
oracle peoplesoft_enterprise_peopletools 8.57
siemens sinema_remote_connect_server *
netapp cloud_backup -
haxx curl *
apple macos 11.3
netapp h300e_firmware -
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
apple macos 11.4
netapp h300s_firmware -
netapp clustered_data_ontap -
oracle mysql_server *
apple macos 11.1
splunk universal_forwarder 9.1.0
apple macos 11.5
apple macos 11.1.0
netapp hci_management_node -
CVE-2021-22926 MEDIUM

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-840,CWE-295,

Products Affected

Vendor Product Version
netapp h500s_firmware -
oracle peoplesoft_enterprise_peopletools 8.57
netapp h700s_firmware -
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
haxx curl *
netapp active_iq_unified_manager -
netapp h300e_firmware -
splunk universal_forwarder *
siemens sinec_infrastructure_network_services *
netapp solidfire -
netapp h300s_firmware -
netapp snapcenter -
netapp clustered_data_ontap -
netapp h500e_firmware -
oracle mysql_server *
splunk universal_forwarder 9.1.0
netapp oncommand_workflow_automation -
netapp h700e_firmware -
netapp hci_management_node -
netapp oncommand_insight -
netapp h410s_firmware -
CVE-2021-22930 HIGH

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
netapp nextgen_api -
nodejs node.js *
debian debian_linux 10.0
CVE-2021-22931 HIGH

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-170,CWE-20,

Products Affected

Vendor Product Version
oracle graalvm 20.3.3
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
netapp active_iq_unified_manager -
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
netapp nextgen_api -
netapp snapcenter -
nodejs node.js *
netapp oncommand_workflow_automation -
oracle mysql_cluster *
netapp oncommand_insight -
CVE-2021-22939 MEDIUM

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
oracle jd_edwards_enterpriseone_tools *
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
netapp nextgen_api -
oracle graalvm 20.3.3
oracle peoplesoft_enterprise_peopletools 8.57
nodejs node.js *
oracle mysql_cluster *
debian debian_linux 10.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
CVE-2021-22940 MEDIUM

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
oracle jd_edwards_enterpriseone_tools *
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
netapp nextgen_api -
oracle graalvm 20.3.3
oracle peoplesoft_enterprise_peopletools 8.57
nodejs node.js *
debian debian_linux 10.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
CVE-2021-22945 MEDIUM

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,CWE-415,CWE-415,

Products Affected

Vendor Product Version
netapp h500s_firmware -
debian debian_linux 11.0
netapp solidfire_baseboard_management_controller_firmware -
siemens sinec_ins *
apple macos *
netapp cloud_backup -
netapp h700s_firmware -
netapp h300e_firmware -
splunk universal_forwarder *
fedoraproject fedora 33
fedoraproject fedora 35
netapp h300s_firmware -
netapp clustered_data_ontap -
netapp h500e_firmware -
oracle mysql_server *
splunk universal_forwarder 9.1.0
haxx libcurl *
netapp h700e_firmware -
netapp h410s_firmware -
CVE-2021-22946 MEDIUM

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-325,CWE-319,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle communications_cloud_native_core_network_repository_function 22.1.0
debian debian_linux 11.0
netapp solidfire_baseboard_management_controller_firmware -
apple macos *
debian debian_linux 10.0
netapp h700s_firmware -
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
splunk universal_forwarder *
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_console 22.2.0
netapp h500e_firmware -
netapp oncommand_workflow_automation -
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
netapp h700e_firmware -
netapp oncommand_insight -
netapp h410s_firmware -
netapp h500s_firmware -
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle peoplesoft_enterprise_peopletools 8.57
debian debian_linux 9.0
netapp cloud_backup -
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
haxx curl *
netapp h300e_firmware -
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
fedoraproject fedora 35
netapp h300s_firmware -
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
netapp snapcenter -
oracle commerce_guided_search 11.3.2
netapp clustered_data_ontap -
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle mysql_server *
splunk universal_forwarder 9.1.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
CVE-2021-22947 MEDIUM

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,CWE-345,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_binding_support_function 22.1.3
debian debian_linux 11.0
netapp solidfire_baseboard_management_controller_firmware -
apple macos *
debian debian_linux 10.0
netapp h700s_firmware -
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
splunk universal_forwarder *
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_console 22.2.0
netapp h500e_firmware -
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
netapp h700e_firmware -
netapp h410s_firmware -
netapp h500s_firmware -
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle peoplesoft_enterprise_peopletools 8.57
debian debian_linux 9.0
netapp cloud_backup -
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
haxx curl *
netapp h300e_firmware -
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
fedoraproject fedora 35
netapp h300s_firmware -
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle commerce_guided_search 11.3.2
netapp clustered_data_ontap -
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle mysql_server *
splunk universal_forwarder 9.1.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle communications_cloud_native_core_network_repository_function 22.1.2
CVE-2021-23337 MEDIUM

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
report@snyk.io 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_policy 1.11.0
oracle jd_edwards_enterpriseone_tools *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle communications_services_gatekeeper 7.0
oracle banking_credit_facilities_process_management 14.5.0
oracle banking_supply_chain_finance 14.3.0
siemens sinec_ins *
oracle enterprise_communications_broker 3.2.0
lodash lodash *
oracle peoplesoft_enterprise_peopletools 8.58
oracle banking_corporate_lending_process_management 14.3.0
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_unifier *
oracle banking_extensibility_workbench 14.5.0
oracle communications_design_studio 7.4.2.0.0
oracle primavera_gateway *
netapp system_manager 9.0
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle banking_supply_chain_finance 14.5.0
oracle communications_session_border_controller 8.4
oracle banking_corporate_lending_process_management 14.5.0
siemens sinec_ins 1.0
oracle banking_trade_finance_process_management 14.5.0
oracle banking_trade_finance_process_management 14.2.0
oracle banking_extensibility_workbench 14.2.0
oracle primavera_unifier 19.12
oracle banking_credit_facilities_process_management 14.2.0
oracle primavera_unifier 20.12
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle banking_corporate_lending_process_management 14.2.0
oracle banking_credit_facilities_process_management 14.3.0
oracle communications_cloud_native_core_binding_support_function 1.9.0
oracle communications_session_border_controller 9.0
netapp active_iq_unified_manager -
oracle banking_trade_finance_process_management 14.3.0
oracle health_sciences_data_management_workbench 2.5.2.1
netapp cloud_manager -
oracle primavera_unifier 18.8
oracle banking_extensibility_workbench 14.3.0
oracle banking_supply_chain_finance 14.2.0
oracle enterprise_communications_broker 3.3.0
oracle health_sciences_data_management_workbench 3.0.0.0
CVE-2021-23362 MEDIUM

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1333,

Products Affected

Vendor Product Version
npmjs hosted-git-info *
siemens sinec_infrastructure_network_services *
CVE-2021-23839 MEDIUM

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
oracle graalvm 19.3.5
oracle enterprise_manager_for_storage_management 13.4.0.0
oracle business_intelligence 12.2.1.4.0
oracle business_intelligence 5.9.0.0.0
siemens sinec_ins *
oracle jd_edwards_world_security a9.4
oracle enterprise_manager_ops_center 12.4.0.0
oracle graalvm 21.0.0.2
openssl openssl *
siemens sinec_ins 1.0
oracle business_intelligence 5.5.0.0.0
oracle graalvm 20.3.1.2
oracle business_intelligence 12.2.1.3.0
CVE-2021-23841 MEDIUM

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
apple safari *
oracle zfs_storage_appliance_kit 8.8
oracle graalvm 19.3.5
siemens sinec_ins *
apple macos *
debian debian_linux 10.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle enterprise_manager_ops_center 12.4.0.0
oracle communications_cloud_native_core_policy 1.15.0
oracle graalvm 21.0.0.2
siemens sinec_ins 1.0
oracle graalvm 20.3.1.2
netapp oncommand_workflow_automation -
netapp oncommand_insight -
tenable tenable.sc *
oracle peoplesoft_enterprise_peopletools 8.57
tenable nessus_network_monitor 5.11.1
apple iphone_os *
oracle enterprise_manager_for_storage_management 13.4.0.0
oracle business_intelligence 12.2.1.4.0
oracle business_intelligence 5.9.0.0.0
tenable nessus_network_monitor 5.13.0
oracle jd_edwards_world_security a9.4
apple ipados *
tenable nessus_network_monitor 5.11.0
oracle essbase 21.2
netapp snapcenter -
openssl openssl *
tenable nessus_network_monitor 5.12.1
oracle business_intelligence 5.5.0.0.0
oracle mysql_server *
oracle business_intelligence 12.2.1.3.0
oracle mysql_enterprise_monitor *
tenable nessus_network_monitor 5.12.0
CVE-2021-25143 MEDIUM

A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25144 HIGH

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25145 LOW

A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25146 HIGH

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25148 HIGH

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25149 HIGH

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25150 HIGH

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25155 HIGH

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25156 MEDIUM

A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25157 MEDIUM

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25158 MEDIUM

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25159 HIGH

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25160 MEDIUM

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25161 MEDIUM

A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25162 HIGH

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware *
CVE-2021-25173 MEDIUM

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
opendesign drawings_software_development_kit *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-25174 MEDIUM

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opendesign drawings_software_development_kit *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-25175 MEDIUM

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-704,

Products Affected

Vendor Product Version
opendesign drawings_software_development_kit *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-25176 MEDIUM

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
opendesign drawings_software_development_kit *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-25177 MEDIUM

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-843,

Products Affected

Vendor Product Version
opendesign drawings_software_development_kit *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-25178 MEDIUM

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opendesign drawings_software_development_kit *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-25214 MEDIUM

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security-officer@isc.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.11.27
isc bind 9.11.29
isc bind 9.11.3
isc bind 9.10.5
debian debian_linux 10.0
netapp h700s_firmware -
isc bind 9.11.8
isc bind 9.11.7
netapp aff_a250_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
fedoraproject fedora 34
netapp h410s_firmware -
isc bind 9.10.7
netapp h500s_firmware -
isc bind 9.11.5
isc bind 9.11.6
isc bind 9.11.12
debian debian_linux 9.0
netapp cloud_backup -
netapp active_iq_unified_manager -
isc bind 9.9.3
netapp h300e_firmware -
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
netapp h300s_firmware -
isc bind 9.9.12
isc bind 9.16.8
netapp aff_500f_firmware -
isc bind 9.9.13
isc bind 9.16.11
isc bind *
isc bind 9.16.13
isc bind 9.11.21
CVE-2021-25215 MEDIUM

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.11.27
oracle tekelec_platform_distribution *
isc bind 9.11.29
isc bind 9.11.3
isc bind 9.10.5
netapp 500f_firmware -
debian debian_linux 10.0
netapp h700s_firmware -
isc bind 9.11.8
netapp a250_firmware -
isc bind 9.11.7
netapp h500e_firmware -
netapp h700e_firmware -
fedoraproject fedora 34
netapp h410s_firmware -
isc bind 9.10.7
netapp h500s_firmware -
isc bind 9.11.5
isc bind 9.11.6
isc bind 9.11.12
debian debian_linux 9.0
netapp cloud_backup -
netapp active_iq_unified_manager -
isc bind 9.9.3
netapp h300e_firmware -
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
netapp h300s_firmware -
isc bind 9.9.12
isc bind 9.16.8
isc bind 9.9.13
isc bind 9.16.11
isc bind *
isc bind 9.16.13
isc bind 9.11.21
CVE-2021-25216 MEDIUM

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
isc bind 9.11.27
isc bind 9.11.29
isc bind 9.11.3
isc bind 9.10.5
debian debian_linux 10.0
netapp h700s_firmware -
isc bind 9.11.8
isc bind 9.11.7
netapp aff_a250_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h410s_firmware -
isc bind 9.10.7
netapp h500s_firmware -
isc bind 9.11.5
isc bind 9.11.6
isc bind 9.11.12
debian debian_linux 9.0
netapp cloud_backup -
netapp active_iq_unified_manager -
isc bind 9.9.3
netapp h300e_firmware -
siemens sinec_infrastructure_network_services *
netapp h300s_firmware -
isc bind 9.9.12
isc bind 9.16.8
netapp aff_500f_firmware -
isc bind 9.9.13
isc bind 9.16.11
isc bind *
isc bind 9.16.13
isc bind 9.11.21
CVE-2021-25217 LOW

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0
security-officer@isc.org 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
isc dhcp 4.1-esv
netapp solidfire_&_hci_management_node -
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1400_firmware *
debian debian_linux 9.0
siemens sinec_ins *
netapp ontap_select_deploy_administration_utility -
siemens ruggedcom_rox_rx1501_firmware *
fedoraproject fedora 33
isc dhcp *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens sinec_ins 1.0
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx5000_firmware *
fedoraproject fedora 34
CVE-2021-25219 MEDIUM

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
isc bind 9.11.27
debian debian_linux 11.0
isc bind 9.11.29
isc bind 9.11.3
isc bind 9.10.5
debian debian_linux 10.0
netapp h700s_firmware -
isc bind 9.11.8
isc bind 9.11.7
netapp h500e_firmware -
oracle http_server 12.2.1.4.0
netapp h700e_firmware -
fedoraproject fedora 34
netapp h410s_firmware -
isc bind 9.10.7
oracle http_server 12.2.1.3.0
isc bind 9.11.35
netapp h500s_firmware -
isc bind 9.11.5
isc bind 9.11.6
isc bind 9.11.12
debian debian_linux 9.0
netapp cloud_backup -
isc bind 9.9.3
netapp h410c_firmware -
netapp h300e_firmware -
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
fedoraproject fedora 35
netapp h300s_firmware -
isc bind 9.9.12
isc bind 9.16.8
isc bind 9.9.13
isc bind 9.16.11
isc bind *
isc bind 9.16.13
isc bind 9.11.21
isc bind 9.16.21
CVE-2021-25220 MEDIUM

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
juniper junos 19.3
juniper junos 21.1
siemens sinec_ins *
juniper junos 20.3
netapp baseboard_management_controller_h300e_firmware -
juniper junos 21.2
juniper junos 22.1
netapp h700s_firmware -
netapp baseboard_management_controller_h300s_firmware -
siemens sinec_ins 1.0
netapp h500e_firmware -
netapp h700e_firmware -
netapp baseboard_management_controller_h410s_firmware -
netapp baseboard_management_controller_h410c_firmware -
fedoraproject fedora 34
netapp h410s_firmware -
juniper junos 21.4
juniper junos 22.2
netapp baseboard_management_controller_h700s_firmware -
netapp baseboard_management_controller_h500s_firmware -
netapp baseboard_management_controller_h500e_firmware -
netapp h500s_firmware -
juniper junos 19.4
juniper junos *
juniper junos 20.2
netapp h410c_firmware -
netapp h300e_firmware -
fedoraproject fedora 35
netapp h300s_firmware -
fedoraproject fedora 36
juniper junos 21.3
isc bind *
juniper junos 20.4
netapp baseboard_management_controller_h700e_firmware -
CVE-2021-25659 MEDIUM

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens automation_license_manager *
CVE-2021-25660 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-788,CWE-119,

Products Affected

Vendor Product Version
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_comfort_panels_22"_firmware 15.1
siemens simatic_hmi_comfort_panels_22"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 15.1
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 16
siemens simatic_hmi_comfort_panels_4"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 16
siemens simatic_hmi_comfort_panels_22"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 16
siemens simatic_wincc_runtime_advanced 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 16
siemens simatic_wincc_runtime_advanced 16
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2021-25661 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-788,

Products Affected

Vendor Product Version
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_comfort_panels_22"_firmware 15.1
siemens simatic_hmi_comfort_panels_22"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 15.1
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 16
siemens simatic_hmi_comfort_panels_4"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 16
siemens simatic_hmi_comfort_panels_22"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 16
siemens simatic_wincc_runtime_advanced 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 16
siemens simatic_wincc_runtime_advanced 16
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2021-25662 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens simatic_hmi_comfort_panels_22"_firmware 15.1
siemens simatic_hmi_comfort_panels_22"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 15.1
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 16
siemens simatic_hmi_comfort_panels_4"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 16
siemens simatic_hmi_comfort_panels_22"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 16
siemens simatic_wincc_runtime_advanced 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 16
siemens simatic_wincc_runtime_advanced 16
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2021-25663 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,CWE-835,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens nucleus_source_code -
siemens nucleus_readystart *
siemens capital_vstar -
CVE-2021-25664 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
siemens nucleus_source_code -
siemens nucleus_readystart_v3 *
siemens capital_vstar -
siemens nucleus_readystart_v4 *
siemens nucleus_net -
CVE-2021-25665 MEDIUM

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13700)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_star-ccm+ *
CVE-2021-25666 LOW

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-770,

Products Affected

Vendor Product Version
siemens scalance_w780_firmware *
siemens scalance_w740_firmware *
CVE-2021-25667 MEDIUM

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens scalance_x300wg_firmware *
siemens scalance_m-800_firmware *
siemens scalance_s615_firmware *
siemens scalance_xr500_firmware *
siemens scalance_xb-200_firmware *
siemens scalance_sc642-2c_firmware *
siemens scalance_xp-200_firmware *
siemens scalance_sc622-2c_firmware *
siemens scalance_xm400_firmware *
siemens scalance_sc646-2c_firmware *
siemens ruggedcom_rm1224_firmware *
siemens scalance_xc-200_firmware *
siemens scalance_sc636-2c_firmware *
siemens scalance_sc632-2c_firmware *
siemens scalance_xf-200ba_firmware *
CVE-2021-25668 HIGH

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens scalance_x204-2ld_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x204-2fm_firmware *
siemens scalance_x212-2ld_firmware *
siemens scalance_x200-4p_irt_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x208_firmware *
siemens scalance_x208pro_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x212-2_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_xf204_firmware *
siemens scalance_x204-2ts_firmware *
siemens scalance_x206-1ld_firmware *
siemens scalance_x204_irt_firmware *
siemens scalance_xf208_firmware *
siemens scalance_x202-2p_irt_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_x224_firmware *
siemens scalance_x204_irt_pro_firmware *
siemens scalance_xf204_irt_firmware *
siemens scalance_x204-2_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x202-2_irt_firmware *
siemens scalance_x204-2ld_ts_firmware *
siemens scalance_x216_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x206-1_firmware *
CVE-2021-25669 HIGH

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens scalance_x204-2ld_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x204-2fm_firmware *
siemens scalance_x212-2ld_firmware *
siemens scalance_x200-4p_irt_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x208_firmware *
siemens scalance_x208pro_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x212-2_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_xf204_firmware *
siemens scalance_x204-2ts_firmware *
siemens scalance_x206-1ld_firmware *
siemens scalance_x204_irt_firmware *
siemens scalance_xf208_firmware *
siemens scalance_x202-2p_irt_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_x224_firmware *
siemens scalance_x204_irt_pro_firmware *
siemens scalance_xf204_irt_firmware *
siemens scalance_x204-2_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x202-2_irt_firmware *
siemens scalance_x204-2ld_ts_firmware *
siemens scalance_x216_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x206-1_firmware *
CVE-2021-25670 MEDIUM

A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12608)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens tecnomatix_robotexpert *
CVE-2021-25671 LOW

A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). Sending specially crafted ARP packets to an affected device could cause a partial denial-of-service, preventing the device to operate normally. A restart is needed to restore normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-770,

Products Affected

Vendor Product Version
siemens rwg1.m8_firmware *
siemens rwg1.m12_firmware *
siemens rwg1.m12d_firmware *
CVE-2021-25673 MEDIUM

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, the application could enter an infinite loop, become unresponsive and must be restarted to restore the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
siemens simatic_s7-plcsim *
CVE-2021-25674 LOW

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens simatic_s7-plcsim 5.4
CVE-2021-25675 LOW

A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-369,

Products Affected

Vendor Product Version
siemens simatic_s7-plcsim 5.4
CVE-2021-25676 MEDIUM

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
siemens scalance_sc-600_firmware *
siemens scalance_m-800_firmware 6.3
siemens ruggedcom_rm1224_firmware 6.3
siemens scalance_s615_firmware 6.3
CVE-2021-25677 MEDIUM

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens nucleus_source_code -
siemens nucleus_readystart_v3 *
siemens simotics_connect_400_firmware *
siemens nucleus_readystart_v4 *
CVE-2021-25678 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge_se2020 *
siemens solid_edge_se2021 *
CVE-2021-27290 MEDIUM

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ssri_project ssri *
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
oracle graalvm 20.3.3
CVE-2021-27380 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2020
siemens solid_edge *
siemens solid_edge se2021
CVE-2021-27381 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2021
CVE-2021-27382 MEDIUM

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge_se2020 *
siemens solid_edge_se2021 *
CVE-2021-27383 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens sinamics_gh150_firmware *
siemens simatic_hmi_comfort_panels_22"_firmware 15.1
siemens simatic_hmi_comfort_panels_22"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens sinamics_gl150_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 15.1
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 16
siemens simatic_hmi_comfort_panels_4"_firmware 16
siemens sinamics_gm150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 16
siemens sinamics_sh150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 16
siemens simatic_hmi_comfort_panels_22"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens sinamics_sl150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 16
siemens simatic_wincc_runtime_advanced 15.1
siemens sinamics_sm120_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens sinamics_sm150_firmware *
siemens simatic_hmi_comfort_panels_4"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 16
siemens simatic_wincc_runtime_advanced 16
siemens sinamics_sm150i_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2021-27384 HIGH

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-788,

Products Affected

Vendor Product Version
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens sinamics_gh150_firmware *
siemens simatic_hmi_comfort_panels_22"_firmware 15.1
siemens simatic_hmi_comfort_panels_22"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens sinamics_gl150_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 15.1
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 16
siemens simatic_hmi_comfort_panels_4"_firmware 16
siemens sinamics_gm150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 16
siemens sinamics_sh150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 16
siemens simatic_hmi_comfort_panels_22"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens sinamics_sl150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 16
siemens simatic_wincc_runtime_advanced 15.1
siemens sinamics_sm120_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens sinamics_sm150_firmware *
siemens simatic_hmi_comfort_panels_4"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 16
siemens simatic_wincc_runtime_advanced 16
siemens sinamics_sm150i_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2021-27385 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-835,

Products Affected

Vendor Product Version
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens sinamics_gh150_firmware *
siemens simatic_hmi_comfort_panels_22"_firmware 15.1
siemens simatic_hmi_comfort_panels_22"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens sinamics_gl150_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 15.1
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 16
siemens simatic_hmi_comfort_panels_4"_firmware 16
siemens sinamics_gm150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 16
siemens sinamics_sh150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 16
siemens simatic_hmi_comfort_panels_22"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens sinamics_sl150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 16
siemens simatic_wincc_runtime_advanced 15.1
siemens sinamics_sm120_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens sinamics_sm150_firmware *
siemens simatic_hmi_comfort_panels_4"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 16
siemens simatic_wincc_runtime_advanced 16
siemens sinamics_sm150i_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2021-27386 MEDIUM

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,CWE-401,

Products Affected

Vendor Product Version
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware *
siemens sinamics_gh150_firmware *
siemens simatic_hmi_comfort_panels_22"_firmware 15.1
siemens simatic_hmi_comfort_panels_22"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware *
siemens sinamics_gl150_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 15.1
siemens simatic_wincc_runtime_advanced *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware 16
siemens simatic_hmi_comfort_panels_4"_firmware 16
siemens sinamics_gm150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 16
siemens sinamics_sh150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 16
siemens simatic_hmi_comfort_panels_22"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1
siemens sinamics_sl150_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1
siemens simatic_hmi_comfort_panels_4"_firmware 15.1
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 16
siemens simatic_wincc_runtime_advanced 15.1
siemens sinamics_sm120_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1
siemens sinamics_sm150_firmware *
siemens simatic_hmi_comfort_panels_4"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware *
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 16
siemens simatic_wincc_runtime_advanced 16
siemens sinamics_sm150i_firmware *
siemens simatic_hmi_comfort_outdoor_panels_7"_firmware *
siemens simatic_hmi_comfort_outdoor_panels_15"_firmware 16
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1
CVE-2021-27387 MEDIUM

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27399. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12819)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap *
siemens simcenter_femap 2021.1
CVE-2021-27388 HIGH

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens sinamics_sm150_firmware *
siemens sinamics_sl150_firmware *
siemens sinamics_sm150i_firmware *
CVE-2021-27389 HIGH

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-321,

Products Affected

Vendor Product Version
siemens qms_automotive *
siemens opcenter_quality *
CVE-2021-27390 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (All versions < V13.1.0.3). The TIFF_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13131)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-27391 HIGH

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
siemens talon_tc_modular_(bacnet)_firmware *
siemens apogee_pxc_bacnet_automation_controller_firmware *
siemens apogee_pxc_modular_(p2_ethernet)_firmware *
siemens apogee_mec_(ppc)_(p2_ethernet)_firmware *
siemens talon_tc_compact_(bacnet)_firmware *
siemens apogee_mbc_(ppc)_(p2_ethernet)_firmware *
siemens apogee_pxc_modular_(bacnet)_firmware *
siemens apogee_pxc_compact_(p2_ethernet)_firmware *
CVE-2021-27392 MEDIUM

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
siemens siveillance_video_open_network_bridge 2018
siemens siveillance_video_open_network_bridge 2020
siemens siveillance_video_open_network_bridge 2019
CVE-2021-27393 MEDIUM

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
siemens nucleus_net *
siemens nucleus_source_code -
siemens nucleus_readystart_v3 *
CVE-2021-27395 MEDIUM

A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions < SP3 Update 6), SIMATIC Process Historian 2019 (All versions), SIMATIC Process Historian 2020 (All versions). An interface in the software that is used for critical functionalities lacks authentication, which could allow a malicious user to maliciously insert, modify or delete data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
siemens simatic_process_historian_2013 *
siemens simatic_process_historian_2014 -
siemens simatic_process_historian_2020 *
siemens simatic_process_historian_2019 *
CVE-2021-27396 MEDIUM

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27398. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13279)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2021-27397 MEDIUM

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2021-27398 MEDIUM

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a stack based buffer overflow, a different vulnerability than CVE-2021-27396. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13290)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2021-27399 MEDIUM

A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcenter Femap 2021.1 (All versions < V2021.1.MP3). The femap.exe application lacks proper validation of user-supplied data when parsing FEMAP files. This could result in an out of bounds write past the end of an allocated structure, a different vulnerability than CVE-2021-27387. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12820)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap *
siemens simcenter_femap 2021.1
CVE-2021-27488 MEDIUM

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
luxion keyshot *
siemens solid_edge_se2021_firmware *
datakit crosscadware *
siemens solid_edge_se2020_firmware *
CVE-2021-27490 MEDIUM

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
luxion keyshot *
siemens solid_edge_se2021_firmware *
datakit crosscadware *
siemens solid_edge_se2020_firmware *
CVE-2021-27492 MEDIUM

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
luxion keyshot *
siemens solid_edge_se2021_firmware *
datakit crosscadware *
siemens solid_edge_se2020_firmware *
CVE-2021-27494 MEDIUM

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing STP files. This could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,

Products Affected

Vendor Product Version
luxion keyshot *
siemens solid_edge_se2021_firmware *
datakit crosscadware *
siemens solid_edge_se2020_firmware *
CVE-2021-27496 MEDIUM

Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-822,NVD-CWE-Other,

Products Affected

Vendor Product Version
luxion keyshot *
siemens solid_edge_se2021_firmware *
datakit crosscadware *
siemens solid_edge_se2020_firmware *
CVE-2021-29998 HIGH

An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_rf_182c_firmware *
siemens scalance_x204-2ld_firmware *
siemens scalance_x408_firmware *
siemens scalance_x200-4_p_irt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x204-2fm_firmware *
siemens scalance_x212-2ld_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x208_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x212-2_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_xf204_firmware *
siemens scalance_x204-2ts_firmware *
siemens scalance_x206-1ld_firmware *
siemens scalance_x204_irt_firmware *
siemens scalance_xf208_firmware *
siemens scalance_x202-2p_irt_firmware *
siemens scalance_x208_pro_firmware *
siemens sinamics_perfect_harmony_gh180_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_x224_firmware *
siemens scalance_x204_irt_pro_firmware *
siemens simatic_rf_181_eip_firmware *
siemens scalance_xf204_irt_firmware *
siemens ruggedcom_win_subscriber_station_firmware *
siemens scalance_x300_firmware *
siemens scalance_x204-2_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x202-2_irt_firmware *
windriver vxworks *
siemens scalance_x204-2ld_ts_firmware *
siemens scalance_x216_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x206-1_firmware *
CVE-2021-31337 MEDIUM

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
siemens sinamics_sm150_firmware *
siemens sinamics_sl150_firmware *
siemens sinamics_sm150i_firmware *
CVE-2021-31338 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-15,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_remote_connect 3.0
siemens sinema_remote_connect *
CVE-2021-31340 MEDIUM

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_reader_rf680r_etsi_firmware *
siemens simatic_rf188ci_firmware *
siemens simatic_rf166c_firmware *
siemens simatic_rf188c_firmware *
siemens simatic_rf186ci_firmware *
siemens simatic_reader_rf680r_arib_firmware *
siemens simatic_reader_rf685r_arib_firmware *
siemens simatic_rf360r_firmware *
siemens simatic_reader_rf685r_fcc_firmware *
siemens simatic_reader_rf680r_cmiit_firmware *
siemens simatic_reader_rf650r_arib_firmware *
siemens simatic_rf185c_firmware *
siemens simatic_reader_rf680r_fcc_firmware *
siemens simatic_reader_rf685r_cmiit_firmware *
siemens simatic_reader_rf610r_cmiit_firmware *
siemens simatic_reader_rf610r_etsi_firmware *
siemens simatic_reader_rf650r_etsi_firmware *
siemens simatic_reader_rf650r_cmiit_firmware *
siemens simatic_reader_rf610r_fcc_firmware *
siemens simatic_reader_rf615r_etsi_firmware *
siemens simatic_reader_rf650r_fcc_firmware *
siemens simatic_reader_rf685r_etsi_firmware *
siemens simatic_reader_rf615r_cmiit_firmware *
siemens simatic_rf186c_firmware *
siemens simatic_reader_rf615r_fcc_firmware *
CVE-2021-31342 MEDIUM

The ugeom2d.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge_se2021_firmware *
siemens solid_edge_se2020_firmware *
CVE-2021-31343 MEDIUM

The jutil.dll library in all versions of Solid Edge SE2020 before 2020MP14 and all versions of Solid Edge SE2021 before SE2021MP5 lack proper validation of user-supplied data when parsing DFT files. This could result in an out-of-bounds write past the end of an allocation structure. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge_se2021_firmware *
siemens solid_edge_se2020_firmware *
CVE-2021-31344 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-843,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens nucleus_readystart_v4 *
siemens apogee_pxc_modular_firmware *
CVE-2021-31345 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1284,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
CVE-2021-31346 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1284,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens nucleus_readystart_v4 *
siemens apogee_pxc_modular_firmware *
CVE-2021-31401 MEDIUM

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens sentron_3wl_com35_firmware *
hcc-embedded nichestack *
siemens sentron_3wa_com190_firmware *
CVE-2021-31784 MEDIUM

An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens comos *
CVE-2021-31881 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
CVE-2021-31882 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
CVE-2021-31883 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
CVE-2021-31884 HIGH

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-170,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens apogee_pxc_compact_firmware *
siemens desigo_pxc50-e.d_firmware *
siemens desigo_pxc100-e.d_firmware *
siemens desigo_pxc22.1-e.d_firmware *
siemens desigo_pxc128-u_firmware *
siemens apogee_modular_building_controller_firmware *
siemens desigo_pxc200-e.d_firmware *
siemens desigo_pxc64-u_firmware *
siemens desigo_pxc36.1-e.d_firmware *
siemens capital_vstar -
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
siemens desigo_pxc001-e.d_firmware *
siemens talon_tc_modular_firmware *
siemens desigo_pxc22-e.d_firmware *
siemens desigo_pxc12-e.d_firmware *
siemens nucleus_source_code *
siemens desigo_pxc00-e.d_firmware *
siemens desigo_pxc00-u_firmware *
siemens desigo_pxm20-e_firmware *
siemens nucleus_readystart_v3 *
CVE-2021-31885 MEDIUM

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-805,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens nucleus_readystart_v4 *
siemens apogee_pxc_modular_firmware *
CVE-2021-31886 HIGH

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)

CVSS 2.0

Severity: HIGH

Problem Type: CWE-170,CWE-787,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens apogee_pxc_compact_firmware *
siemens desigo_pxc50-e.d_firmware *
siemens desigo_pxc100-e.d_firmware *
siemens desigo_pxc22.1-e.d_firmware *
siemens desigo_pxc128-u_firmware *
siemens apogee_modular_building_controller_firmware *
siemens desigo_pxc200-e.d_firmware *
siemens desigo_pxc64-u_firmware *
siemens desigo_pxc36.1-e.d_firmware *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
siemens desigo_pxc001-e.d_firmware *
siemens talon_tc_modular_firmware *
siemens desigo_pxc22-e.d_firmware *
siemens desigo_pxc12-e.d_firmware *
siemens nucleus_source_code *
siemens desigo_pxc00-e.d_firmware *
siemens desigo_pxc00-u_firmware *
siemens desigo_pxm20-e_firmware *
siemens nucleus_readystart_v3 *
CVE-2021-31887 MEDIUM

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-170,CWE-787,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens apogee_pxc_compact_firmware *
siemens desigo_pxc50-e.d_firmware *
siemens desigo_pxc100-e.d_firmware *
siemens desigo_pxc22.1-e.d_firmware *
siemens desigo_pxc128-u_firmware *
siemens apogee_modular_building_controller_firmware *
siemens desigo_pxc200-e.d_firmware *
siemens desigo_pxc64-u_firmware *
siemens desigo_pxc36.1-e.d_firmware *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
siemens desigo_pxc001-e.d_firmware *
siemens talon_tc_modular_firmware *
siemens desigo_pxc22-e.d_firmware *
siemens desigo_pxc12-e.d_firmware *
siemens nucleus_source_code *
siemens desigo_pxc00-e.d_firmware *
siemens desigo_pxc00-u_firmware *
siemens desigo_pxm20-e_firmware *
siemens nucleus_readystart_v3 *
CVE-2021-31888 MEDIUM

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-170,CWE-787,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens apogee_pxc_compact_firmware *
siemens desigo_pxc50-e.d_firmware *
siemens desigo_pxc100-e.d_firmware *
siemens desigo_pxc22.1-e.d_firmware *
siemens desigo_pxc128-u_firmware *
siemens apogee_modular_building_controller_firmware *
siemens desigo_pxc200-e.d_firmware *
siemens desigo_pxc64-u_firmware *
siemens desigo_pxc36.1-e.d_firmware *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
siemens desigo_pxc001-e.d_firmware *
siemens talon_tc_modular_firmware *
siemens desigo_pxc22-e.d_firmware *
siemens desigo_pxc12-e.d_firmware *
siemens nucleus_source_code *
siemens desigo_pxc00-e.d_firmware *
siemens desigo_pxc00-u_firmware *
siemens desigo_pxm20-e_firmware *
siemens nucleus_readystart_v3 *
CVE-2021-31889 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-191,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
CVE-2021-31890 MEDIUM

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-240,

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens talon_tc_modular_firmware *
siemens apogee_pxc_compact_firmware *
siemens capital_vstar *
siemens nucleus_source_code *
siemens apogee_modular_building_controller_firmware *
siemens nucleus_readystart_v3 *
siemens apogee_modular_equiment_controller_firmware *
siemens nucleus_readystart_v4 *
siemens apogee_pxc_modular_firmware *
CVE-2021-31891 HIGH

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
siemens siveillance_control_pro *
siemens gma-manager *
siemens siveillance_control *
siemens desigo_cc *
siemens operation_scheduler *
CVE-2021-31892 MEDIUM

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
siemens sinumerik_analyse_mycondition_firmware -
siemens sinumerik_operate_firmware 4.94
siemens sinumerik_manage_mymachines_firmware -
siemens sinumerik_integrate_for_production_firmware 5.1
siemens sinumerik_integrate_client_firmware *
siemens sinumerik_integrate_for_production_firmware *
siemens sinumerik_manage_myprograms_firmware -
siemens sinumerik_operate_firmware 4.8
siemens sinumerik_analyze_myperformance_firmware -
siemens sinumerik_optimize_myprogramming_firmware -
siemens sinumerik_operate_firmware 4.93
siemens sinumerik_manage_myresources_firmware -
siemens sinumerik_manage_mytools_firmware -
siemens sinumerik_operate_firmware *
CVE-2021-31893 HIGH

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
siemens simatic_pcs_firmware 9.0
siemens simatic_pcs_firmware *
siemens simatic_step_7_firmware *
siemens sinamics_starter_firmware 5.4
siemens simatic_pdm_firmware *
siemens sinamics_starter_firmware *
CVE-2021-31894 HIGH

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
siemens simatic_pdm_firmware -
siemens simatic_step_7_firmware *
siemens sinamics_starter_firmware 5.4
siemens simatic_pcs_7_firmware 9.0
siemens simatic_pcs_7_firmware *
siemens sinamics_starter_firmware *
CVE-2021-31895 HIGH

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-787,

Products Affected

Vendor Product Version
siemens ruggedcom_ros_rsg2288 *
siemens ruggedcom_ros_rmc40 *
siemens ruggedcom_ros_rs900g *
siemens ruggedcom_ros_rs940g *
siemens ruggedcom_ros_rsg900 *
siemens ruggedcom_ros_rs910l *
siemens ruggedcom_ros_m969 *
siemens ruggedcom_ros_rsg2300 *
siemens ruggedcom_ros_rs920w *
siemens ruggedcom_ros_m2200 *
siemens ruggedcom_ros_rsg2100p *
siemens ruggedcom_ros_rs900 *
siemens ruggedcom_ros_rmc *
siemens ruggedcom_ros_rs401 *
siemens ruggedcom_ros_m2100 *
siemens ruggedcom_ros_rp110 *
siemens ruggedcom_ros_rs416 *
siemens ruggedcom_ros_rmc30 *
siemens ruggedcom_ros_rst2228 *
siemens ruggedcom_ros_rsg900c *
siemens ruggedcom_ros_rs900gp *
siemens ruggedcom_ros_rsg900r *
siemens ruggedcom_ros_rmc20 *
siemens ruggedcom_ros_rsg2300p *
siemens ruggedcom_ros_rs8000h *
siemens ruggedcom_ros_rs910w *
siemens ruggedcom_ros_rs8000 *
siemens ruggedcom_ros_rs400 *
siemens ruggedcom_ros_rs930w *
siemens ruggedcom_ros_rs969 *
siemens ruggedcom_ros_rsg2200 *
siemens ruggedcom_ros_rmc41 *
siemens ruggedcom_ros_rs910 *
siemens ruggedcom_ros_i800 *
siemens ruggedcom_ros_i801 *
siemens ruggedcom_ros_rmc8388 *
siemens ruggedcom_ros_rs930l *
siemens ruggedcom_ros_i803 *
siemens ruggedcom_ros_rs900w *
siemens ruggedcom_ros_rsg2488 *
siemens ruggedcom_ros_rsl910 *
siemens ruggedcom_ros_rst916c *
siemens ruggedcom_ros_rs8000t *
siemens ruggedcom_ros_rsg920p *
siemens ruggedcom_ros_rst916p *
siemens ruggedcom_ros_rs900l *
siemens ruggedcom_ros_rsg2100 *
siemens ruggedcom_ros_i802 *
siemens ruggedcom_ros_rs416v2 *
siemens ruggedcom_ros_rs920l *
siemens ruggedcom_ros_rs8000a *
siemens ruggedcom_ros_rsg900g *
CVE-2021-32803 MEDIUM

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 1.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-59,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
oracle graalvm 20.3.3
tar_project tar *
CVE-2021-32804 MEDIUM

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example `/home/user/.bashrc` would turn into `home/user/.bashrc`. This logic was insufficient when file paths contained repeated path roots such as `////home/user/.bashrc`. `node-tar` would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. `///home/user/.bashrc`) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.2, 4.4.14, 5.0.6 and 6.1.1. Users may work around this vulnerability without upgrading by creating a custom `onentry` method which sanitizes the `entry.path` or a `filter` method which removes entries with absolute paths. See referenced GitHub Advisory for details. Be aware of CVE-2021-32803 which fixes a similar bug in later versions of tar.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 1.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
oracle graalvm 20.3.3
tar_project tar *
CVE-2021-32936 MEDIUM

An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-32938 MEDIUM

Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-32940 MEDIUM

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-32944 MEDIUM

A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-32946 MEDIUM

An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-32948 MEDIUM

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-32950 MEDIUM

An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-32952 MEDIUM

An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
opendesign drawings_sdk *
siemens teamcenter_visualization *
siemens jt2go *
siemens comos *
CVE-2021-33625 MEDIUM

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_ipc127e_firmware -
siemens simatic_ipc227g_firmware -
siemens ruggedcom_ape1808_firmware -
siemens simatic_field_pg_m5_firmware -
siemens simatic_ipc277g_firmware -
siemens simatic_ipc677e_firmware -
siemens simatic_ipc477e_firmware -
siemens simatic_ipc427e_firmware -
siemens simatic_ipc847e_firmware -
siemens simatic_ipc647e_firmware -
insyde insydeh2o *
netapp fas/aff_bios -
siemens simatic_ipc477e_pro_firmware -
siemens simatic_ipc377g_firmware -
siemens simatic_field_pg_m6_firmware -
siemens simatic_itp1000_firmware -
siemens simatic_ipc627e_firmware -
siemens simatic_ipc327g_firmware -
CVE-2021-33626 MEDIUM

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-829,

Products Affected

Vendor Product Version
siemens ruggedcom_apr1808_firmware -
siemens simatic_ipc127e_firmware -
siemens simatic_ipc227g_firmware -
siemens simatic_field_pg_m5_firmware -
siemens simatic_ipc277g_firmware -
siemens simatic_ipc677e_firmware -
siemens simatic_ipc477e_firmware -
siemens simatic_ipc427e_firmware -
siemens simatic_ipc847e_firmware -
siemens simatic_ipc647e_firmware -
insyde insydeh2o *
siemens simatic_ipc477e_pro_firmware -
siemens simatic_ipc377g_firmware -
siemens simatic_field_pg_m6_firmware -
siemens simatic_itp1000_firmware -
siemens simatic_ipc627e_firmware -
siemens simatic_ipc327g_firmware -
CVE-2021-33627 HIGH

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_itp1000_firmware *
siemens simatic_ipc127e_firmware *
siemens simatic_ipc377g_firmware *
siemens simatic_ipc277g_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc627e_firmware *
siemens simatic_ipc327g_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc227g_firmware *
siemens simatic_ipc677e_firmware *
insyde insydeh2o *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2021-33709 MEDIUM

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). By sending malformed requests, a remote attacker could leak an application token due to an error not properly handled by the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens teamcenter_active_workspace *
CVE-2021-33710 MEDIUM

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
siemens teamcenter_active_workspace *
CVE-2021-33711 MEDIUM

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). The affected application allows verbose error messages which allow leaking of sensitive information, such as full paths.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,

Products Affected

Vendor Product Version
siemens teamcenter_active_workspace *
CVE-2021-33713 LOW

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-688,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens jt_utilities *
CVE-2021-33714 LOW

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens jt_utilities *
CVE-2021-33715 LOW

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
siemens jt_utilities *
CVE-2021-33716 LOW

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
siemens simatic_cp_1543-1_firmware *
siemens simatic_cp_1545-1_firmware *
CVE-2021-33717 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-33718 LOW

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,

Products Affected

Vendor Product Version
siemens mendix *
CVE-2021-33719 HIGH

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
siemens siprotec_5_with_cpu_variant_cp100 *
siemens siprotec_5_with_cpu_variant_cp300 *
siemens siprotec_5_with_cpu_variant_cp050 *
CVE-2021-33720 MEDIUM

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
siemens siprotec_5_with_cpu_variant_cp100 *
siemens siprotec_5_with_cpu_variant_cp300 *
siemens siprotec_5_with_cpu_variant_cp050 *
CVE-2021-33721 HIGH

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
siemens sinec_network_management_system 1.0
siemens sinec_network_management_system *
CVE-2021-33722 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33723 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33724 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33725 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33726 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33727 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33728 HIGH

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33729 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33730 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33731 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33732 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33733 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33734 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33735 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33736 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
siemens sinec_nms 1.0
siemens sinec_nms *
CVE-2021-33737 HIGH

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_cp_343-1_advanced_firmware *
siemens simatic_cp_343-1_lean_firmware *
siemens simatic_cp_343-1_firmware *
siemens simatic_cp_343-1_erpc_firmware *
siemens simatic_cp_443-1_advanced_firmware *
siemens simatic_cp_443-1_firmware *
CVE-2021-33738 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34291 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34292 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-20,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34293 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13020)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34294 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13023

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-20,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34295 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13024)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34296 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13057)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-20,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34297 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13059)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34298 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-20,CWE-416,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34299 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13192)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34300 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34301 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-20,CWE-416,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34302 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13197)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34303 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13198)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34304 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34305 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13340)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34306 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34307 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34308 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13344)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34309 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13350)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34310 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13351)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34311 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13352)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34312 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13353)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34313 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13354)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34314 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13355)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34315 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13356)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-20,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34316 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13380)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34317 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13402)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34318 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13403)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34319 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34320 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13406)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34321 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13414)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34322 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13416)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-20,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34323 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34324 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-20,CWE-416,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34325 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13421)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-126,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34326 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13422)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens solid_edge *
siemens jt2go *
siemens solid_edge se2021
CVE-2021-34327 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13423)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens solid_edge *
siemens jt2go *
siemens solid_edge se2021
CVE-2021-34328 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13424)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens solid_edge *
siemens jt2go *
siemens solid_edge se2021
CVE-2021-34329 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens solid_edge *
siemens jt2go *
siemens solid_edge se2021
CVE-2021-34330 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-20,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34331 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13442)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-20,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34332 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources. (CNVD-C-2021-79300)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-34333 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-3449 MEDIUM

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens sinamics_connect_300_firmware *
siemens simatic_cloud_connect_7_firmware *
siemens sinema_server 14.0
oracle primavera_unifier 21.12
siemens scalance_xb-200_firmware *
siemens simatic_rf188c_firmware *
siemens simatic_rf186ci_firmware *
siemens simatic_wincc_runtime_advanced *
siemens sinec_pni -
siemens scalance_s627-2m_firmware *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
oracle communications_communications_policy_management 12.6.0.0.0
nodejs node.js *
siemens simatic_logon 1.5
sonicwall capture_client 3.5
siemens scalance_xr-300wg_firmware *
siemens tim_1531_irc_firmware *
siemens sinumerik_opc_ua_server *
checkpoint quantum_security_gateway_firmware r81
siemens simatic_logon *
checkpoint quantum_security_management_firmware r80.40
mcafee web_gateway_cloud_service 8.2.19
siemens simatic_cp_1242-7_gprs_v2_firmware -
siemens scalance_s602_firmware *
siemens scalance_xf-200ba_firmware *
oracle jd_edwards_enterpriseone_tools *
oracle zfs_storage_appliance_kit 8.8
siemens simatic_net_cp_1543sp-1_firmware *
mcafee web_gateway 8.2.19
netapp ontap_select_deploy_administration_utility -
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
siemens simatic_pdm_firmware *
siemens simatic_cloud_connect_7_firmware -
netapp e-series_performance_analyzer -
tenable nessus *
siemens simatic_cp_1242-7_gprs_v2_firmware *
freebsd freebsd 12.2
checkpoint quantum_security_gateway_firmware r80.40
checkpoint multi-domain_management_firmware r80.40
oracle graalvm 21.0.0.2
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens scalance_w700_firmware *
netapp oncommand_insight -
fedoraproject fedora 34
tenable tenable.sc *
siemens simatic_hmi_basic_panels_2nd_generation_firmware *
siemens simatic_net_cp_1243-8_irc_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens scalance_s623_firmware *
siemens simatic_wincc_telecontrol -
oracle primavera_unifier 20.12
oracle peoplesoft_enterprise_peopletools 8.57
tenable nessus_network_monitor 5.11.1
debian debian_linux 9.0
siemens simatic_net_cp_1543-1_firmware *
siemens scalance_xp-200_firmware *
tenable nessus_network_monitor 5.13.0
oracle jd_edwards_world_security a9.4
siemens simatic_net_cp_1542sp-1_irc_firmware *
netapp active_iq_unified_manager -
siemens sinec_nms 1.0
siemens simatic_net_cp_1545-1_firmware *
oracle mysql_server *
siemens simatic_process_historian_opc_ua_server_firmware *
oracle graalvm 19.3.5
oracle secure_backup *
siemens simatic_rf188ci_firmware *
siemens simatic_pcs_7_telecontrol_firmware *
siemens simatic_rf360r_firmware *
debian debian_linux 10.0
siemens simatic_net_cp1243-7_lte_eu_firmware *
siemens simatic_hmi_ktp_mobile_panels_firmware *
netapp cloud_volumes_ontap_mediator -
siemens ruggedcom_rcm1224_firmware *
mcafee web_gateway 10.1.1
siemens scalance_s612_firmware *
oracle mysql_workbench *
siemens scalance_xr528-6m_firmware *
siemens scalance_lpe9403_firmware *
oracle primavera_unifier 19.12
siemens scalance_m-800_firmware *
mcafee web_gateway 9.2.10
siemens scalance_xr552-12_firmware *
siemens scalance_w1700_firmware *
siemens simatic_hmi_comfort_outdoor_panels_firmware *
tenable log_correlation_engine *
siemens scalance_sc-600_firmware *
siemens sinec_infrastructure_network_services *
oracle essbase 21.2
mcafee web_gateway_cloud_service 9.2.10
openssl openssl *
tenable nessus_network_monitor 5.12.1
tenable nessus_network_monitor 5.12.0
netapp santricity_smi-s_provider -
siemens simatic_s7-1200_cpu_1215_fc_firmware *
siemens scalance_s615_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_rf166c_firmware *
sonicwall sma100_firmware *
checkpoint multi-domain_management_firmware r81
oracle primavera_unifier *
checkpoint quantum_security_management_firmware r81
siemens tia_administrator *
sonicwall sonicos 7.0.1.0
siemens simatic_mv500_firmware *
oracle graalvm 20.3.1.2
netapp oncommand_workflow_automation -
siemens simatic_net_cp1243-7_lte_us_firmware *
siemens simatic_rf185c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_pcs_neo_firmware *
mcafee web_gateway_cloud_service 10.1.1
oracle enterprise_manager_for_storage_management 13.4.0.0
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens scalance_xr526-8c_firmware *
tenable nessus_network_monitor 5.11.0
oracle secure_global_desktop 5.6
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
netapp storagegrid -
siemens scalance_xc-200_firmware *
netapp snapcenter -
siemens simatic_s7-1200_cpu_1212c_firmware *
oracle mysql_connectors *
siemens simatic_net_cp_1243-1_firmware *
siemens simatic_rf186c_firmware *
siemens scalance_xm-400_firmware *
siemens scalance_xr524-8c_firmware *
CVE-2021-34798 MEDIUM

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
oracle zfs_storage_appliance_kit 8.8
siemens sinema_server 14.0
debian debian_linux 11.0
debian debian_linux 10.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle enterprise_manager_base_platform 13.5.0.0
apache http_server *
oracle http_server 12.2.1.4.0
fedoraproject fedora 34
tenable tenable.sc *
oracle http_server 12.2.1.3.0
oracle instantis_enterprisetrack 17.1
broadcom brocade_fabric_operating_system_firmware -
oracle instantis_enterprisetrack 17.3
siemens sinema_remote_connect_server *
debian debian_linux 9.0
siemens ruggedcom_nms *
netapp cloud_backup -
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle enterprise_manager_base_platform 13.4.0.0
siemens sinec_nms *
oracle instantis_enterprisetrack 17.2
netapp storagegrid -
fedoraproject fedora 35
netapp clustered_data_ontap -
CVE-2021-36221 MEDIUM

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
fedoraproject fedora 33
golang go *
fedoraproject fedora 35
debian debian_linux 9.0
oracle timesten_in-memory_database *
fedoraproject fedora 34
CVE-2021-3672 MEDIUM

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
redhat enterprise_linux_computer_node 1
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_for_ibm_z_systems_eus 8.1
nodejs node.js *
fedoraproject fedora 34
redhat enterprise_linux 8.0
redhat enterprise_linux_tus 8.4
redhat enterprise_linux_eus 8.2
pgbouncer pgbouncer *
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux 7.0
redhat enterprise_linux 7.7
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_workstation 1
redhat enterprise_linux_server_aus 8.4
siemens sinec_infrastructure_network_services *
fedoraproject fedora 33
c-ares_project c-ares *
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
CVE-2021-3712 MEDIUM

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
oracle jd_edwards_enterpriseone_tools *
oracle zfs_storage_appliance_kit 8.8
oracle essbase 21.3
debian debian_linux 11.0
oracle enterprise_session_border_controller 8.4
oracle enterprise_communications_broker 3.2.0
debian debian_linux 10.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
netapp e-series_santricity_os_controller *
oracle health_sciences_inform_publisher 6.3.1.1
mcafee epolicy_orchestrator *
netapp solidfire -
oracle enterprise_session_border_controller 9.0
oracle secure_backup 18.1.0.1.0
oracle communications_unified_session_manager 8.4.5
oracle communications_cloud_native_core_console 1.9.0
oracle communications_session_border_controller 8.4
netapp clustered_data_ontap_antivirus_connector -
oracle mysql_workbench *
tenable tenable.sc *
oracle peoplesoft_enterprise_peopletools 8.57
debian debian_linux 9.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle jd_edwards_world_security a9.4
oracle communications_session_border_controller 9.0
netapp manageability_software_development_kit -
siemens sinec_infrastructure_network_services *
netapp storage_encryption -
mcafee epolicy_orchestrator 5.10.0
oracle communications_unified_session_manager 8.2.5
oracle mysql_connectors *
openssl openssl *
netapp clustered_data_ontap -
oracle mysql_server *
oracle health_sciences_inform_publisher 6.2.1.0
tenable nessus_network_monitor *
oracle enterprise_communications_broker 3.3.0
netapp hci_management_node -
oracle mysql_enterprise_monitor *
netapp santricity_smi-s_provider -
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle essbase *
CVE-2021-37172 MEDIUM

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
siemens simatic_step_7_(tia_portal) *
siemens simatic_s7-1200_cpu_firmware 4.5.0
CVE-2021-37173 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2021-37174 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-250,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2021-37175 MEDIUM

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-280,CWE-755,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2021-37176 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-37177 LOW

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-471,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server *
CVE-2021-37178 MEDIUM

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
siemens solid_edge_se2021_firmware *
CVE-2021-37179 MEDIUM

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13777)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
siemens solid_edge_se2021_firmware *
CVE-2021-37180 MEDIUM

A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing user-supplied OBJ files that could cause an out of bounds access to an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13775)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,CWE-824,

Products Affected

Vendor Product Version
siemens solid_edge_se2021_firmware *
CVE-2021-37181 HIGH

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
siemens desigo_cc 4.0
siemens desigo_cc_compact 4.1
siemens cerberus_dms 4.1
siemens cerberus_dms 4.0
siemens desigo_cc_compact 4.2
siemens desigo_cc 4.1
siemens desigo_cc 4.2
siemens desigo_cc_compact 4.0
siemens desigo_cc_compact 5.0
siemens desigo_cc 5.0
siemens cerberus_dms 5.0
siemens cerberus_dms 4.2
CVE-2021-37182 MEDIUM

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-354,CWE-354,

Products Affected

Vendor Product Version
siemens scalance_xm416-4c_l3_firmware *
siemens scalance_xr528-6m_2hr2_l3_firmware *
siemens scalance_xm408-8c_l3_firmware *
siemens scalance_xr526-8c_l3_firmware *
siemens scalance_xr552-12m_2hr2_firmware *
siemens scalance_xr526-8c_firmware *
siemens scalance_xm408-4c_firmware *
siemens scalance_xm408-8c_firmware *
siemens scalance_xm416-4c_firmware *
siemens scalance_xr528-6m_l3_firmware *
siemens scalance_xr552-12m_firmware *
siemens scalance_xr524-8c_l3_firmware *
siemens scalance_xr524-8c_firmware *
siemens scalance_xr528-6m_firmware *
siemens scalance_xm408-4c_l3_firmware *
siemens scalance_xr528-6m_2hr2_firmware *
siemens scalance_xr552-12m_2hr2_l3_firmware *
CVE-2021-37183 LOW

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server *
CVE-2021-37184 MEDIUM

A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,

Products Affected

Vendor Product Version
siemens industrial_edge_management *
CVE-2021-37185 HIGH

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-672,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_cpu_1215fc_firmware *
siemens simatic_s7-1500_cpu_1511f-1_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_firmware *
siemens simatic_s7-1500_cpu_cpu_1513prof-2_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware *
siemens simatic_s7-1500_cpu_1510sp_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware *
siemens tim_1531_irc_firmware *
siemens simatic_drive_controller_cpu_1504d_tf_firmware *
siemens simatic_s7-1500_cpu_1516f-3_firmware *
siemens simatic_s7-1500_cpu_1517f-3_firmware *
siemens simatic_s7-1500_software_controller *
siemens simatic_s7-1500_cpu_1516-3_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_s7-1500_cpu_1512sp-1_firmware *
siemens simatic_s7-1500_cpu_1518f-4_firmware *
siemens simatic_s7-1500_cpu_1513r-1_firmware *
siemens simatic_s7-plcsim_advanced_firmware 4.0
siemens simatic_s7-1500_cpu_1515r-2_firmware *
siemens simatic_s7-1500_cpu_1516pro-2_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1500_cpu_1511t-1_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_firmware *
siemens simatic_s7-1500_cpu_1512c-1_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_firmware *
siemens simatic_s7-1200_cpu_1214fc_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware *
siemens simatic_s7-1500_cpu_1515-2_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_firmware *
siemens simatic_s7-1500_cpu_1511c-1_firmware *
siemens simatic_s7-1500_cpu_1516pro_f_firmware *
siemens simatic_s7-1500_cpu_cpu_1513pro-2_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware *
siemens simatic_s7-1500_cpu_1517-3_firmware *
siemens simatic_s7-1500_cpu_1512spf-1_firmware *
siemens simatic_s7-1500_cpu_1511-1_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_drive_controller_cpu_1507d_tf_firmware *
siemens simatic_s7-1500_cpu_1513f-1_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1500_cpu_1518-4_firmware *
siemens simatic_s7-1500_cpu_1518t-4_firmware *
CVE-2021-37186 MEDIUM

A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
siemens logo!_cmr2040_firmware *
siemens simatic_rtu3041c_firmware *
siemens simatic_rtu3031c_firmware *
siemens logo!_cmr2020_firmware *
siemens simatic_rtu3030c_firmware *
siemens simatic_rtu3010c_firmware *
CVE-2021-37190 LOW

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server *
CVE-2021-37191 LOW

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-799,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server *
CVE-2021-37192 LOW

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server *
CVE-2021-37193 LOW

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-471,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server *
CVE-2021-37194 MEDIUM

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
siemens comos 10.2
siemens comos *
CVE-2021-37195 LOW

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens comos 4.1
siemens comos *
CVE-2021-37196 LOW

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
siemens comos 10.4
siemens comos *
CVE-2021-37197 MEDIUM

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
siemens comos 10.4
siemens comos *
CVE-2021-37198 MEDIUM

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,CWE-352,

Products Affected

Vendor Product Version
siemens comos 10.4
siemens comos *
CVE-2021-37199 HIGH

A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens sinumerik_808d_firmware *
siemens sinumerik_828d_firmware *
CVE-2021-37200 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens sinec_network_management_system 1.0
siemens sinec_network_management_system *
CVE-2021-37201 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
siemens sinec_network_management_system 1.0
siemens sinec_network_management_system *
CVE-2021-37202 MEDIUM

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
siemens nx_1980 *
siemens solid_edge *
siemens solid_edge se2021
CVE-2021-37203 MEDIUM

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens nx_1980 *
siemens solid_edge *
siemens solid_edge se2021
CVE-2021-37204 HIGH

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-672,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_cpu_1215fc_firmware *
siemens simatic_s7-1500_cpu_1511f-1_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_firmware *
siemens simatic_s7-1500_cpu_cpu_1513prof-2_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware *
siemens simatic_s7-1500_cpu_1510sp_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware *
siemens tim_1531_irc_firmware *
siemens simatic_drive_controller_cpu_1504d_tf_firmware *
siemens simatic_s7-1500_cpu_1516f-3_firmware *
siemens simatic_s7-1500_cpu_1517f-3_firmware *
siemens simatic_s7-1500_software_controller *
siemens simatic_s7-1500_cpu_1516-3_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_s7-1500_cpu_1512sp-1_firmware *
siemens simatic_s7-1500_cpu_1518f-4_firmware *
siemens simatic_s7-1500_cpu_1513r-1_firmware *
siemens simatic_s7-plcsim_advanced_firmware 4.0
siemens simatic_s7-1500_cpu_1515r-2_firmware *
siemens simatic_s7-1500_cpu_1516pro-2_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1500_cpu_1511t-1_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_firmware *
siemens simatic_s7-1500_cpu_1512c-1_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_firmware *
siemens simatic_s7-1200_cpu_1214fc_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware *
siemens simatic_s7-1500_cpu_1515-2_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_firmware *
siemens simatic_s7-1500_cpu_1511c-1_firmware *
siemens simatic_s7-1500_cpu_1516pro_f_firmware *
siemens simatic_s7-1500_cpu_cpu_1513pro-2_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware *
siemens simatic_s7-1500_cpu_1517-3_firmware *
siemens simatic_s7-1500_cpu_1512spf-1_firmware *
siemens simatic_s7-1500_cpu_1511-1_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_drive_controller_cpu_1507d_tf_firmware *
siemens simatic_s7-1500_cpu_1513f-1_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1500_cpu_1518-4_firmware *
siemens simatic_s7-1500_cpu_1518t-4_firmware *
CVE-2021-37205 HIGH

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,CWE-401,

Products Affected

Vendor Product Version
siemens simatic_s7-1200_cpu_1215fc_firmware *
siemens simatic_s7-1500_cpu_1511f-1_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_firmware *
siemens simatic_s7-1500_cpu_cpu_1513prof-2_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware *
siemens simatic_s7-1500_cpu_1510sp_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware *
siemens tim_1531_irc_firmware *
siemens simatic_drive_controller_cpu_1504d_tf_firmware *
siemens simatic_s7-1500_cpu_1516f-3_firmware *
siemens simatic_s7-1500_cpu_1517f-3_firmware *
siemens simatic_s7-1500_software_controller *
siemens simatic_s7-1500_cpu_1516-3_firmware *
siemens simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_s7-1500_cpu_1512sp-1_firmware *
siemens simatic_s7-1500_cpu_1518f-4_firmware *
siemens simatic_s7-1500_cpu_1513r-1_firmware *
siemens simatic_s7-plcsim_advanced_firmware 4.0
siemens simatic_s7-1500_cpu_1515r-2_firmware *
siemens simatic_s7-1500_cpu_1516pro-2_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1500_cpu_1511t-1_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_firmware *
siemens simatic_s7-1500_cpu_1512c-1_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_firmware *
siemens simatic_s7-1200_cpu_1214fc_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware *
siemens simatic_s7-1500_cpu_1515-2_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_firmware *
siemens simatic_s7-1500_cpu_1511c-1_firmware *
siemens simatic_s7-1500_cpu_1516pro_f_firmware *
siemens simatic_s7-1500_cpu_cpu_1513pro-2_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware *
siemens simatic_s7-1500_cpu_1517-3_firmware *
siemens simatic_s7-1500_cpu_1512spf-1_firmware *
siemens simatic_s7-1500_cpu_1511-1_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_drive_controller_cpu_1507d_tf_firmware *
siemens simatic_s7-1500_cpu_1513f-1_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1500_cpu_1518-4_firmware *
siemens simatic_s7-1500_cpu_1518t-4_firmware *
CVE-2021-37206 MEDIUM

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens siprotec_5_with_cpu_variant_cp100 *
siemens siprotec_5_with_cpu_variant_cp300 *
siemens siprotec_5_with_cpu_variant_cp050 *
CVE-2021-37207 HIGH

A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
siemens sentron_powermanager_3 *
CVE-2021-37208 LOW

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H 2.8 6.0
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2021-37209 MEDIUM

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H 1.2 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,CWE-311,

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2021-3749 HIGH

axios is vulnerable to Inefficient Regular Expression Complexity

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1333,CWE-400,

Products Affected

Vendor Product Version
oracle goldengate *
siemens sinec_ins 1.0
axios axios *
siemens sinec_ins *
CVE-2021-37701 MEDIUM

The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\` and `/` characters as path separators, however `\` is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-59,CWE-59,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
oracle graalvm 20.3.3
debian debian_linux 11.0
debian debian_linux 10.0
npmjs tar *
CVE-2021-37712 MEDIUM

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 1.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-59,CWE-59,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
oracle graalvm 20.3.3
debian debian_linux 11.0
debian debian_linux 10.0
npmjs tar *
CVE-2021-37713 MEDIUM

The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 1.8 5.8
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
oracle graalvm 20.3.3
npmjs tar *
CVE-2021-37716 HIGH

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
arubanetworks arubaos *
arubanetworks sd-wan *
siemens scalance_w1750d_firmware *
CVE-2021-37717 HIGH

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
siemens scalance_w1750d_firmware -
arubanetworks arubaos *
arubanetworks sd-wan *
CVE-2021-37718 HIGH

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
siemens scalance_w1750d_firmware -
arubanetworks arubaos *
arubanetworks sd-wan *
CVE-2021-37720 HIGH

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
siemens scalance_w1750d_firmware -
arubanetworks arubaos *
arubanetworks sd-wan *
CVE-2021-37721 HIGH

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
siemens scalance_w1750d_firmware -
arubanetworks arubaos *
arubanetworks sd-wan *
CVE-2021-37722 HIGH

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
siemens scalance_w1750d_firmware -
arubanetworks arubaos *
arubanetworks sd-wan *
CVE-2021-37723 HIGH

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2021-37724 HIGH

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2021-37725 HIGH

A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.8.0.1, 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
arubanetworks arubaos *
arubanetworks sd-wan *
siemens scalance_w1750d_firmware *
CVE-2021-37726 HIGH

A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2021-37727 HIGH

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2021-37728 HIGH

A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2021-37729 MEDIUM

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
arubanetworks arubaos *
arubanetworks sd-wan -
arubanetworks sd-wan *
siemens scalance_w1750d_firmware *
CVE-2021-37730 HIGH

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2021-37731 HIGH

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.3 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
arubanetworks arubaos *
arubanetworks sd-wan *
siemens scalance_w1750d_firmware *
CVE-2021-37732 HIGH

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant 8.7.x.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2021-37733 MEDIUM

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
arubanetworks arubaos *
arubanetworks sd-wan *
siemens scalance_w1750d_firmware *
CVE-2021-37734 MEDIUM

A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2021-37735 MEDIUM

A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
arubanetworks aruba_instant *
siemens scalance_w1750d_firmware *
CVE-2021-38405

The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens teamcenter_visualization 13.3.0
CVE-2021-39134 MEDIUM

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 1.8 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-61,CWE-178,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
oracle graalvm 20.3.3
npmjs arborist *
CVE-2021-39135 MEDIUM

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) 2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N 1.8 5.8
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-61,CWE-59,

Products Affected

Vendor Product Version
siemens sinec_infrastructure_network_services *
oracle graalvm 21.2.0
oracle graalvm 20.3.3
npmjs arborist *
CVE-2021-39275 HIGH

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
oracle zfs_storage_appliance_kit 8.8
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.3
siemens sinema_server 14.0
debian debian_linux 11.0
debian debian_linux 9.0
netapp cloud_backup -
debian debian_linux 10.0
siemens sinec_nms *
oracle instantis_enterprisetrack 17.2
apache http_server *
netapp storagegrid -
fedoraproject fedora 35
netapp clustered_data_ontap -
oracle http_server 12.2.1.4.0
fedoraproject fedora 34
CVE-2021-40142 MEDIUM

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_net_pc 15
opcfoundation local_discover_server *
siemens simatic_wincc -
siemens simatic_wincc_unified_scada_runtime -
siemens simatic_net_pc 17
siemens simatic_net_pc 14
siemens telecontrol_server_basic 3.0
siemens simatic_process_historian_opc_ua_server_firmware *
siemens simatic_net_pc 16
siemens simatic_wincc_runtime -
siemens simatic_process_historian_opc_ua_server_firmware 2022
CVE-2021-4034 HIGH

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-125,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 21.10
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
redhat enterprise_linux_for_ibm_z_systems 8.0
siemens sinumerik_edge *
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
canonical ubuntu_linux 16.04
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.04
polkit_project polkit *
redhat enterprise_linux 8.0
oracle http_server 12.2.1.3.0
siemens scalance_lpe9403_firmware *
redhat enterprise_linux_eus 8.2
starwindsoftware starwind_virtual_san v8
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_for_power_little_endian_eus 8.4
suse linux_enterprise_server 15
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_server_aus 7.3
suse linux_enterprise_workstation_extension 12
suse enterprise_storage 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
oracle zfs_storage_appliance_kit 8.8
canonical ubuntu_linux 20.04
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
suse linux_enterprise_desktop 15
starwindsoftware starwind_hyperconverged_appliance -
suse manager_server 4.1
redhat enterprise_linux_for_power_little_endian 7.0
oracle http_server 12.2.1.4.0
canonical ubuntu_linux 14.04
suse linux_enterprise_high_performance_computing 15.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 8.4
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.4
starwindsoftware command_center 1.0
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
suse manager_proxy 4.1
CVE-2021-40354 MEDIUM

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-267,CWE-269,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
CVE-2021-40355 MEDIUM

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
CVE-2021-40356 MEDIUM

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
CVE-2021-40357 MEDIUM

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens teamcenter_active_workspace *
CVE-2021-40358 HIGH

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.5
siemens simatic_wincc 15.1
siemens simatic_wincc 15
siemens simatic_pcs_7 8.2
siemens simatic_pcs_7 9.1
siemens simatic_pcs_7 9.0
siemens simatic_wincc 17
siemens simatic_wincc 7.4
siemens simatic_wincc 16
CVE-2021-40359 MEDIUM

A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 6), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens simatic_batch 8.2
siemens simatic_wincc *
siemens simatic_wincc 17
siemens simaticpcs_7 *
siemens simatic_net_pc 16
siemens simaticpcs_7 9.1
siemens simatic_wincc 7.5
siemens simatic_route_control 9.1
siemens simatic_wincc 15
siemens simatic_batch 9.1
siemens simatic_batch 9.0
siemens simatic_net_pc 15
siemens simatic_net_pc 17
siemens simatic_net_pc 14
siemens simatic_route_control 9.0
siemens simatic_route_control 8.2
siemens simatic_wincc 16
CVE-2021-40360 MEDIUM

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-522,

Products Affected

Vendor Product Version
siemens simatic_wincc 15.1
siemens simatic_wincc *
siemens simatic_wincc 13
siemens simatic_wincc 17
siemens simatic_wincc 7.4
siemens simatic_wincc 14.0.1
siemens simatic_wincc 7.5
siemens simatic_wincc 15
siemens simatic_pcs_7 9.1
siemens simatic_pcs_7 9.0
siemens simatic_pcs_7 *
siemens simatic_wincc 16
CVE-2021-40363 LOW

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions <= V17 Update 4), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-538,CWE-312,

Products Affected

Vendor Product Version
siemens simatic_wincc 15.1
siemens simatic_wincc *
siemens simatic_wincc 13
siemens simatic_wincc 17
siemens simatic_wincc 7.4
siemens simatic_wincc 14.0.1
siemens simatic_wincc 7.5
siemens simatic_wincc 15
siemens simatic_pcs_7 9.1
siemens simatic_pcs_7 9.0
siemens simatic_pcs_7 *
siemens simatic_wincc 16
CVE-2021-40364 LOW

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.5
siemens simatic_wincc 15
siemens simatic_wincc *
siemens simatic_pcs_7 9.1
siemens simatic_wincc 17
siemens simatic_pcs_7 *
siemens simatic_wincc 16
CVE-2021-40365

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_1511f-1_firmware *
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware -
siemens simatic_s7-1200_cpu_12_1217c_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware *
siemens simatic_s7-1500_cpu_1518_firmware *
siemens simatic_s7-1500_cpu_1510sp_firmware *
siemens simatic_s7-1500_cpu_1507s_f_firmware *
siemens simatic_s7-1500_cpu_1516f-3_firmware *
siemens simatic_s7-1500_cpu_1508s_f_firmware *
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware *
siemens tim_1531_irc_firmware -
siemens simatic_s7-1500_cpu_1512sp-1_firmware *
siemens siplus_s7-300_cpu_314_firmware -
siemens simatic_s7-1200_cpu_12_1212c_firmware *
siemens siplus_tim_1531_irc_firmware -
siemens simatic_s7-1500_cpu_1518f-4_firmware *
siemens simatic_s7-1500_cpu_1513r-1_firmware *
siemens simatic_s7-1500_cpu_1515r-2_firmware *
siemens simatic_s7-1500_cpu_1516pro-2_firmware *
siemens simatic_s7-1500_cpu_1513-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511t-1_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1500_cpu_1511c_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware *
siemens simatic_s7-1500_cpu_151511f-1_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_firmware *
siemens simatic_s7-1500_cpu_1511c-1_firmware *
siemens simatic_s7-1500_cpu_1516pro_f_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware *
siemens simatic_s7-1500_cpu_1517-3_firmware *
siemens simatic_s7-1500_cpu_1511-1_firmware *
siemens simatic_s7-1200_cpu_12_1212fc_firmware *
siemens simatic_s7-1500_cpu_1507s_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens simatic_s7-1200_cpu_12_1215fc_firmware *
siemens simatic_s7-1500_cpu_1518-4_dp_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens simatic_s7-1500_software_controller_firmware -
siemens simatic_s7-1500_cpu_1513f-1_firmware *
siemens simatic_s7-1500_cpu_15prof-2_firmware *
siemens simatic_s7-1500_cpu_15pro-2_firmware *
siemens simatic_s7-1500_cpu_1518t-4_firmware *
siemens simatic_s7-1500_cpu_1517-3_dp_firmware *
siemens simatic_s7-1200_cpu_1215fc_firmware *
siemens simatic_s7-1200_cpu_12_1214fc_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_firmware *
siemens simatic_s7-1500_cpu_cpu_1513prof-2_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_firmware *
siemens simatic_s7-1500_cpu_1516-3_dp_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware *
siemens siplus_s7-300_cpu_315-2_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1517f-3_firmware *
siemens simatic_s7-1500_cpu_1516-3_firmware *
siemens simatic_s7-1500_cpu_1508s_firmware *
siemens siplus_s7-300_cpu_317-2_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1516-3_pn_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
siemens simatic_s7-1200_cpu_1215_fc_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1500_cpu_151511c-1_firmware *
siemens simatic_s7-1200_cpu_12_1215c_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens simatic_s7-1200_cpu_12_1211c_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_firmware *
siemens simatic_s7-1500_cpu_1512c-1_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens simatic_s7-1200_cpu_1214fc_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens siplus_s7-300_cpu_315-2_dp_firmware -
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1515-2_firmware *
siemens simatic_s7-1500_cpu_1512c_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_cpu_1513pro-2_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn_firmware *
siemens simatic_s7-1500_cpu_1512spf-1_firmware *
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_s7-1200_cpu_12_1214c_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1500_cpu_1518-4_firmware *
siemens simatic_s7-1500_cpu_1515-2_pn_firmware *
CVE-2021-40366 MEDIUM

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-319,

Products Affected

Vendor Product Version
siemens climatix_pol909_firmware *
CVE-2021-40368 MEDIUM

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions < V8.2.3), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
siemens simatic_s7-400h_v6_firmware *
siemens simatic_s7-400_pn/dp_v7_firmware *
siemens simatic_s7-410_v8_firmware *
siemens simatic_s7-410_v10_firmware *
CVE-2021-40438 MEDIUM

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.2
siemens sinema_server 14.0
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_for_power_little_endian_eus 8.6
redhat enterprise_linux_for_power_little_endian_eus 8.8
debian debian_linux 10.0
resf rocky_linux 8.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8
redhat enterprise_linux_for_ibm_z_systems_eus 8.1
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux 8.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.6
redhat enterprise_linux_update_services_for_sap_solutions 8.4
oracle http_server 12.2.1.3.0
oracle instantis_enterprisetrack 17.1
redhat enterprise_linux_eus 8.2
redhat software_collections 1.0
oracle instantis_enterprisetrack 17.3
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_for_arm_64_eus 8.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_for_ibm_z_systems_eus 8.8
redhat jboss_core_services 1.0
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
siemens ruggedcom_nms *
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_for_power_little_endian_eus 8.1
siemens sinec_nms *
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_aus 7.3
fedoraproject fedora 35
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_eus 8.6
oracle zfs_storage_appliance_kit 8.8
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
siemens sinema_remote_connect_server 3.2
debian debian_linux 11.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.7
oracle enterprise_manager_ops_center 12.4.0.0
apache http_server *
redhat enterprise_linux_for_arm_64_eus 8.8
redhat enterprise_linux_update_services_for_sap_solutions 8.8
redhat enterprise_linux_for_power_little_endian 7.0
oracle http_server 12.2.1.4.0
fedoraproject fedora 34
tenable tenable.sc *
redhat enterprise_linux_update_services_for_sap_solutions 8.2
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_workstation 7.0
broadcom brocade_fabric_operating_system_firmware -
redhat enterprise_linux_server_aus 7.4
siemens sinema_remote_connect_server *
debian debian_linux 9.0
f5 f5os *
netapp cloud_backup -
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 8.2
oracle secure_global_desktop 5.6
redhat enterprise_linux_for_arm_64 8.0
redhat enterprise_linux_server_aus 8.4
oracle instantis_enterprisetrack 17.2
netapp storagegrid -
redhat enterprise_linux_server_aus 8.6
netapp clustered_data_ontap -
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
CVE-2021-41057 LOW

In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
siemens pss_odms *
siemens sicam_230 *
siemens pss_cape 14
siemens simatic_information_server 2019
siemens simatic_information_server *
siemens simatic_pcs_neo *
siemens simatic_wincc_oa *
siemens simit *
wibu codemeter_runtime *
siemens simatic_process_historian *
siemens pss_e *
CVE-2021-41533 MEDIUM

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens nx_1988_firmware *
siemens solid_edge *
siemens solid_edge se2021
siemens nx_1984_firmware *
CVE-2021-41534 MEDIUM

A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13703).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens nx_1988_firmware *
siemens solid_edge *
siemens solid_edge se2021
siemens nx_1984_firmware *
CVE-2021-41535 MEDIUM

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13771).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
siemens nx_1988_firmware *
siemens nx_1957_firmware *
siemens solid_edge *
siemens solid_edge se2021
siemens nx_1961_firmware *
siemens nx_1984_firmware *
siemens nx_1965_firmware *
siemens nx_1969_firmware *
CVE-2021-41536 MEDIUM

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13778).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2021
CVE-2021-41537 MEDIUM

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13789).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2021
CVE-2021-41538 MEDIUM

A vulnerability has been identified in NX 1953 Series (All versions < V1973.3700), NX 1980 Series (All versions < V1988), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files. An attacker could leverage this vulnerability to leak information from unexpected memory locations (ZDI-CAN-13770).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,CWE-824,

Products Affected

Vendor Product Version
siemens nx_1988_firmware *
siemens nx_1957_firmware *
siemens solid_edge *
siemens solid_edge se2021
siemens nx_1961_firmware *
siemens nx_1984_firmware *
siemens nx_1965_firmware *
siemens nx_1969_firmware *
CVE-2021-41539 MEDIUM

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2021
CVE-2021-41540 MEDIUM

A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2021
CVE-2021-41541 MEDIUM

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens climatix_pol909_firmware *
CVE-2021-41542 MEDIUM

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens climatix_pol909_firmware *
CVE-2021-41543 MEDIUM

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-532,

Products Affected

Vendor Product Version
siemens climatix_pol909_firmware *
CVE-2021-41544

A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens software_center *
CVE-2021-41545 MEDIUM

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a “out of work” state and could result in the controller going into a “factory reset” state.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-248,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
siemens desigo_dxr2_firmware *
siemens desigo_pxc4_firmware *
siemens desigo_pxc5_firmware *
siemens desigo_pxc3_firmware *
CVE-2021-41546 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2021-41547 MEDIUM

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
siemens teamcenter_active_workspace *
CVE-2021-4160 MEDIUM

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle health_sciences_inform_publisher 6.2.1.1
debian debian_linux 11.0
debian debian_linux 9.0
siemens sinec_ins *
debian debian_linux 10.0
oracle jd_edwards_world_security a9.4
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle jd_edwards_enterpriseone_tools 9.2.6.3
oracle enterprise_manager_ops_center 12.4.0.0
oracle health_sciences_inform_publisher 6.3.1.1
openssl openssl 3.0.0
openssl openssl *
siemens sinec_ins 1.0
CVE-2021-41769 MEDIUM

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens 7sj82_firmware *
siemens 6md86_firmware *
siemens 7sl87_firmware *
siemens 7sx800_firmware *
siemens 7ut85_firmware *
siemens 7ut82_firmware *
siemens 7sl86_firmware *
siemens 7sl82_firmware *
siemens 7um85_firmware *
siemens 7ut86_firmware *
siemens 7ve85_firmware *
siemens 7sd86_firmware *
siemens 7ke85_firmware *
siemens 6mu85_firmware *
siemens 7sk82_firmware *
siemens 7sj81_firmware *
siemens 7sx85_firmware *
siemens 7sa87_firmware *
siemens 7ut87_firmware *
siemens 7sd87_firmware *
siemens 7vk87_firmware *
siemens 7ss85_firmware *
siemens 6md89_firmware *
siemens 7sd82_firmware *
siemens 7sk85_firmware *
siemens 7sj86_firmware *
siemens 6md85_firmware *
siemens 7st85_firmware *
siemens 7sa82_firmware *
siemens 7sj85_firmware *
siemens 7sa86_firmware *
CVE-2021-41837 HIGH

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_itp1000_firmware *
siemens simatic_ipc127e_firmware *
siemens simatic_ipc377g_firmware *
siemens simatic_ipc277g_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc627e_firmware *
siemens simatic_ipc327g_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc227g_firmware *
siemens simatic_ipc677e_firmware *
insyde insydeh2o *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2021-41838 HIGH

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens simatic_itp1000_firmware *
siemens simatic_ipc127e_firmware *
siemens simatic_ipc377g_firmware *
siemens simatic_ipc277g_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc627e_firmware *
siemens simatic_ipc327g_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc227g_firmware *
siemens simatic_ipc677e_firmware *
insyde insydeh2o *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2021-41990 MEDIUM

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
siemens 6gk5615-0aa00-2aa2_firmware -
siemens 6gk5816-1aa00-2aa2_firmware -
siemens 6gk6108-4am00-2da2_firmware -
siemens 6gk5874-3aa00-2aa2_firmware -
strongswan strongswan *
siemens 6gk5812-1ba00-2aa2_firmware -
siemens 6gk5874-2aa00-2aa2_firmware -
debian debian_linux 11.0
siemens 6gk5812-1aa00-2aa2_firmware -
siemens 6gk5876-4aa00-2da2_firmware -
debian debian_linux 10.0
siemens 6gk5876-4aa00-2ba2_firmware -
fedoraproject fedora 33
siemens 6gk5804-0ap00-2aa2_firmware -
fedoraproject fedora 35
siemens 6gk6108-4am00-2ba2_firmware -
siemens 6gk5876-3aa02-2ea2_firmware -
siemens 6gk5816-1ba00-2aa2_firmware -
fedoraproject fedora 34
siemens 6gk5826-2ab00-2ab2_firmware -
siemens 6gk5876-3aa02-2ba2_firmware -
siemens 6gk5856-2ea00-3aa1_firmware -
siemens 6gk5856-2ea00-3da1_firmware -
CVE-2021-41991 MEDIUM

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
strongswan strongswan *
debian debian_linux 11.0
siemens simatic_net_cp_1545-1_firmware -
debian debian_linux 10.0
siemens simatic_cp_1243-1_firmware -
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware -
fedoraproject fedora 34
siemens sinema_remote_connect_server -
siemens cp_1543-1_firmware -
siemens simatic_cp_1542sp-1_firmware -
siemens scalance_sc636-2c_firmware -
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware -
siemens simatic_cp_1542sp-1_irc_firmware -
siemens simatic_net_cp1243-7_lte_eu_firmware -
siemens siplus_s7-1200_cp_1243-1_rail_firmware -
debian debian_linux 9.0
siemens scalance_sc646-2c_firmware *
siemens scalance_sc622-2c_firmware -
siemens simatic_cp_1242-7_gprs_v2_firmware -
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware -
siemens simatic_cp_1243-7_lte/us_firmware -
fedoraproject fedora 33
fedoraproject fedora 35
siemens simatic_cp_1543sp-1_firmware -
siemens scalance_sc642-2c_firmware -
siemens simatic_net_cp_1243-8_irc_firmware -
siemens siplus_s7-1200_cp_1243-1_firmware -
siemens siplus_net_cp_1543-1_firmware -
siemens scalance_sc632-2c_firmware -
CVE-2021-42016 MEDIUM

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-208,CWE-203,

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2021-42017 MEDIUM

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600T, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS401, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000H, RUGGEDCOM RS8000T, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900L, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS969, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSL910, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,CWE-295,

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2021-42018 HIGH

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.7 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2021-42019 HIGH

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.7 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2021-42020 MEDIUM

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2021-42021 MEDIUM

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-26,CWE-22,

Products Affected

Vendor Product Version
siemens siveillance_video_management_software_2019_r1 *
siemens siveillance_video_management_software_2019_r2 *
siemens siveillance_video_management_software_2020_r1 -
siemens siveillance_video_management_software_2019_r3 *
siemens siveillance_video_management_software_2020_r2 -
CVE-2021-42022 LOW

A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
siemens simatic_easie_pcs_7_skill *
siemens simatic_easie_pcs_7_skill 21.00
CVE-2021-42023 LOW

A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
siemens modelsim *
siemens questa *
CVE-2021-42024 MEDIUM

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_star-ccm+_viewer *
CVE-2021-42027 MEDIUM

A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
siemens sinumerik_edge *
CVE-2021-42029 HIGH

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens simatic_step_7 *
siemens simatic_step_7 16
siemens simatic_step_7 17
CVE-2021-42059 HIGH

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itp1000_firmware *
siemens simatic_ipc127e_firmware *
siemens simatic_ipc377g_firmware *
siemens simatic_ipc277g_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc627e_firmware *
siemens simatic_ipc327g_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc227g_firmware *
siemens simatic_ipc677e_firmware *
insyde insydeh2o *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2021-42550 HIGH

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
qos logback 1.3.0
siemens sinec_nms *
netapp service_level_manager -
netapp cloud_manager -
redhat satellite 6.0
qos logback *
netapp snap_creator_framework -
CVE-2021-42554 HIGH

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens simatic_itp1000_firmware *
siemens simatic_ipc127e_firmware *
siemens simatic_ipc377g_firmware *
siemens simatic_ipc277g_firmware *
siemens simatic_ipc477e_firmware *
siemens simatic_ipc627e_firmware *
siemens simatic_ipc327g_firmware *
siemens ruggedcom_ape1808_firmware *
siemens simatic_ipc647e_firmware *
siemens simatic_ipc227g_firmware *
siemens simatic_ipc677e_firmware *
insyde insydeh2o *
siemens simatic_ipc427e_firmware *
siemens simatic_field_pg_m5_firmware *
siemens simatic_ipc847e_firmware *
siemens simatic_field_pg_m6_firmware *
CVE-2021-43336 MEDIUM

An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
opendesign drawings_software_development_kit *
siemens solid_edge se2022
siemens teamcenter_visualization 13.1.0
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44000 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2022
siemens teamcenter_visualization 13.1.0
siemens teamcenter_visualization *
siemens jt2go *
siemens solid_edge se2021
CVE-2021-44001 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14974)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44002 MEDIUM

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15058, ZDI-CAN-19076, ZDI-CAN-19077)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
siemens teamcenter_visualization *
siemens solid_edge *
siemens jt2go *
CVE-2021-44003 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-457,CWE-908,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44004 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44005 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44006 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44007 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44008 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44009 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44010 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44011 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer while parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15101)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44012 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15102)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44013 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15103)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44014 MEDIUM

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
siemens teamcenter_visualization *
siemens solid_edge *
siemens jt2go *
CVE-2021-44015 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted CGM files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15109)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44016 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens solid_edge se2022
siemens teamcenter_visualization *
siemens jt2go *
siemens solid_edge se2021
CVE-2021-44017 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted TIF files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15111)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2021-44018 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-119,

Products Affected

Vendor Product Version
siemens solid_edge se2022
siemens teamcenter_visualization 13.1.0
siemens teamcenter_visualization *
siemens jt2go *
siemens solid_edge se2021
CVE-2021-44165 HIGH

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
siemens 7kg9501-0aa01-0aa1_firmware *
siemens 7kg9501-0aa31-2aa1_firmware *
siemens 7kg9501-0aa01-2aa1_firmware *
siemens 7kg9501-0aa31-0aa1_firmware *
CVE-2021-44221 MEDIUM

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens simatic_easie_core_package *
CVE-2021-44222 MEDIUM

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens simatic_easie_core_package *
CVE-2021-44228 HIGH

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-400,CWE-502,CWE-917,

Products Affected

Vendor Product Version
bentley synchro_4d *
cisco sd-wan_vmanage 20.3
cisco identity_services_engine 003.002(000.116)
cisco ucs_central *
cisco cloudcenter_suite 4.10(0.15)
cisco paging_server 9.1(1)
intel audio_development_kit -
cisco emergency_responder *
siemens energyip 9.0
cisco unified_contact_center_enterprise 12.6(1)
cisco packaged_contact_center_enterprise 11.6(1)
cisco ucs_director *
siemens comos *
cisco paging_server 9.0(2)
intel datacenter_manager *
cisco identity_services_engine 002.006(000.156)
cisco unified_sip_proxy 010.000(001)
siemens desigo_cc_advanced_reports 5.0
cisco finesse *
cisco wan_automation_engine 7.5
siemens desigo_cc_advanced_reports 4.2
cisco integrated_management_controller_supervisor *
siemens solid_edge_harness_design *
cisco dna_spaces_connector -
cisco crosswork_data_gateway *
cisco unified_communications_manager_im_&_presence_service 11.5(1.22900.6)
siemens spectrum_power_4 *
cisco network_dashboard_fabric_controller 11.5(2)
netapp solidfire_enterprise_sds -
sonicwall email_security *
cisco mobility_services_engine -
cisco unified_contact_center_express 12.6(2)
cisco cloudcenter_suite 5.4.1
cisco network_dashboard_fabric_controller 11.5(1)
apache log4j *
intel system_studio -
cisco intersight_virtual_appliance *
cisco contact_center_management_portal *
cisco crosswork_network_automation -
cisco identity_services_engine 002.004(000.914)
cisco wan_automation_engine 7.3
cisco evolved_programmable_network_manager 5.0
cisco unified_customer_voice_portal 12.5
cisco wan_automation_engine 7.2.1
cisco video_surveillance_operations_manager *
debian debian_linux 11.0
siemens siguard_dsa 4.4
cisco broadworks -
cisco unified_communications_manager 11.5(1.21900.40)
netapp brocade_san_navigator -
intel sensor_solution_firmware_development_kit -
cisco iot_operations_dashboard -
siemens siveillance_identity 1.5
cisco crosswork_optimization_engine *
cisco fxos 6.7.0
cisco paging_server 12.5(2)
cisco ucs_central_software 2.0(1h)
netapp oncommand_insight -
fedoraproject fedora 34
siemens vesys 2019.1
cisco sd-wan_vmanage 20.6
cisco firepower_threat_defense 7.1.0
cisco emergency_responder 11.5(4.65000.14)
cisco unified_sip_proxy 010.002(001)
cisco cloudcenter_suite 5.5.0
cisco unified_customer_voice_portal 11.6(1)
siemens mindsphere *
snowsoftware snow_commander *
cisco cloudcenter_suite 5.5.1
cisco connected_analytics_for_network_deployment 007.003.003
intel data_center_manager *
siemens desigo_cc_advanced_reports 3.0
debian debian_linux 9.0
cisco dna_spaces -
cisco connected_analytics_for_network_deployment 007.003.000
cisco unified_intelligence_center *
cisco unified_communications_manager_im_and_presence_service *
cisco firepower_threat_defense 6.6.0
cisco unified_communications_manager 11.5(1.18900.97)
netapp active_iq_unified_manager -
cisco unified_workforce_optimization 11.5(1)
cisco prime_service_catalog 12.1
cisco sd-wan_vmanage *
cisco data_center_network_manager 11.3(1)
cisco unified_contact_center_enterprise 12.5(1)
cisco crosswork_zero_touch_provisioning *
cisco firepower_threat_defense 6.3.0
cisco network_dashboard_fabric_controller 11.0(1)
cisco emergency_responder 11.5
cisco evolved_programmable_network_manager 5.1
siemens siveillance_identity 1.6
cisco unity_connection *
siemens energyip 8.6
cisco connected_analytics_for_network_deployment 006.005.000.
siemens vesys 2021.1
apple xcode *
cisco unified_workforce_optimization *
cisco fxos 7.1.0
cisco unified_customer_voice_portal 12.5(1)
siemens spectrum_power_7 2.30
siemens desigo_cc_info_center 5.1
cisco smart_phy 3.1.3
cisco ucs_central_software 2.0(1e)
cisco unified_communications_manager 11.5(1)su3
cisco smart_phy 3.1.5
siemens sentron_powermanager 4.2
cisco ucs_central_software 2.0(1d)
cisco smart_phy 3.1.2
siemens captial *
cisco identity_services_engine 003.001(000.518)
cisco unified_customer_voice_portal *
cisco nexus_dashboard *
cisco unified_contact_center_enterprise *
siemens captial 2019.1
cisco sd-wan_vmanage 20.8
siemens logo!_soft_comfort *
cisco crosswork_optimization_engine 3.0.0
cisco data_center_network_manager *
cisco cloudcenter_suite 5.5(1)
cisco firepower_threat_defense 7.0.0
siemens energyip 8.5
cisco common_services_platform_collector 002.009(001.000)
cisco crosswork_network_automation 3.0.0
cisco unified_sip_proxy 010.000(000)
cisco common_services_platform_collector *
cisco common_services_platform_collector 002.009(000.002)
cisco cloudcenter_suite 5.4(1)
cisco common_services_platform_collector 002.009(000.000)
cisco common_services_platform_collector 002.010(000.000)
cisco enterprise_chat_and_email 12.0(1)
cisco unified_communications_manager *
cisco crosswork_network_automation 4.1.0
cisco cloudcenter_suite 5.3.0
siemens sipass_integrated 2.85
cisco unified_sip_proxy *
cisco smart_phy 21.3
cisco common_services_platform_collector 002.009(001.002)
fedoraproject fedora 35
cisco crosswork_network_controller *
percussion rhythmyx *
siemens 6bk1602-0aa42-0tp0_firmware *
cisco ucs_central_software 2.0(1k)
cisco wan_automation_engine 7.6
cisco wan_automation_engine *
cisco evolved_programmable_network_manager 3.0
cisco ucs_central_software 2.0(1f)
cisco wan_automation_engine 7.2.2
cisco webex_meetings_server *
cisco evolved_programmable_network_manager *
siemens energy_engage 3.1
siemens desigo_cc_advanced_reports 5.1
siemens capital 2019.1
siemens desigo_cc_advanced_reports 4.0
intel oneapi_sample_browser -
cisco automated_subsea_tuning 02.01.00
cisco dna_center *
cisco cloudcenter_cost_optimizer *
siemens sipass_integrated 2.80
siemens industrial_edge_management_hub *
intel secure_device_onboard -
siemens energyip_prepay 3.8
cisco unified_contact_center_enterprise 12.0(1)
cisco virtual_topology_system 2.6.6
cisco connected_analytics_for_network_deployment 008.000.000
netapp ontap_tools -
cisco unified_communications_manager_im_and_presence_service 11.5(1)
cisco paging_server 8.4(1)
cisco cyber_vision_sensor_management_extension *
cisco packaged_contact_center_enterprise *
cisco network_assurance_engine *
snowsoftware vm_access_proxy *
cisco webex_meetings_server 3.0
cisco virtual_topology_system *
cisco unified_contact_center_management_portal 12.6(1)
cisco connected_analytics_for_network_deployment 007.002.000
netapp snapcenter -
siemens sppa-t3000_ses3000_firmware *
cisco identity_services_engine 003.000(000.458)
siemens siguard_dsa 4.2
cisco unified_intelligence_center 12.6(1)
cisco prime_service_catalog *
cisco connected_analytics_for_network_deployment 006.004.000.003
cisco cyber_vision_sensor_management_extension 4.0.2
intel genomics_kernel_library -
siemens operation_scheduler *
cisco firepower_threat_defense 6.5.0
siemens capital *
cisco cloudcenter_workload_manager *
cisco enterprise_chat_and_email *
cisco intersight_virtual_appliance 1.0.9-343
siemens mendix *
cisco unified_customer_voice_portal 12.0
cisco ucs_central_software 2.0
cisco fxos 6.5.0
cisco optical_network_controller 1.1
siemens siveillance_control_pro *
cisco wan_automation_engine 7.1.3
siemens 6bk1602-0aa12-0tp0_firmware *
cisco connected_analytics_for_network_deployment 008.000.000.000.004
cisco sd-wan_vmanage 20.7
cisco connected_analytics_for_network_deployment 7.3
cisco cx_cloud_agent 001.012
cisco automated_subsea_tuning *
cisco enterprise_chat_and_email 12.6(1)
cisco unified_contact_center_express 12.5(1)
cisco finesse 12.6(1)
cisco evolved_programmable_network_manager 4.1
cisco cyber_vision 4.0.2
cisco business_process_automation *
cisco contact_center_domain_manager *
cisco connected_analytics_for_network_deployment 006.005.000.000
bentley synchro *
cisco crosswork_network_automation 2.0.0
cisco ucs_central_software 2.0(1c)
cisco firepower_threat_defense 6.7.0
cisco sd-wan_vmanage 20.6.1
cisco smart_phy 3.1.4
cisco common_services_platform_collector 002.009(000.001)
cisco fxos 6.6.0
siemens 6bk1602-0aa22-0tp0_firmware *
siemens opcenter_intelligence *
cisco network_dashboard_fabric_controller 11.3(1)
siemens vesys *
cisco evolved_programmable_network_manager 3.1
cisco fxos 6.2.3
cisco cloudcenter *
cisco paging_server 8.3(1)
siemens solid_edge_cam_pro *
cisco cloudcenter_suite_admin *
cisco finesse 12.5(1)
cisco connected_analytics_for_network_deployment 007.000.001
siemens siguard_dsa 4.3
cisco cloudcenter_suite 5.3(0)
siemens industrial_edge_management *
cisco connected_mobile_experiences -
cisco wan_automation_engine 7.2.3
cisco unified_communications_manager 11.5(1)
cisco virtualized_voice_browser *
cisco video_surveillance_manager 7.14(4.018)
cisco smart_phy 3.2.1
cisco common_services_platform_collector 002.009(001.001)
cisco network_dashboard_fabric_controller 11.5(3)
cisco ucs_central_software 2.0(1g)
cisco identity_services_engine 002.007(000.356)
siemens spectrum_power_7 *
cisco crosswork_platform_infrastructure 4.1.0
apache log4j 2.0
siemens siveillance_vantage *
cisco unified_contact_center_express *
cisco unified_customer_voice_portal 12.6(1)
cisco video_surveillance_manager 7.14(1.26)
cisco network_services_orchestrator -
cisco paging_server *
cisco emergency_responder 11.5(4.66000.14)
cisco fog_director -
cisco wan_automation_engine 7.4
cisco network_services_orchestrator *
siemens siveillance_command *
cisco paging_server 8.5(1)
siemens solid_edge_harness_design 2020
cisco integrated_management_controller_supervisor 002.003(002.000)
cisco network_dashboard_fabric_controller 11.1(1)
cisco integrated_management_controller_supervisor 2.3.2.0
cisco unity_connection 11.5
cisco crosswork_platform_infrastructure *
cisco optical_network_controller *
siemens desigo_cc_info_center 5.0
cisco video_surveillance_manager 7.14(2.26)
siemens energyip 8.7
cisco unified_communications_manager_im_&_presence_service 11.5(1)
siemens vesys 2020.1
siemens head-end_system_universal_device_integration_system *
siemens xpedition_enterprise -
siemens energyip_prepay *
cisco unified_contact_center_enterprise 11.6(2)
cisco unified_computing_system 006.008(001.000)
siemens desigo_cc_advanced_reports 4.1
cisco unified_communications_manager 11.5(1.22900.28)
cisco evolved_programmable_network_manager 4.0
siemens xpedition_package_integrator -
netapp solidfire_&_hci_storage_node -
siemens sentron_powermanager 4.1
cisco ucs_central_software 2.0(1l)
debian debian_linux 10.0
cisco customer_experience_cloud_agent *
cisco advanced_malware_protection_virtual_private_cloud_appliance *
cisco webex_meetings_server 4.0
netapp cloud_insights -
cisco crosswork_network_automation 4.1.1
cisco broadworks *
cisco cloudcenter_suite 5.5(0)
cisco identity_services_engine 2.4.0
intel system_debugger -
cisco network_dashboard_fabric_controller 11.2(1)
cisco unified_customer_voice_portal 11.6
cisco connected_analytics_for_network_deployment 007.001.000
cisco fxos 7.0.0
cisco crosswork_network_controller 3.0.0
siemens 6bk1602-0aa32-0tp0_firmware *
cisco network_dashboard_fabric_controller 11.4(1)
cisco network_insights_for_data_center 6.0(2.1914)
cisco unified_contact_center_enterprise 12.6(2)
siemens gma-manager *
cisco virtualized_infrastructure_manager *
cisco unified_communications_manager 11.5(1.18119.2)
siemens navigator *
cisco network_assurance_engine 6.0(2.1912)
cisco unified_sip_proxy 010.002(000)
siemens e-car_operation_center *
cisco nexus_insights *
cisco crosswork_zero_touch_provisioning 3.0.0
siemens nx *
cisco paging_server 9.0(1)
cisco cloudcenter_suite 4.10.0.15
siemens spectrum_power_4 4.70
cisco dna_spaces:_connector *
cisco unified_intelligence_center 12.6(2)
netapp cloud_secure_agent -
cisco smart_phy *
cisco ucs_central_software 2.0(1b)
siemens energyip_prepay 3.7
cisco ucs_central_software 2.0(1a)
cisco unified_contact_center_express 12.6(1)
siemens teamcenter *
cisco unified_customer_voice_portal 12.0(1)
cisco dna_center 2.2.2.8
cisco firepower_threat_defense 6.2.3
cisco fxos 6.3.0
siemens 6bk1602-0aa52-0tp0_firmware *
cisco connected_analytics_for_network_deployment 007.003.001.001
cisco enterprise_chat_and_email 12.5(1)
cisco unity_connection 11.5(1.10000.6)
siemens siveillance_viewpoint *
cisco sd-wan_vmanage 20.5
cisco workload_optimization_manager *
cisco fxos 6.4.0
cisco video_surveillance_manager 7.14(3.025)
cisco unified_communications_manager 11.5(1.17900.52)
netapp cloud_manager -
cisco cloud_connect *
cisco firepower_threat_defense 6.4.0
cisco sd-wan_vmanage 20.4
siemens siguard_dsa *
cisco identity_services_engine *
cisco crosswork_data_gateway 3.0.0
intel computer_vision_annotation_tool -
cisco paging_server 14.0(1)
CVE-2021-44430 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44431 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14841)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44432 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44433 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44434 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44435 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44436 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14905)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44437 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14906)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44438 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14907)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44439 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14908)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44440 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14912)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44441 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44442 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44443 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15039)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44444 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44445 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44446 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44447 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44448 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14843, ZDI-CAN-15051)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44449 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44450 MEDIUM

A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2021-44478 MEDIUM

A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens polarion_alm *
siemens polarion_alm 21.0
siemens polarion_subversion_webclient *
CVE-2021-44522 MEDIUM

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
siemens sipass_integrated 2.85
siemens sipass_integrated 2.76
siemens sipass_integrated 2.80
siemens siveillance_identity 1.5
siemens siveillance_identity *
CVE-2021-44523 MEDIUM

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
siemens sipass_integrated 2.85
siemens sipass_integrated 2.76
siemens sipass_integrated 2.80
siemens siveillance_identity 1.5
siemens siveillance_identity *
CVE-2021-44524 HIGH

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-668,CWE-287,

Products Affected

Vendor Product Version
siemens sipass_integrated 2.85
siemens sipass_integrated 2.76
siemens sipass_integrated 2.80
siemens siveillance_identity 1.5
siemens siveillance_identity *
CVE-2021-44693

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_1511f-1_firmware *
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware -
siemens simatic_s7-1200_cpu_12_1217c_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware *
siemens simatic_s7-1500_cpu_1518_firmware *
siemens simatic_s7-1500_cpu_1510sp_firmware *
siemens simatic_s7-1500_cpu_1507s_f_firmware *
siemens simatic_s7-1500_cpu_1516f-3_firmware *
siemens simatic_s7-1500_cpu_1508s_f_firmware *
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware *
siemens tim_1531_irc_firmware -
siemens simatic_s7-1500_cpu_1512sp-1_firmware *
siemens siplus_s7-300_cpu_314_firmware -
siemens simatic_s7-1200_cpu_12_1212c_firmware *
siemens siplus_tim_1531_irc_firmware -
siemens simatic_s7-1500_cpu_1518f-4_firmware *
siemens simatic_s7-1500_cpu_1513r-1_firmware *
siemens simatic_s7-1500_cpu_1515r-2_firmware *
siemens simatic_s7-1500_cpu_1516pro-2_firmware *
siemens simatic_s7-1500_cpu_1513-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511t-1_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1500_cpu_1511c_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware *
siemens simatic_s7-1500_cpu_151511f-1_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_firmware *
siemens simatic_s7-1500_cpu_1511c-1_firmware *
siemens simatic_s7-1500_cpu_1516pro_f_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware *
siemens simatic_s7-1500_cpu_1517-3_firmware *
siemens simatic_s7-1500_cpu_1511-1_firmware *
siemens simatic_s7-1200_cpu_12_1212fc_firmware *
siemens simatic_s7-1500_cpu_1507s_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens simatic_s7-1200_cpu_12_1215fc_firmware *
siemens simatic_s7-1500_cpu_1518-4_dp_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens simatic_s7-1500_software_controller_firmware -
siemens simatic_s7-1500_cpu_1513f-1_firmware *
siemens simatic_s7-1500_cpu_15prof-2_firmware *
siemens simatic_s7-1500_cpu_15pro-2_firmware *
siemens simatic_s7-1500_cpu_1518t-4_firmware *
siemens simatic_s7-1500_cpu_1517-3_dp_firmware *
siemens simatic_s7-1200_cpu_1215fc_firmware *
siemens simatic_s7-1200_cpu_12_1214fc_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_firmware *
siemens simatic_s7-1500_cpu_cpu_1513prof-2_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_firmware *
siemens simatic_s7-1500_cpu_1516-3_dp_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware *
siemens siplus_s7-300_cpu_315-2_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1517f-3_firmware *
siemens simatic_s7-1500_cpu_1516-3_firmware *
siemens simatic_s7-1500_cpu_1508s_firmware *
siemens siplus_s7-300_cpu_317-2_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1516-3_pn_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
siemens simatic_s7-1200_cpu_1215_fc_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1500_cpu_151511c-1_firmware *
siemens simatic_s7-1200_cpu_12_1215c_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens simatic_s7-1200_cpu_12_1211c_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_firmware *
siemens simatic_s7-1500_cpu_1512c-1_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens simatic_s7-1200_cpu_1214fc_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens siplus_s7-300_cpu_315-2_dp_firmware -
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1515-2_firmware *
siemens simatic_s7-1500_cpu_1512c_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_cpu_1513pro-2_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn_firmware *
siemens simatic_s7-1500_cpu_1512spf-1_firmware *
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_s7-1200_cpu_12_1214c_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1500_cpu_1518-4_firmware *
siemens simatic_s7-1500_cpu_1515-2_pn_firmware *
CVE-2021-44694

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_1517-3_dp_firmware *
siemens simatic_s7-1200_cpu_1215fc_firmware *
siemens simatic_s7-1500_cpu_1511f-1_firmware *
siemens simatic_s7-1200_cpu_12_1214fc_firmware *
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_firmware *
siemens simatic_s7-1500_cpu_cpu_1513prof-2_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_firmware *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware -
siemens simatic_s7-1200_cpu_12_1217c_firmware *
siemens simatic_s7-1500_cpu_1516-3_dp_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware *
siemens simatic_s7-1500_cpu_1518_firmware *
siemens simatic_s7-1500_cpu_1510sp_firmware *
siemens simatic_s7-1500_cpu_1507s_f_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware *
siemens simatic_s7-1500_cpu_1516f-3_firmware *
siemens simatic_s7-1500_cpu_1517f-3_firmware *
siemens simatic_s7-1500_cpu_1516-3_firmware *
siemens simatic_s7-1500_cpu_1508s_f_firmware *
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1508s_firmware *
siemens tim_1531_irc_firmware -
siemens simatic_s7-1500_cpu_1512sp-1_firmware *
siemens simatic_s7-1200_cpu_12_1212c_firmware *
siemens siplus_tim_1531_irc_firmware -
siemens simatic_s7-1500_cpu_1516-3_pn_firmware *
siemens simatic_s7-1500_cpu_1518f-4_firmware *
siemens simatic_s7-1500_cpu_1513r-1_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
siemens simatic_s7-1200_cpu_1215_fc_firmware *
siemens simatic_s7-1500_cpu_1515r-2_firmware *
siemens simatic_s7-1500_cpu_1516pro-2_firmware *
siemens simatic_s7-1500_cpu_1513-1_pn_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1500_cpu_151511c-1_firmware *
siemens simatic_s7-1500_cpu_1511t-1_firmware *
siemens simatic_s7-1200_cpu_12_1215c_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens simatic_s7-1200_cpu_12_1211c_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_firmware *
siemens simatic_s7-1500_cpu_1512c-1_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens simatic_s7-1200_cpu_1214fc_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1500_cpu_1511c_firmware *
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware *
siemens simatic_s7-1500_cpu_1515-2_firmware *
siemens simatic_s7-1500_cpu_151511f-1_firmware *
siemens simatic_s7-1500_cpu_1512c_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_firmware *
siemens simatic_s7-1500_cpu_1511c-1_firmware *
siemens simatic_s7-1500_cpu_1516pro_f_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_cpu_1513pro-2_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware *
siemens simatic_s7-1500_cpu_1517-3_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn_firmware *
siemens simatic_s7-1500_cpu_1512spf-1_firmware *
siemens simatic_s7-1500_cpu_1511-1_firmware *
siemens simatic_s7-1200_cpu_12_1212fc_firmware *
siemens simatic_s7-1500_cpu_1507s_firmware *
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_s7-1200_cpu_12_1215fc_firmware *
siemens simatic_s7-1500_cpu_1518-4_dp_firmware *
siemens simatic_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens simatic_s7-1200_cpu_12_1214c_firmware *
siemens simatic_s7-1500_software_controller_firmware -
siemens simatic_s7-1500_cpu_1513f-1_firmware *
siemens simatic_s7-1500_cpu_15prof-2_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1500_cpu_15pro-2_firmware *
siemens simatic_s7-1500_cpu_1518-4_firmware *
siemens simatic_s7-1500_cpu_1515-2_pn_firmware *
siemens simatic_s7-1500_cpu_1518t-4_firmware *
CVE-2021-44695

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_1511f-1_firmware *
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens simatic_s7-1200_cpu_1214_fc_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware -
siemens simatic_s7-1200_cpu_12_1217c_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware *
siemens simatic_s7-1500_cpu_1518_firmware *
siemens simatic_s7-1500_cpu_1510sp_firmware *
siemens simatic_s7-1500_cpu_1507s_f_firmware *
siemens simatic_s7-1500_cpu_1516f-3_firmware *
siemens simatic_s7-1500_cpu_1508s_f_firmware *
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware *
siemens tim_1531_irc_firmware -
siemens simatic_s7-1500_cpu_1512sp-1_firmware *
siemens siplus_s7-300_cpu_314_firmware -
siemens simatic_s7-1200_cpu_12_1212c_firmware *
siemens siplus_tim_1531_irc_firmware -
siemens simatic_s7-1500_cpu_1518f-4_firmware *
siemens simatic_s7-1500_cpu_1513r-1_firmware *
siemens simatic_s7-1500_cpu_1515r-2_firmware *
siemens simatic_s7-1500_cpu_1516pro-2_firmware *
siemens simatic_s7-1500_cpu_1513-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511t-1_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens simatic_s7-1200_cpu_1214c_firmware *
siemens simatic_s7-1500_cpu_1511c_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware *
siemens simatic_s7-1500_cpu_151511f-1_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_firmware *
siemens simatic_s7-1500_cpu_1511c-1_firmware *
siemens simatic_s7-1500_cpu_1516pro_f_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware *
siemens simatic_s7-1500_cpu_1517-3_firmware *
siemens simatic_s7-1500_cpu_1511-1_firmware *
siemens simatic_s7-1200_cpu_12_1212fc_firmware *
siemens simatic_s7-1500_cpu_1507s_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens simatic_s7-1200_cpu_12_1215fc_firmware *
siemens simatic_s7-1500_cpu_1518-4_dp_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens simatic_s7-1500_software_controller_firmware -
siemens simatic_s7-1500_cpu_1513f-1_firmware *
siemens simatic_s7-1500_cpu_15prof-2_firmware *
siemens simatic_s7-1500_cpu_15pro-2_firmware *
siemens simatic_s7-1500_cpu_1518t-4_firmware *
siemens simatic_s7-1500_cpu_1517-3_dp_firmware *
siemens simatic_s7-1200_cpu_1215fc_firmware *
siemens simatic_s7-1200_cpu_12_1214fc_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_firmware *
siemens simatic_s7-1500_cpu_cpu_1513prof-2_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_firmware *
siemens simatic_s7-1500_cpu_1516-3_dp_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware *
siemens siplus_s7-300_cpu_315-2_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1517f-3_firmware *
siemens simatic_s7-1500_cpu_1516-3_firmware *
siemens simatic_s7-1500_cpu_1508s_firmware *
siemens siplus_s7-300_cpu_317-2_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1516-3_pn_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
siemens simatic_s7-1200_cpu_1215_fc_firmware *
siemens simatic_s7-1200_cpu_1212fc_firmware *
siemens simatic_s7-1500_cpu_151511c-1_firmware *
siemens simatic_s7-1200_cpu_12_1215c_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens simatic_s7-1200_cpu_12_1211c_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_firmware *
siemens simatic_s7-1500_cpu_1512c-1_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens simatic_s7-1200_cpu_1214fc_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens siplus_s7-300_cpu_315-2_dp_firmware -
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1515-2_firmware *
siemens simatic_s7-1500_cpu_1512c_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_cpu_1513pro-2_firmware *
siemens simatic_s7-1200_cpu_1211c_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn_firmware *
siemens simatic_s7-1500_cpu_1512spf-1_firmware *
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware *
siemens simatic_s7-1200_cpu_1217c_firmware *
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_s7-1200_cpu_12_1214c_firmware *
siemens simatic_s7-1200_cpu_1212c_firmware *
siemens simatic_s7-1500_cpu_1518-4_firmware *
siemens simatic_s7-1500_cpu_1515-2_pn_firmware *
CVE-2021-45033 HIGH

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
siemens cp-8022_master_module_with_gprs_firmware *
siemens cp-8000_master_module_with_i/o_-40/+70_firmware *
siemens cp-8000_master_module_with_i/o_-25/+70_firmware *
siemens cp-8021_master_module_firmware *
CVE-2021-45034 MEDIUM

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-532,

Products Affected

Vendor Product Version
siemens cp-8022_master_module_with_gprs_firmware *
siemens cp-8000_master_module_with_i/o_-40/+70_firmware *
siemens cp-8000_master_module_with_i/o_-25/+70_firmware *
siemens cp-8021_master_module_firmware *
CVE-2021-45046 MEDIUM

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-917,CWE-917,

Products Affected

Vendor Product Version
siemens energyip 8.6
siemens head-end_system_universal_device_integration_system *
siemens xpedition_enterprise -
siemens spectrum_power_7 2.30
siemens desigo_cc_info_center 5.1
siemens desigo_cc_advanced_reports 4.1
siemens xpedition_package_integrator -
siemens sentron_powermanager 4.1
siemens sentron_powermanager 4.2
intel genomics_kernel_library -
debian debian_linux 10.0
siemens operation_scheduler *
intel audio_development_kit -
siemens energyip 9.0
siemens mendix *
siemens captial *
intel system_debugger -
siemens captial 2019.1
siemens logo!_soft_comfort *
siemens comos *
siemens siveillance_control_pro *
siemens desigo_cc_advanced_reports 5.0
siemens 6bk1602-0aa12-0tp0_firmware *
siemens desigo_cc_advanced_reports 4.2
siemens energyip 8.5
siemens solid_edge_harness_design *
siemens 6bk1602-0aa32-0tp0_firmware *
siemens spectrum_power_4 *
sonicwall email_security *
siemens sipass_integrated 2.85
siemens gma-manager *
siemens 6bk1602-0aa22-0tp0_firmware *
fedoraproject fedora 35
siemens opcenter_intelligence *
apache log4j *
siemens navigator *
intel system_studio -
siemens vesys *
siemens e-car_operation_center *
siemens 6bk1602-0aa42-0tp0_firmware *
siemens nx *
siemens solid_edge_cam_pro *
siemens spectrum_power_4 4.70
debian debian_linux 11.0
siemens siguard_dsa 4.3
siemens energy_engage 3.1
siemens siguard_dsa 4.4
siemens desigo_cc_advanced_reports 5.1
siemens industrial_edge_management *
siemens desigo_cc_advanced_reports 4.0
siemens energyip_prepay 3.7
siemens tracealertserverplus *
siemens teamcenter *
intel sensor_solution_firmware_development_kit -
siemens sipass_integrated 2.80
siemens industrial_edge_management_hub *
intel oneapi -
intel secure_device_onboard -
siemens siveillance_identity 1.5
siemens energyip_prepay 3.8
fedoraproject fedora 34
siemens spectrum_power_7 *
siemens 6bk1602-0aa52-0tp0_firmware *
apache log4j 2.0
siemens vesys 2019.1
siemens siveillance_vantage *
siemens mindsphere *
siemens siveillance_viewpoint *
siemens siveillance_command *
siemens solid_edge_harness_design 2020
intel datacenter_manager -
siemens sppa-t3000_ses3000_firmware *
intel computer_vision_annotation_tool -
siemens desigo_cc_info_center 5.0
siemens siveillance_identity 1.6
siemens energyip 8.7
siemens siguard_dsa 4.2
CVE-2021-45106 MEDIUM

A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
siemens sicam_toolbox_ii -
CVE-2021-45117 MEDIUM

The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
siemens sitop_manager -
siemens simatic_net_pc 15
opcfoundation ua-nodeset *
siemens simatic_net_pc 17
siemens simatic_net_pc 14
siemens telecontrol_server_basic 3.0
siemens simatic_net_pc 16
CVE-2021-45460 MEDIUM

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
siemens sicam_pq_analyzer_firmware *
CVE-2021-45960 HIGH

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-682,CWE-682,

Products Affected

Vendor Product Version
netapp hci_baseboard_management_controller h610c
tenable nessus *
netapp solidfire_&_hci_management_node -
debian debian_linux 11.0
siemens sinema_remote_connect_server *
netapp hci_baseboard_management_controller h610s
netapp hci_baseboard_management_controller h615c
netapp oncommand_workflow_automation -
libexpat_project libexpat *
debian debian_linux 10.0
netapp active_iq_unified_manager -
CVE-2021-46143 MEDIUM

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
netapp hci_baseboard_management_controller h610c
tenable nessus *
netapp solidfire_&_hci_management_node -
siemens sinema_remote_connect_server *
netapp clustered_data_ontap -
netapp hci_baseboard_management_controller h610s
netapp hci_baseboard_management_controller h615c
netapp oncommand_workflow_automation -
libexpat_project libexpat *
netapp active_iq_unified_manager -
CVE-2021-46151 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46152 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-843,CWE-843,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46153 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46154 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46155 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46156 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14684)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46157 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46158 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-1284,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46159 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46160 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46161 MEDIUM

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15302)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap 2020.2
siemens simcenter_femap 2021.1
CVE-2021-46162 MEDIUM

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2021-46304

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens cp-8022_master_module_with_gprs_firmware *
siemens cp-8000_master_module_with_i/o_-40/+70_firmware *
siemens cp-8000_master_module_with_i/o_-25/+70_firmware *
siemens cp-8021_master_module_firmware *
CVE-2021-46699 MEDIUM

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2022-0155 MEDIUM

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-359,

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
follow-redirects_project follow-redirects *
siemens sinec_ins *
CVE-2022-0235 MEDIUM

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-601,

Products Affected

Vendor Product Version
node-fetch_project node-fetch *
siemens sinec_ins 1.0
siemens sinec_ins *
debian debian_linux 10.0
CVE-2022-0396 MEDIUM

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
netapp baseboard_management_controller_h700s_firmware -
netapp baseboard_management_controller_h500s_firmware -
netapp baseboard_management_controller_h500e_firmware -
netapp h500s_firmware -
siemens sinec_ins *
netapp baseboard_management_controller_h300e_firmware -
netapp h700s_firmware -
netapp h410c_firmware -
netapp h300e_firmware -
netapp baseboard_management_controller_h300s_firmware -
fedoraproject fedora 35
netapp h300s_firmware -
fedoraproject fedora 36
siemens sinec_ins 1.0
netapp h500e_firmware -
netapp h700e_firmware -
netapp baseboard_management_controller_h410s_firmware -
netapp baseboard_management_controller_h410c_firmware -
fedoraproject fedora 34
netapp h410s_firmware -
isc bind *
netapp baseboard_management_controller_h700e_firmware -
CVE-2022-0847 HIGH

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-665,CWE-665,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
linux linux_kernel *
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_for_real_time_for_nfv_tus 8.2
netapp h700s_firmware -
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
redhat enterprise_linux_for_real_time 8
redhat enterprise_linux_for_real_time_for_nfv_tus 8.4
netapp h500e_firmware -
netapp h700e_firmware -
ovirt ovirt-engine 4.4.10.2
netapp h410s_firmware -
redhat enterprise_linux 8.0
sonicwall sma1000_firmware *
redhat enterprise_linux_for_real_time_for_nfv 8
siemens scalance_lpe9403_firmware *
redhat enterprise_linux_eus 8.2
netapp h500s_firmware -
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat virtualization_host 4.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
netapp h410c_firmware -
netapp h300e_firmware -
redhat enterprise_linux_server_aus 8.4
redhat codeready_linux_builder -
redhat enterprise_linux_for_real_time_tus 8.2
fedoraproject fedora 35
netapp h300s_firmware -
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_for_real_time_tus 8.4
CVE-2022-1292 HIGH

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
netapp solidfire_&_hci_management_node -
debian debian_linux 11.0
netapp snapmanager -
debian debian_linux 10.0
netapp h700s_firmware -
netapp fas_8300_firmware -
oracle enterprise_manager_ops_center 12.4.0.0
netapp fabric-attached_storage_a400_firmware -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
netapp a250_firmware -
netapp aff_8300_firmware -
netapp h500e_firmware -
netapp oncommand_workflow_automation -
netapp fas_8700_firmware -
netapp clustered_data_ontap_antivirus_connector -
oracle mysql_workbench *
netapp h700e_firmware -
netapp oncommand_insight -
netapp h410s_firmware -
netapp fas_500f_firmware -
netapp h500s_firmware -
debian debian_linux 9.0
netapp active_iq_unified_manager -
netapp h300e_firmware -
siemens brownfield_connectivity_gateway *
netapp a700s_firmware -
fedoraproject fedora 35
netapp h300s_firmware -
fedoraproject fedora 36
netapp snapcenter -
netapp aff_500f_firmware -
openssl openssl *
netapp clustered_data_ontap -
netapp aff_a400_firmware -
oracle mysql_server *
netapp aff_8700_firmware -
netapp smi-s_provider -
netapp santricity_smi-s_provider -
CVE-2022-2068 HIGH

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
debian debian_linux 11.0
netapp bootstrap_os -
siemens sinec_ins *
netapp ontap_select_deploy_administration_utility -
netapp snapmanager -
debian debian_linux 10.0
netapp h700s_firmware -
netapp fas_8300_firmware -
netapp h610c_firmware -
netapp fas_a400_firmware -
netapp solidfire -
netapp aff_8300_firmware -
siemens sinec_ins 1.0
netapp fas_8700_firmware -
netapp element_software -
netapp h410s_firmware -
netapp h500s_firmware -
broadcom sannav -
netapp h410c_firmware -
fedoraproject fedora 35
netapp h300s_firmware -
fedoraproject fedora 36
openssl openssl *
netapp aff_a400_firmware -
netapp h610s_firmware -
netapp ontap_antivirus_connector -
netapp aff_8700_firmware -
netapp hci_management_node -
netapp smi-s_provider -
netapp santricity_smi-s_provider -
netapp h615c_firmware -
CVE-2022-2069

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-2097 MEDIUM

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
netapp h500s_firmware -
debian debian_linux 11.0
siemens sinec_ins *
debian debian_linux 10.0
netapp h700s_firmware -
netapp active_iq_unified_manager -
netapp h410c_firmware -
fedoraproject fedora 35
netapp h300s_firmware -
fedoraproject fedora 36
openssl openssl *
siemens sinec_ins 1.0
netapp clustered_data_ontap_antivirus_connector -
netapp h410s_firmware -
CVE-2022-22822 HIGH

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
tenable nessus *
debian debian_linux 11.0
siemens sinema_remote_connect_server *
libexpat_project libexpat *
debian debian_linux 10.0
CVE-2022-22823 HIGH

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
tenable nessus *
debian debian_linux 11.0
siemens sinema_remote_connect_server *
libexpat_project libexpat *
debian debian_linux 10.0
CVE-2022-22824 HIGH

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
tenable nessus *
debian debian_linux 11.0
siemens sinema_remote_connect_server *
libexpat_project libexpat *
debian debian_linux 10.0
CVE-2022-22825 MEDIUM

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
tenable nessus *
debian debian_linux 11.0
siemens sinema_remote_connect_server *
libexpat_project libexpat *
debian debian_linux 10.0
CVE-2022-22826 MEDIUM

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
tenable nessus *
debian debian_linux 11.0
siemens sinema_remote_connect_server *
libexpat_project libexpat *
debian debian_linux 10.0
CVE-2022-22827 MEDIUM

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
tenable nessus *
debian debian_linux 11.0
siemens sinema_remote_connect_server *
libexpat_project libexpat *
debian debian_linux 10.0
CVE-2022-22965 HIGH

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
veritas netbackup_appliance 4.0.0.1
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle financial_services_behavior_detection_platform 8.1.1.1
oracle communications_unified_inventory_management 7.4.1
oracle retail_integration_bus 19.0.1
oracle retail_integration_bus 15.0.3.1
oracle retail_merchandising_system 16.0.3
veritas netbackup_appliance 4.0
siemens operation_scheduler *
oracle financial_services_enterprise_case_management 8.1.2.0
veritas flex_appliance 2.1
oracle product_lifecycle_analytics 3.6.1
veritas access_appliance 7.4.3.100
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle communications_cloud_native_core_policy 1.15.0
oracle financial_services_enterprise_case_management 8.1.1.1
veritas flex_appliance 2.0.1
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
cisco cx_cloud_agent *
vmware spring_framework *
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_cloud_native_core_policy 22.1.0
oracle retail_integration_bus 16.0.3
siemens sipass_integrated 2.85
veritas netbackup_appliance 4.1.0.1
veritas access_appliance 7.4.3.200
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
veritas access_appliance 7.4.3
veritas netbackup_virtual_appliance 4.0.0.1
oracle communications_cloud_native_core_network_slice_selection_function 1.15.0
oracle mysql_enterprise_monitor *
siemens sinec_network_management_system *
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle financial_services_analytical_applications_infrastructure 8.1.1
oracle communications_unified_inventory_management 7.4.2
oracle retail_xstore_point_of_service 20.0.1
oracle communications_cloud_native_core_network_repository_function 22.1.0
oracle communications_policy_management 12.6.0.0.0
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1
veritas netbackup_virtual_appliance 4.1.0.1
oracle weblogic_server 14.1.1.0.0
oracle retail_financial_integration 19.0.1
oracle financial_services_enterprise_case_management 8.1.1.0
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle communications_cloud_native_core_network_exposure_function 22.1.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.0
oracle retail_financial_integration 14.1.3.2
oracle weblogic_server 12.2.1.4.0
oracle sd-wan_edge 9.1
oracle communications_cloud_native_core_console 22.1.0
oracle communications_cloud_native_core_console 1.9.0
oracle financial_services_behavior_detection_platform 8.1.1.0
siemens sipass_integrated 2.80
siemens siveillance_identity 1.5
oracle retail_customer_management_and_segmentation_foundation 18.0
siemens simatic_speech_assistant_for_machines *
oracle retail_xstore_point_of_service 21.0.0
veritas netbackup_flex_scale_appliance 3.0
veritas flex_appliance 2.0.2
oracle communications_unified_inventory_management 7.5.0
oracle sd-wan_edge 9.0
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_automated_test_suite 22.1.0
oracle commerce_platform 11.3.2
oracle retail_financial_integration 15.0.3.1
oracle financial_services_behavior_detection_platform 8.1.2.0
veritas netbackup_flex_scale_appliance 2.1
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
veritas netbackup_virtual_appliance 4.1
oracle retail_integration_bus 14.1.3.2
oracle weblogic_server 12.2.1.3.0
oracle retail_merchandising_system 19.0.1
veritas flex_appliance 2.0
oracle retail_bulk_data_integration 16.0.3
oracle retail_financial_integration 16.0.3
oracle communications_cloud_native_core_unified_data_repository 22.1.0
veritas netbackup_virtual_appliance 4.0
oracle retail_customer_management_and_segmentation_foundation 17.0
siemens siveillance_identity 1.6
CVE-2022-23102 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-23312 MEDIUM

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens spectrum_power_4 4.70
siemens spectrum_power_4 *
CVE-2022-23448 HIGH

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
siemens simatic_energy_manager_pro *
siemens simatic_energy_manager_basic 7.3
siemens simatic_energy_manager_basic *
siemens simatic_energy_manager_pro 7.3
CVE-2022-23449 MEDIUM

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
siemens simatic_energy_manager_pro *
siemens simatic_energy_manager_basic 7.3
siemens simatic_energy_manager_basic *
siemens simatic_energy_manager_pro 7.3
CVE-2022-23450 HIGH

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
siemens simatic_energy_manager_pro *
siemens simatic_energy_manager_basic 7.3
siemens simatic_energy_manager_basic *
siemens simatic_energy_manager_pro 7.3
CVE-2022-23852 HIGH

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
tenable nessus *
siemens sinema_remote_connect_server *
oracle communications_metasolv_solution 6.3.1
debian debian_linux 9.0
netapp clustered_data_ontap -
netapp oncommand_workflow_automation -
libexpat_project libexpat *
CVE-2022-23990 MEDIUM

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
tenable nessus *
debian debian_linux 11.0
fedoraproject fedora 35
siemens sinema_remote_connect_server *
oracle communications_metasolv_solution 6.3.1
libexpat_project libexpat *
debian debian_linux 10.0
fedoraproject fedora 34
CVE-2022-24039 HIGH

A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The “addCell” JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator’s workstation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-75,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens desigo_pxc4_firmware *
siemens desigo_pxc5_firmware *
CVE-2022-24040 MEDIUM

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens desigo_dxr2_firmware *
siemens desigo_pxc4_firmware *
siemens desigo_pxc5_firmware *
siemens desigo_pxc3_firmware *
CVE-2022-24041 MEDIUM

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-916,CWE-916,

Products Affected

Vendor Product Version
siemens desigo_dxr2_firmware *
siemens desigo_pxc4_firmware *
siemens desigo_pxc5_firmware *
siemens desigo_pxc3_firmware *
CVE-2022-24042 MEDIUM

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,CWE-613,

Products Affected

Vendor Product Version
siemens desigo_dxr2_firmware *
siemens desigo_pxc4_firmware *
siemens desigo_pxc5_firmware *
siemens desigo_pxc3_firmware *
CVE-2022-24043 MEDIUM

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
siemens desigo_dxr2_firmware *
siemens desigo_pxc4_firmware *
siemens desigo_pxc5_firmware *
siemens desigo_pxc3_firmware *
CVE-2022-24044 MEDIUM

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
siemens desigo_dxr2_firmware *
siemens desigo_pxc4_firmware *
siemens desigo_pxc5_firmware *
siemens desigo_pxc3_firmware *
CVE-2022-24045 MEDIUM

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-614,CWE-311,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens desigo_dxr2_firmware *
siemens desigo_pxc4_firmware *
siemens desigo_pxc5_firmware *
siemens desigo_pxc3_firmware *
CVE-2022-24281 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
siemens sinec_network_management_system *
CVE-2022-24282 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
siemens sinec_network_management_system *
CVE-2022-24287 MEDIUM

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1188,CWE-1188,

Products Affected

Vendor Product Version
siemens simatic_wincc 7.5
siemens simatic_wincc_runtime_professional 17
siemens simatic_wincc *
siemens simatic_pcs_7 9.1
siemens simatic_wincc_runtime_professional *
siemens simatic_pcs_7 *
CVE-2022-24290 MEDIUM

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens teamcenter *
siemens teamcenter 14.0
CVE-2022-24408 HIGH

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
siemens sinumerik_mc_firmware 1.15
siemens sinumerik_mc_firmware *
siemens sinumerik_one_firmware 6.15
siemens sinumerik_one_firmware *
CVE-2022-24661 MEDIUM

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_star-ccm+_viewer *
CVE-2022-25235 HIGH

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-116,CWE-116,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 11.0
fedoraproject fedora 35
siemens sinema_remote_connect_server *
oracle http_server 12.2.1.4.0
libexpat_project libexpat *
debian debian_linux 10.0
fedoraproject fedora 34
CVE-2022-25236 HIGH

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-668,CWE-668,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 11.0
siemens sinema_remote_connect_server *
oracle http_server 12.2.1.4.0
libexpat_project libexpat *
debian debian_linux 10.0
CVE-2022-25311 MEDIUM

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_server 14.0
siemens sinec_network_management_system *
CVE-2022-25313 MEDIUM

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,CWE-674,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 11.0
fedoraproject fedora 35
siemens sinema_remote_connect_server *
oracle http_server 12.2.1.4.0
libexpat_project libexpat *
debian debian_linux 10.0
fedoraproject fedora 34
CVE-2022-25314 MEDIUM

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 11.0
fedoraproject fedora 35
siemens sinema_remote_connect_server *
oracle http_server 12.2.1.4.0
libexpat_project libexpat *
debian debian_linux 10.0
fedoraproject fedora 34
CVE-2022-25315 HIGH

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
oracle zfs_storage_appliance_kit 8.8
debian debian_linux 11.0
fedoraproject fedora 35
siemens sinema_remote_connect_server *
oracle http_server 12.2.1.4.0
libexpat_project libexpat *
debian debian_linux 10.0
fedoraproject fedora 34
CVE-2022-25622 MEDIUM

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_firmware *
siemens simatic_cfu_pa_firmware *
siemens simatic_tdc_cp51m1_firmware *
siemens simit_simulation_platform *
siemens simatic_s7-410_v8_firmware *
siemens simatic_tdc_cpu555_firmware *
siemens simatic_s7-400h_v6_firmware *
siemens simatic_s7-400_pn/dp_v7_firmware *
siemens simatic_s7-300_cpu_firmware *
siemens simatic_cfu_diq_firmware *
siemens simatic_winac_rtx_firmware *
siemens simatic_s7-410_v10_firmware *
CVE-2022-25751 HIGH

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-25752 HIGH

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-25753 MEDIUM

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-25754 MEDIUM

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-25755 MEDIUM

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-25756 MEDIUM

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-26334 HIGH

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-26335 HIGH

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-26380 HIGH

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens scalance_x307-2eec_firmware *
siemens scalance_x304-2fe_firmware *
siemens scalance_x308-2lh_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens siplus_net_scalance_x308-2_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_x320-1-2ldfe_firmware *
siemens scalance_x308-2ld_firmware *
siemens scalance_x310fe_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_x306-1ldfe_firmware *
siemens scalance_x307-3_firmware *
siemens scalance_x308-2m_poe_firmware -
siemens scalance_x307-3ld_firmware *
siemens scalance_x308-2lh+_firmware *
siemens scalance_x310_firmware *
siemens scalance_x308-2m_ts_firmware *
siemens scalance_x302-7eec_firmware *
siemens scalance_x308-2_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_x320-1fe_firmware *
siemens scalance_x308-2m_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_x408-2_firmware *
CVE-2022-26476 MEDIUM

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
siemens spectrum_power_7 -
siemens spectrum_power_microgrid_management_system -
siemens spectrum_power_4 -
CVE-2022-26647 HIGH

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
siemens scalance_x204-2ld_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x204-2fm_firmware *
siemens scalance_x212-2ld_firmware *
siemens scalance_x200-4p_irt_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x208_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x212-2_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_xf204_firmware *
siemens scalance_x204-2ts_firmware *
siemens scalance_x204irt_pro_firmware *
siemens scalance_x206-1ld_firmware *
siemens scalance_xf208_firmware *
siemens scalance_x202-2p_irt_firmware *
siemens scalance_x208_pro_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_x224_firmware *
siemens scalance_x204-2_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x204-2ld_ts_firmware *
siemens scalance_x216_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x206-1_firmware *
CVE-2022-26648 HIGH

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H 2.3 5.3
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
siemens scalance_x204-2ld_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x204-2fm_firmware *
siemens scalance_x212-2ld_firmware *
siemens scalance_x200-4p_irt_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x208_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x212-2_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_xf204_firmware *
siemens scalance_x204-2ts_firmware *
siemens scalance_x204irt_pro_firmware *
siemens scalance_x206-1ld_firmware *
siemens scalance_xf208_firmware *
siemens scalance_x202-2p_irt_firmware *
siemens scalance_x208_pro_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_x224_firmware *
siemens scalance_x204-2_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x204-2ld_ts_firmware *
siemens scalance_x216_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x206-1_firmware *
CVE-2022-26649 HIGH

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
siemens scalance_x204-2ld_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x204-2fm_firmware *
siemens scalance_x212-2ld_firmware *
siemens scalance_x200-4p_irt_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x208_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x212-2_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_xf204_firmware *
siemens scalance_x204-2ts_firmware *
siemens scalance_x204irt_pro_firmware *
siemens scalance_x206-1ld_firmware *
siemens scalance_xf208_firmware *
siemens scalance_x202-2p_irt_firmware *
siemens scalance_x208_pro_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_x224_firmware *
siemens scalance_x204-2_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x204-2ld_ts_firmware *
siemens scalance_x216_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x206-1_firmware *
CVE-2022-27194 HIGH

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens sinetplan *
siemens totally_integrated_automation_portal 15
siemens totally_integrated_automation_portal 17
siemens simatic_pcs_neo *
siemens totally_integrated_automation_portal 16
siemens simatic_pcs_neo 3.1
siemens totally_integrated_automation_portal 15.1
CVE-2022-27219 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,CWE-1021,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server *
CVE-2022-27220 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,CWE-1021,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.0
siemens sinema_remote_connect_server *
CVE-2022-27221 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,CWE-203,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-27242 LOW

A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
siemens openv2g 0.9.4
CVE-2022-27480 MEDIUM

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-425,

Products Affected

Vendor Product Version
siemens sicam_a8000_cp-8050_firmware *
siemens sicam_a8000_cp-8031_firmware *
CVE-2022-27481 MEDIUM

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
siemens scalance_w1788-2_m12_firmware *
siemens scalance_w1788-2_eec_m12_firmware *
siemens scalance_w1788-1_m12_firmware *
siemens scalance_w1788-2ia_m12_firmware *
CVE-2022-27640 MEDIUM

A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
siemens simatic_cp_443-1_rna_firmware *
siemens simatic_cp_442-1_rna_firmware *
CVE-2022-27653 MEDIUM

A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15594)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2022-28328 HIGH

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens scalance_w1788-2_m12_firmware *
siemens scalance_w1788-2_eec_m12_firmware *
siemens scalance_w1788-1_m12_firmware *
siemens scalance_w1788-2ia_m12_firmware *
CVE-2022-28329 LOW

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed TCP packets received over the RemoteCapture feature. This could allow an attacker to lead to a denial of service condition which only affects the port used by the RemoteCapture feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens scalance_w1788-2_m12_firmware *
siemens scalance_w1788-2_eec_m12_firmware *
siemens scalance_w1788-1_m12_firmware *
siemens scalance_w1788-2ia_m12_firmware *
CVE-2022-28661 MEDIUM

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2022-28662 MEDIUM

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15307)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2022-28663 MEDIUM

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2022-29028 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,CWE-835,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-29029 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-29030 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-680,CWE-190,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-29031 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-29032 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,CWE-415,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-29033 MEDIUM

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,CWE-824,

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-29034 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
productcert@siemens.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-29560 HIGH

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2022-29561

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2022-29562

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2022-29801 MEDIUM

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
siemens teamcenter *
CVE-2022-29872 MEDIUM

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-141,CWE-20,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29873 HIGH

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-141,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29874 MEDIUM

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29875 HIGH

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
siemens syngo.via *
siemens magnetom_numaris_x_firmware va12m
siemens somatom_go.now_firmware va30
siemens somatom_x.cite_firmware va30
siemens magnetom_numaris_x_firmware va12s
siemens symbia_e_firmware *
siemens magnetom_numaris_x_firmware va31a
siemens syngo.via vb20
siemens biograph_horizon_pet/ct_systems_firmware *
siemens somatom_go.sim_firmware *
siemens somatom_x.cite_firmware *
siemens somatom_go.now_firmware *
siemens somatom_x.creed_firmware va30
siemens naeotom_alpha_firmware va40
siemens somatom_go.all_firmware va40
siemens somatom_go.all_firmware va30
siemens magnetom_numaris_x_firmware va20a
siemens syngo.via vb10
siemens symbia_s_firmware *
siemens somatom_go.now_firmware va40
siemens magnetom_numaris_x_firmware va10b
siemens somatom_go.open_pro_firmware va40
siemens symbia_intevo_firmware *
siemens somatom_go.up_firmware *
siemens symbia_t_firmware *
siemens somatom_go.open_pro_firmware *
siemens somatom_go.sim_firmware va40
siemens somatom_go.up_firmware va40
siemens somatom_go.up_firmware va30
siemens syngo.via vb40b
siemens somatom_go.sim_firmware va30
siemens symbia.net *
siemens somatom_x.cite_firmware va40
siemens syngo.via vb30
siemens syngo.via vb50
siemens symbia_evo_firmware *
siemens somatom_x.creed_firmware *
siemens somatom_go.open_pro_firmware va30
siemens somatom_x.creed_firmware va40
siemens somatom_go.all_firmware *
siemens magnetom_numaris_x_firmware va30a
siemens syngo.via vb60b
siemens mammomat_revelation_firmware *
CVE-2022-29876 MEDIUM

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29877 MEDIUM

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices allow unauthenticated access to the web interface configuration area. This could allow an attacker to extract internal configuration details or to reconfigure network settings. However, the reconfigured settings cannot be activated unless the role of an authenticated administrator user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29878 MEDIUM

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-294,CWE-294,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29879 MEDIUM

A vulnerability has been identified in SICAM T (All versions < V3.0). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29880 LOW

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the affected views.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29881 MEDIUM

A vulnerability has been identified in SICAM T (All versions < V3.0). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow unauthenticated users to extract internal configuration details.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29882 MEDIUM

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary actions in the name of the user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29883 MEDIUM

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not restrict unauthenticated access to certain pages of the web interface. This could allow an attacker to delete log files without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-306,

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-29884 HIGH

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,CWE-772,

Products Affected

Vendor Product Version
siemens sicam_a8000_cp-8021_firmware *
siemens sicam_a8000_cp-8022_firmware *
siemens sicam_a8000_cp-8000_firmware *
CVE-2022-30065 MEDIUM

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
busybox busybox 1.35.0
siemens scalance_sc626-2c_firmware *
siemens scalance_sc636-2c_firmware *
siemens scalance_sc642-2c_firmware *
siemens scalance_sc632-2c_firmware *
siemens scalance_sc622-2c_firmware *
siemens scalance_sc646-2c_firmware *
CVE-2022-30228 MEDIUM

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,CWE-346,

Products Affected

Vendor Product Version
siemens sicam_gridedge_essential *
CVE-2022-30229 MEDIUM

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-287,

Products Affected

Vendor Product Version
siemens sicam_gridedge_essential *
CVE-2022-30230 HIGH

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens sicam_gridedge_essential *
CVE-2022-30231 MEDIUM

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-402,CWE-522,

Products Affected

Vendor Product Version
siemens sicam_gridedge_essential *
CVE-2022-30527

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sinec_nms *
CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 2.1 1.4

Products Affected

Vendor Product Version
siemens 6es7154-8fx00-0ab0_firmware *
siemens simatic_s7-1500_cpu_1511c_firmware -
siemens simatic_s7-1500_cpu_1515-2_firmware -
siemens simatic_s7-1500_cpu_1511tf-1_firmware -
siemens 6es7154-8fb01-0ab0_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware -
siemens simatic_s7-1500_cpu_1517tf-3_firmware -
siemens 6es7315-7tj10-0ab0_firmware *
siemens 6es7151-8fb01-0ab0_firmware *
siemens 6ag1151-8fb01-2ab0_firmware *
siemens simatic_s7-1500_cpu_1512c_firmware -
siemens simatic_s7-1500_cpu_1513r-1_firmware -
siemens 6ag1315-2fj14-2ab0_firmware *
siemens simatic_s7-1500_cpu_1508s_f_firmware -
siemens simatic_s7-1500_cpu_1513-1_pn_firmware -
siemens 6es7315-2eh14-0ab0_firmware *
siemens 6ag1317-2fk14-2ab0_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware -
siemens simatic_s7-plcsim_advanced -
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1512spf-1_firmware -
siemens simatic_s7-1500_cpu_1511-1_firmware -
siemens simatic_s7-1500_cpu_1518tf-4_firmware -
siemens simatic_s7-1500_cpu_151511c-1_firmware -
siemens simatic_s7-1200_cpu_1212c_firmware -
siemens 6es7317-7ul10-0ab0_firmware *
siemens simatic_s7-1200_cpu_1215fc_firmware -
siemens 6es7317-2ek14-0ab0_firmware *
siemens simatic_s7-1200_cpu_1215c_firmware -
siemens 6ag1151-8ab01-7ab0_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_firmware -
siemens simatic_s7-1200_cpu_12_1214c_firmware -
siemens simatic_s7-1500_cpu_1517-3_dp_firmware -
siemens simatic_s7-1500_cpu_1518-4_dp_firmware -
siemens 6es7315-2fj14-0ab0_firmware *
siemens simatic_s7-1500_cpu_1511f-1_firmware -
siemens simatic_drive_controller_cpu_1507d_tf_firmware -
siemens simatic_s7-1500_cpu_cpu_1513prof-2_firmware -
siemens simatic_s7-1200_cpu_12_1212c_firmware -
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware -
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1510sp-1_firmware -
siemens simatic_pcs_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware -
siemens 6es7317-2fk14-0ab0_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware -
siemens simatic_s7-1500_cpu_1515r-2_firmware -
siemens simatic_s7-1500_cpu_1515-2_pn_firmware -
siemens simatic_s7-1500_cpu_1511t-1_firmware -
siemens simatic_s7-1500_cpu_1507s_firmware -
siemens simatic_s7-1500_cpu_151511f-1_firmware -
siemens simatic_s7-1500_cpu_1516f-3_firmware -
siemens 6es7151-8ab01-0ab0_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn_firmware -
siemens simatic_s7-1200_cpu_1214_fc_firmware -
siemens simatic_s7-1500_cpu_1516-3_pn_firmware -
siemens 6es7318-3fl01-0ab0_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware -
siemens 6es7318-3el01-0ab0_firmware *
siemens simatic_s7-1500_cpu_1508s_firmware -
siemens simatic_s7-1500_cpu_1518f-4_firmware -
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware -
siemens simatic_drive_controller_cpu_1504d_tf_firmware -
siemens sinumerik_one_firmware -
siemens simatic_s7-1500_cpu_1512sp-1_firmware -
siemens simatic_s7-1500_cpu_1518-4_firmware -
siemens simatic_s7-1200_cpu_1212fc_firmware -
siemens simatic_s7-1500_cpu_1518hf-4_firmware -
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware -
siemens simatic_s7-1200_cpu_1215_fc_firmware -
siemens simatic_s7-1500_cpu_1516-3_firmware -
siemens simatic_s7-1200_cpu_12_1214fc_firmware -
siemens 6es7317-7tk10-0ab0_firmware *
siemens simatic_s7-1500_cpu_1518_firmware -
siemens simatic_s7-1500_cpu_1513f-1_firmware -
siemens 6es7314-6eh04-0ab0_firmware *
siemens simatic_s7-400_pn/dp_v6_firmware -
siemens simatic_s7-1500_cpu_1516-3_dp_firmware -
siemens simatic_s7-1200_cpu_1214c_firmware -
siemens 6ag1315-2eh14-7ab0_firmware *
siemens 6es7154-8ab01-0ab0_firmware *
siemens simatic_s7-1500_cpu_1507s_f_firmware -
siemens simatic_s7-1500_cpu_1510sp_firmware -
siemens simatic_s7-1500_cpu_1516pro-2_firmware -
siemens simatic_s7-1500_cpu_1518t-4_firmware -
siemens simatic_s7-1200_cpu_1214fc_firmware -
siemens simatic_s7-1500_cpu_1517f-3_firmware -
siemens simatic_s7-1500_cpu_1515tf-2_firmware -
siemens simatic_s7-1500_cpu_1511c-1_firmware -
siemens simatic_s7-1200_cpu_1217c_firmware -
siemens simatic_s7-1200_cpu_12_1215c_firmware -
siemens simatic_s7-1500_cpu_1512c-1_firmware -
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware -
siemens simatic_wincc_runtime -
siemens simatic_s7-1200_cpu_12_1212fc_firmware -
siemens simatic_s7-1200_cpu_12_1215fc_firmware -
siemens simatic_s7-1200_cpu_12_1211c_firmware -
siemens simatic_s7-1500_cpu_1516tf-3_firmware -
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware -
siemens simatic_s7-1200_cpu_1211c_firmware -
siemens simatic_s7-1500_cpu_1511-1_pn_firmware -
siemens simatic_s7-1500_cpu_1517-3_pn_firmware -
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware -
siemens 6ag1317-2ek14-7ab0_firmware *
siemens simatic_s7-400_pn/dp_v7_firmware -
siemens 6ag1314-6eh04-7ab0_firmware *
siemens simatic_s7-1500_cpu_cpu_1513pro-2_firmware -
siemens simatic_s7-1500_software_controller -
siemens simatic_s7-1500_cpu_1517-3_firmware -
siemens simatic_s7-1500_cpu_15pro-2_firmware -
siemens simatic_s7-1500_cpu_15prof-2_firmware -
siemens simatic_s7-1500_cpu_1516pro_f_firmware -
siemens simatic_s7-1200_cpu_12_1217c_firmware -
CVE-2022-30937 HIGH

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_iec_104_firmware -
siemens en100_ethernet_module_dnp3_firmware -
siemens en100_ethernet_module_iec_61850_firmware *
siemens en100_ethernet_module_modbus_tcp_firmware -
siemens en100_ethernet_module_profinet_io_firmware -
CVE-2022-30938 MEDIUM

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens en100_ethernet_module_iec_104_firmware *
siemens en100_ethernet_module_iec_61850_firmware *
siemens en100_ethernet_module_dnp3_ip_firmware *
siemens en100_ethernet_module_modbus_tcp_firmware *
siemens en100_ethernet_module_profinet_io_firmware -
CVE-2022-31465 MEDIUM

A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
siemens xpedition_designer *
CVE-2022-3159

The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-3160

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-3161

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-31619 MEDIUM

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
siemens teamcenter *
CVE-2022-31765

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens 6gk5812-1aa00-2aa2_firmware *
siemens 6gk5748-1fc00-0ab0_firmware -
siemens 6gk5213-3bf00-2ab2_firmware -
siemens 6gk5788-2gd00-0ab0_firmware -
siemens 6gk5328-4ss00-2ar3_firmware -
siemens 6gk5786-1fc00-0ab0_firmware -
siemens 6gk5206-2bd00-2ac2_firmware -
siemens 6gk5766-1ge00-7ta0_firmware -
siemens 6gk5788-1fc00-0ab0_firmware -
siemens 6gk5876-4aa00-2da2_firmware *
siemens 6gk5738-1gy00-0aa0_firmware -
siemens 6gk5748-1gd00-0aa0_firmware -
siemens 6gk5734-1fx00-0ab6_firmware -
siemens 6gk5812-1ba00-2aa2_firmware *
siemens 6gk5786-2hc00-0aa0_firmware -
siemens 6gk5216-4gs00-2ac2_firmware -
siemens 6gk5748-1gy01-0ta0_firmware -
siemens 6gk5224-4gs00-2ac2_firmware -
siemens 6gk5788-2fc00-0ac0_firmware -
siemens 6gk5208-0ha00-2ts6_firmware -
siemens 6gk5788-2hy01-0aa0_firmware -
siemens 6gk5213-3bb00-2ab2_firmware -
siemens 6gk5328-4ss00-3ar3_firmware -
siemens 6gk5788-2gd00-0ta0_firmware -
siemens 6ag1206-2bb00-7ac2_firmware -
siemens 6gk5786-1fc00-0aa0_firmware -
siemens 6gk5788-2gy01-0ta0_firmware -
siemens 6gk5738-1gy00-0ab0_firmware -
siemens 6gk5786-2fc00-0ac0_firmware -
siemens 6gk5722-1fc00-0ab0_firmware -
siemens 6gk5788-2gd00-0tb0_firmware -
siemens 6gk5205-3bb00-2tb2_firmware -
siemens 6gk5208-0ga00-2tc2_firmware -
siemens 6gk5774-1fx00-0aa0_firmware -
siemens 6gk5788-1fc00-0aa0_firmware -
siemens 6gk5526-8gs00-2ar2_firmware -
siemens 6gk5788-1gd00-0ab0_firmware -
siemens 6gk5766-1je00-7da0_firmware -
siemens 6gk5721-1fc00-0ab0_firmware -
siemens 6gk5204-0ba00-2yf2_firmware -
siemens 6gk5216-0ha00-2es6_firmware -
siemens 6gk5874-3aa00-2aa2_firmware *
siemens 6gk5722-1fc00-0ac0_firmware -
siemens 6gk5224-0ba00-2ac2_firmware -
siemens 6ag1216-4bs00-7ac2_firmware -
siemens 6gk5206-2gs00-2ac2_firmware -
siemens 6gk5778-1gy00-0ta0_firmware -
siemens 6gk5524-8gs00-2ar2_firmware -
siemens 6gk5636-2gs00-2ac2_firmware -
siemens 6gk5206-2bb00-2ac2_firmware -
siemens 6gk5876-3aa02-2ea2_firmware *
siemens 6gk5213-3bd00-2tb2_firmware -
siemens 6gk5748-1gd00-0ab0_firmware -
siemens 6gk5216-4bs00-2ac2_firmware -
siemens 6gk5766-1ge00-7tb0_firmware -
siemens 6gk5876-3aa02-2ba2_firmware *
siemens 6gk5408-4gq00-2am2_firmware -
siemens 6gk5208-0ra00-2ac2_firmware -
siemens 6gk5216-0ba00-2ac2_firmware -
siemens 6gk5216-3rs00-5ac2_firmware -
siemens 6ag1208-0ba00-7ac2_firmware -
siemens 6gk5528-0aa00-2ar2_firmware -
siemens 6gk5763-1al00-3aa0_firmware -
siemens 6gk5528-0ar00-2hr2_firmware -
siemens 6gk5208-0ha00-2es6_firmware -
siemens 6gk5876-4aa00-2ba2_firmware *
siemens 6gk5778-1gy00-0aa0_firmware -
siemens 6gk5328-4fs00-2rr3_firmware -
siemens 6gk5788-2gy01-0aa0_firmware -
siemens 6gk5748-1fc00-0aa0_firmware -
siemens 6gk5204-2aa00-2gf2_firmware -
siemens 6gk5416-4gr00-2am2_firmware -
siemens 6gk5328-4fs00-3rr3_firmware -
siemens 6gk5208-0ua00-5es6_firmware -
siemens 6gk5524-8gr00-3ar2_firmware -
siemens 6gk5734-1fx00-0ab0_firmware -
siemens 6gk5224-4gs00-2tc2_firmware -
siemens 6gk5408-4gp00-2am2_firmware -
siemens 6gk5206-2rs00-5ac2_firmware -
siemens 6ag1206-2bs00-7ac2_firmware -
siemens 6gk5786-2fe00-0ab0_firmware -
siemens 6gk5205-3bd00-2tb2_firmware -
siemens 6gk5774-1fx00-0ab6_firmware -
siemens 6gk5206-2gs00-2fc2_firmware -
siemens 6gk5778-1gy00-0ab0_firmware -
siemens 6gk5324-0ba00-2ar3_firmware -
siemens 6gk5204-2aa00-2yf2_firmware -
siemens 6gk5552-0aa00-2ar2_firmware -
siemens 6gk5646-2gs00-2ac2_firmware -
siemens 6gk5788-2fc00-0aa0_firmware -
siemens 6gk5766-1je00-3da0_firmware -
siemens 6gk5552-0ar00-2ar2_firmware -
siemens 6gk5763-1al00-3da0_firmware -
siemens 6gk5524-8gr00-2ar2_firmware -
siemens 6gk5632-2gs00-2ac2_firmware -
siemens 6gk5734-1fx00-0aa0_firmware -
siemens 6gk5788-1gy01-0aa0_firmware -
siemens 6gk5216-0ba00-2fc2_firmware -
siemens 6gk5528-0aa00-2hr2_firmware -
siemens 6gk5774-1fx00-0ab0_firmware -
siemens 6gk5816-1ba00-2aa2_firmware *
siemens 6gk5642-2gs00-2ac2_firmware -
siemens 6gk5206-2gs00-2tc2_firmware -
siemens 6gk5778-1gy00-0tb0_firmware -
siemens 6gk5205-3bf00-2ab2_firmware -
siemens 6gk5774-1fy00-0tb0_firmware -
siemens 6gk5224-4gs00-2fc2_firmware -
siemens 6gk5208-0ha00-2as6_firmware -
siemens 6gk5766-1ge00-7da0_firmware -
siemens 6gk5216-0ba00-2tb2_firmware -
siemens 6gk5786-2fc00-0aa0_firmware -
siemens 6gk5526-8gr00-4ar2_firmware -
siemens 6gk5552-0ar00-2hr2_firmware -
siemens 6gk5853-2ea00-2da1_firmware *
siemens 6gk5208-0ga00-2ac2_firmware -
siemens 6gk5416-4gs00-2am2_firmware -
siemens 6gk5208-0ra00-5ac2_firmware -
siemens 6gk5524-8gs00-4ar2_firmware -
siemens 6gk5748-1gy01-0aa0_firmware -
siemens 6gk5766-1ge00-7db0_firmware -
siemens 6gk5213-3bd00-2ab2_firmware -
siemens 6gk5208-0ba00-2fc2_firmware -
siemens 6gk5328-4fs00-3ar3_firmware -
siemens 6gk5328-4fs00-2ar3_firmware -
siemens 6gk5524-8gs00-3ar2_firmware -
siemens 6gk5205-3bf00-2tb2_firmware -
siemens 6gk5408-8gr00-2am2_firmware -
siemens 6gk5552-0aa00-2hr2_firmware -
siemens 6gk5206-2bs00-2ac2_firmware -
siemens 6gk5524-8gr00-4ar2_firmware -
siemens 6gk5216-4gs00-2fc2_firmware -
siemens 6gk5206-2bs00-2fc2_firmware -
siemens 6gk5786-2fc00-0ab0_firmware -
siemens 6gk5213-3bf00-2tb2_firmware -
siemens 6gk5216-4gs00-2tc2_firmware -
siemens 6gk5528-0ar00-2ar2_firmware -
siemens 6gk6108-4am00-2ba2_firmware *
siemens 6gk5804-0ap00-2aa2_firmware *
siemens 6gk5826-2ab00-2ab2_firmware *
siemens 6gk5856-2ea00-3da1_firmware *
siemens 6gk5761-1fc00-0ab0_firmware -
siemens 6gk5326-2qs00-3rr3_firmware -
siemens 6gk5766-1ge00-3da0_firmware -
siemens 6gk5526-8gs00-3ar2_firmware -
siemens 6gk5786-2hc00-0ab0_firmware -
siemens 6gk5622-2gs00-2ac2_firmware -
siemens 6gk5774-1fy00-0ta0_firmware -
siemens 6gk5206-2rs00-2ac2_firmware -
siemens 6gk5208-0ba00-2ac2_firmware -
siemens 6gk5324-0ba00-3ar3_firmware -
siemens 6gk5761-1fc00-0aa0_firmware -
siemens 6gk5526-8gr00-3ar2_firmware -
siemens 6gk6108-4am00-2da2_firmware *
siemens 6gk5208-0ga00-2fc2_firmware -
siemens 6gk5204-0ba00-2gf2_firmware -
siemens 6gk5774-1fx00-0aa6_firmware -
siemens 6gk5766-1je00-7ta0_firmware -
siemens 6gk5408-8gs00-2am2_firmware -
siemens 6gk5816-1aa00-2aa2_firmware *
siemens 6gk5213-3bb00-2tb2_firmware -
siemens 6gk5788-2gd00-0tc0_firmware -
siemens 6gk5766-1ge00-3db0_firmware -
siemens 6gk5786-2fe00-0aa0_firmware -
siemens 6gk5208-0ba00-2tb2_firmware -
siemens 6gk5208-0ba00-2ab2_firmware -
siemens 6gk5216-0ba00-2ab2_firmware -
siemens 6gk5216-0ha00-2ts6_firmware -
siemens 6gk5326-2qs00-3ar3_firmware -
siemens 6gk5722-1fc00-0aa0_firmware -
siemens 6gk5205-3bd00-2ab2_firmware -
siemens 6gk5774-1fx00-0ac0_firmware -
siemens 6gk5788-2gd00-0aa0_firmware -
siemens 6gk5526-8gs00-4ar2_firmware -
siemens 6gk5216-3rs00-2ac2_firmware -
siemens 6gk5721-1fc00-0aa0_firmware -
siemens 6gk5788-1gd00-0aa0_firmware -
siemens 6gk5216-0ua00-5es6_firmware -
siemens 6gk5763-1al00-7da0_firmware -
siemens 6gk5216-0ha00-2as6_firmware -
siemens 6gk5856-2ea00-3aa1_firmware *
siemens 6gk5788-2fc00-0ab0_firmware -
siemens 6gk5874-2aa00-2aa2_firmware *
siemens 6gk5206-2rs00-5fc2_firmware -
siemens 6gk5734-1fx00-0aa6_firmware -
siemens 6gk5205-3bb00-2ab2_firmware -
siemens 6gk5526-8gr00-2ar2_firmware -
CVE-2022-31766

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.1.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.1.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.1.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.1.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.1.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.1.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.1.2), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions >= V1.1.0 < V3.0.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
productcert@siemens.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

Products Affected

Vendor Product Version
siemens scalance_m812-1_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_wam766-1_firmware *
siemens scalance_wum766-1_firmware *
siemens scalance_s615_firmware *
siemens scalance_m804pb_firmware *
siemens scalance_mum853-1_firmware *
siemens scalance_m816-1_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_wam763-1_firmware *
siemens scalance_m876-3_firmware *
siemens ruggedcom_rm1224_firmware *
siemens scalance_mum856-1_firmware *
siemens scalance_wum763-1_firmware *
siemens scalance_m826-2_firmware *
siemens scalance_m876-4_firmware *
CVE-2022-31807

A vulnerability has been identified in Building X - Security Manager Edge Controller (ACC-AP) (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a maliciously modified firmware onto the device. In a second scenario, a remote attacker who is able to intercept the transfer of a valid firmware from the server to the device could modify the firmware "on the fly".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.5 3.6

Products Affected

Vendor Product Version
siemens sipass_integrated_acc-ap_firmware *
siemens sipass_integrated_ac5102_(acc-g2)_firmware *
CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sipass_integrated_acc-ap_firmware *
siemens sipass_integrated_ac5102_(acc-g2)_firmware *
CVE-2022-31810

A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow. This could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2022-31812

A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2022-32145 MEDIUM

A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
siemens teamcenter_active_workspace *
CVE-2022-32205 MEDIUM

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
siemens scalance_sc626-2c_firmware *
netapp h500s_firmware -
debian debian_linux 11.0
siemens scalance_sc642-2c_firmware *
siemens scalance_sc622-2c_firmware *
apple macos *
netapp h700s_firmware -
siemens scalance_sc646-2c_firmware *
haxx curl *
splunk universal_forwarder *
netapp solidfire -
fedoraproject fedora 35
netapp h300s_firmware -
siemens scalance_sc636-2c_firmware *
netapp clustered_data_ontap -
siemens scalance_sc632-2c_firmware *
splunk universal_forwarder 9.1.0
netapp element_software -
netapp hci_management_node -
netapp h410s_firmware -
CVE-2022-32206 MEDIUM

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
siemens scalance_sc626-2c_firmware *
netapp h500s_firmware -
debian debian_linux 11.0
siemens scalance_sc642-2c_firmware *
netapp bootstrap_os -
siemens scalance_sc622-2c_firmware *
debian debian_linux 10.0
netapp h700s_firmware -
siemens scalance_sc646-2c_firmware *
haxx curl *
splunk universal_forwarder *
netapp solidfire -
fedoraproject fedora 35
netapp h300s_firmware -
siemens scalance_sc636-2c_firmware *
netapp clustered_data_ontap -
siemens scalance_sc632-2c_firmware *
splunk universal_forwarder 9.1.0
netapp element_software -
netapp hci_management_node -
netapp h410s_firmware -
CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
debian debian_linux 11.0
fedoraproject fedora 35
fedoraproject fedora 36
nodejs node.js *
siemens sinec_ins 1.0
siemens sinec_ins *
debian debian_linux 10.0
fedoraproject fedora 37
CVE-2022-32213

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
debian debian_linux 11.0
stormshield stormshield_management_center *
fedoraproject fedora 35
fedoraproject fedora 36
nodejs node.js *
siemens sinec_ins 1.0
fedoraproject fedora 37
llhttp llhttp *
CVE-2022-32215

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
debian debian_linux 11.0
stormshield stormshield_management_center *
fedoraproject fedora 35
fedoraproject fedora 36
nodejs node.js *
siemens sinec_ins 1.0
fedoraproject fedora 37
llhttp llhttp *
CVE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
nodejs node.js *
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2022-32251 HIGH

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32252 HIGH

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,CWE-345,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32253 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
productcert@siemens.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32254 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32255 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32256 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32257

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32258 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-448,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32259 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1244,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32260 HIGH

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-286,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32261 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-233,NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-32262 HIGH

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server *
CVE-2022-33137 MEDIUM

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,CWE-613,

Products Affected

Vendor Product Version
siemens simatic_mv550_h_firmware *
siemens simatic_mv540_s_firmware *
siemens simatic_mv560_x_firmware *
siemens simatic_mv550_s_firmware *
siemens simatic_mv540_h_firmware *
siemens simatic_mv560_u_firmware *
CVE-2022-33138 MEDIUM

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
siemens simatic_mv550_h_firmware *
siemens simatic_mv540_s_firmware *
siemens simatic_mv560_x_firmware *
siemens simatic_mv550_s_firmware *
siemens simatic_mv540_h_firmware *
siemens simatic_mv560_u_firmware *
CVE-2022-33139 MEDIUM

A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-603,CWE-287,

Products Affected

Vendor Product Version
siemens desigo_cc_compact *
siemens wincc_open_architecture 3.16
siemens desigo_cc *
siemens wincc_open_architecture 3.18
siemens cerberus_dms *
siemens wincc_open_architecture 3.17
CVE-2022-33736 MEDIUM

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-303,CWE-287,

Products Affected

Vendor Product Version
siemens opcenter_quality *
CVE-2022-34272 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-037, FG-VD-22-059)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34273 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34274 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-039)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34275 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-040)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34276 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-041)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34277 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-042)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34278 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-043)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34279 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-044)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34280 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-045)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34281 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-046)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34282 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-047)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34283 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-048)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34284 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-049)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34285 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-050)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34286 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-051)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34287 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-052, FG-VD-22-056)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34288 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-053)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34289 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-054)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34290 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-055)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34291 MEDIUM

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-057, FG-VD-22-058, FG-VD-22-060)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
siemens pads_viewer *
CVE-2022-34464 LOW

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-668,CWE-668,

Products Affected

Vendor Product Version
siemens sicam_gridedge_essential_gds_arm -
siemens sicam_gridedge_essential_arm -
siemens sicam_gridedge_essential_gds_intel *
siemens sicam_gridedge_essential_intel *
CVE-2022-34465 MEDIUM

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-34659

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens simcenter_star-ccm+_viewer *
CVE-2022-34660

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens teamcenter *
CVE-2022-34661

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens teamcenter *
CVE-2022-34663 MEDIUM

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Affected devices are vulnerable to a web-based code injection attack via the console. An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
productcert@siemens.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2022-34748 MEDIUM

A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17293)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2022-34819 HIGH

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
productcert@siemens.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
siemens siplus_net_cp_1242-7_v2_firmware *
siemens siplus_net_cp_1543-1_firmware *
siemens simatic_cp_1543sp-1_firmware *
siemens simatic_cp_1243-1_firmware *
siemens simatic_cp_1542sp-1_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens simatic_cp_1243-7_lte_eu_firmware *
siemens simatic_cp_1243-8_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens simatic_cp_1543-1_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens simatic_cp_1242-7_v2_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens simatic_cp_1243-7_lte_us_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
CVE-2022-34820 HIGH

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-116,

Products Affected

Vendor Product Version
siemens siplus_net_cp_1242-7_v2_firmware *
siemens siplus_net_cp_1543-1_firmware *
siemens simatic_cp_1543sp-1_firmware *
siemens simatic_cp_1243-1_firmware *
siemens simatic_cp_1542sp-1_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens simatic_cp_1243-7_lte_eu_firmware *
siemens simatic_cp_1243-8_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens simatic_cp_1543-1_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens simatic_cp_1242-7_v2_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens simatic_cp_1243-7_lte_us_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
CVE-2022-34821 HIGH

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 7.6 HIGH CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
siemens siplus_net_cp_1242-7_v2_firmware *
siemens siplus_net_cp_1543-1_firmware *
siemens simatic_cp_1543sp-1_firmware *
siemens simatic_cp_1243-1_firmware *
siemens simatic_cp_1542sp-1_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens simatic_cp_1243-7_lte_eu_firmware *
siemens simatic_cp_1243-8_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens simatic_cp_1543-1_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens simatic_cp_1242-7_v2_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens simatic_cp_1243-7_lte_us_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
debian debian_linux 11.0
nodejs node.js *
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
debian debian_linux 11.0
nodejs node.js *
siemens sinec_ins 1.0
siemens sinec_ins *
llhttp llhttp *
CVE-2022-35868

A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
siemens tia_project-server 1.0
siemens tia_project-server 17
siemens tia_multiuser_server 15
siemens tia_multiuser_server 15.1
siemens tia_project-server 16
siemens tia_multiuser_server 14
siemens tia_multiuser_server 16
CVE-2022-36323

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens scalance_xb213-3_firmware *
siemens scalance_xc206-2g_poe__firmware *
siemens scalance_xp208eec_firmware *
siemens scalance_xp208_firmware *
siemens scalance_xb-200_firmware *
siemens scalance_xc216_firmware *
siemens scalance_xr528_firmware *
siemens scalance_sc622-2c_firmware *
siemens scalance_w700_ieee_802.11ac_firmware *
siemens scalance_xc224-4c_g__firmware *
siemens scalance_xp208_(eip)_firmware *
siemens scalance_xr526-8c_l3_firmware *
siemens scalance_xr552-12m_2hr2_firmware *
siemens scalance_xc208g_eec_firmware *
siemens scalance_xr552_firmware *
siemens scalance_xr528-6m_l3_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_xr326-2c_poe_wg_firmware *
siemens scalance_xr526_firmware *
siemens scalance_xr528-6m_firmware *
siemens scalance_xr-300wg_firmware *
siemens scalance_w700_ieee_802.11n_firmware *
siemens scalance_m-800_firmware *
siemens scalance_xp216_firmware *
siemens scalance_xp208poe_eec_firmware *
siemens scalance_xr552-12_firmware *
siemens scalance_xc208g_firmware *
siemens scalance_xc224-4c_g_(e/ip)_firmware *
siemens scalance_sc-600_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_xb216_firmware *
siemens scalance_sc632-2c_firmware *
siemens scalance_xc224-4c_g_eec_firmware *
siemens scalance_xf-200ba_firmware *
siemens scalance_xr328-4c_wg_firmware *
siemens scalance_xr528-6m_2hr2_firmware *
siemens scalance_xm416-4c_l3_firmware *
siemens scalance_xc206-2sfp_g_(e/ip)_firmware *
siemens scalance_xp216eec_firmware *
siemens scalance_xb205-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_xr500_firmware *
siemens scalance_xr528-6m_2hr2_l3_firmware *
siemens scalance_w700_ieee_802.11ax_firmware *
siemens scalance_sc642-2c_firmware *
siemens scalance_xc208g_(e/ip)_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens scalance_xc206-2g_poe_eec_firmware *
siemens scalance_xc216eec_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_xc224__firmware *
siemens scalance_xc206-2sfp_eec_firmware *
siemens scalance_xc216-4c_g_(e/ip)_firmware *
siemens scalance_xc216-4c_g_eec_firmware *
siemens scalance_xm408-4c_firmware *
siemens scalance_xm416-4c_firmware *
siemens scalance_xc206-2_firmware *
siemens scalance_xr552-12m_firmware *
siemens scalance_xc206-2sfp_g_firmware *
siemens scalance_sc636-2c_firmware *
siemens scalance_xr524-8c_l3_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_xp216_(eip)_firmware *
siemens scalance_xb205-3ld_firmware *
siemens scalance_xm408-4c_l3_firmware *
siemens scalance_xf204-2ba_dna_firmware *
siemens scalance_xr-300eec_firmware *
siemens scalance_xc216-4c_firmware *
siemens scalance_xr-300poe_firmware *
siemens scalance_xp216poe_eec_firmware *
siemens scalance_xc216-4c_g_firmware *
siemens scalance_xm408-8c_l3_firmware *
siemens scalance_xp-200_firmware *
siemens scalance_xm400_firmware *
siemens scalance_xc208g_poe_firmware *
siemens scalance_xc208_firmware *
siemens scalance_sc646-2c_firmware *
siemens scalance_xr526-8c_firmware *
siemens scalance_xb213-3ld_firmware *
siemens scalance_xr-300_firmware *
siemens scalance_xm408-8c_firmware *
siemens scalance_xc-200_firmware *
siemens scalance_xb208_firmware *
siemens scalance_xr324wg_firmware *
siemens scalance_xc208eec_firmware *
siemens scalance_xr524-8c_firmware *
siemens scalance_xc206-2sfp_g_eec_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_xr524_firmware *
siemens scalance_xr552-12m_2hr2_l3_firmware *
CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens scalance_xb213-3_firmware *
siemens scalance_xc206-2g_poe__firmware *
siemens scalance_xp208eec_firmware *
siemens scalance_xp208_firmware *
siemens scalance_xb-200_firmware *
siemens scalance_xc216_firmware *
siemens scalance_xr528_firmware *
siemens scalance_w700_ieee_802.11ac_firmware *
siemens scalance_xc224-4c_g__firmware *
siemens scalance_xp208_(eip)_firmware *
siemens scalance_xr526-8c_l3_firmware *
siemens scalance_xr552-12m_2hr2_firmware *
siemens scalance_xc208g_eec_firmware *
siemens scalance_xr552_firmware *
siemens scalance_xr528-6m_l3_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_xr326-2c_poe_wg_firmware *
siemens scalance_xr526_firmware *
siemens scalance_xr528-6m_firmware *
siemens scalance_xr-300wg_firmware *
siemens scalance_w700_ieee_802.11n_firmware *
siemens scalance_m-800_firmware *
siemens scalance_xp216_firmware *
siemens scalance_xp208poe_eec_firmware *
siemens scalance_xr552-12_firmware *
siemens scalance_xc208g_firmware *
siemens scalance_xc224-4c_g_(e/ip)_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_xb216_firmware *
siemens scalance_xc224-4c_g_eec_firmware *
siemens scalance_xf-200ba_firmware *
siemens scalance_xr328-4c_wg_firmware *
siemens scalance_xr528-6m_2hr2_firmware *
siemens scalance_xm416-4c_l3_firmware *
siemens scalance_xc206-2sfp_g_(e/ip)_firmware *
siemens scalance_xp216eec_firmware *
siemens scalance_xb205-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_xr500_firmware *
siemens scalance_xr528-6m_2hr2_l3_firmware *
siemens scalance_w700_ieee_802.11ax_firmware *
siemens scalance_xc208g_(e/ip)_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens scalance_xc206-2g_poe_eec_firmware *
siemens scalance_xc216eec_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_xc224__firmware *
siemens scalance_xc206-2sfp_eec_firmware *
siemens scalance_xc216-4c_g_(e/ip)_firmware *
siemens scalance_xc216-4c_g_eec_firmware *
siemens scalance_xm408-4c_firmware *
siemens scalance_xm416-4c_firmware *
siemens scalance_xc206-2_firmware *
siemens scalance_xr552-12m_firmware *
siemens scalance_xc206-2sfp_g_firmware *
siemens scalance_xr524-8c_l3_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_xp216_(eip)_firmware *
siemens scalance_xb205-3ld_firmware *
siemens scalance_xm408-4c_l3_firmware *
siemens scalance_xf204-2ba_dna_firmware *
siemens scalance_xr-300eec_firmware *
siemens scalance_xc216-4c_firmware *
siemens scalance_xr-300poe_firmware *
siemens scalance_xp216poe_eec_firmware *
siemens scalance_xc216-4c_g_firmware *
siemens scalance_xm408-8c_l3_firmware *
siemens scalance_xp-200_firmware *
siemens scalance_xm400_firmware *
siemens scalance_xc208g_poe_firmware *
siemens scalance_xc208_firmware *
siemens scalance_xr526-8c_firmware *
siemens scalance_xb213-3ld_firmware *
siemens scalance_xr-300_firmware *
siemens scalance_xm408-8c_firmware *
siemens scalance_xc-200_firmware *
siemens scalance_xb208_firmware *
siemens scalance_xr324wg_firmware *
siemens scalance_xc208eec_firmware *
siemens scalance_xr524-8c_firmware *
siemens scalance_xc206-2sfp_g_eec_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_xr524_firmware *
siemens scalance_xr552-12m_2hr2_l3_firmware *
CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
productcert@siemens.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
siemens scalance_xb213-3_firmware *
siemens scalance_xc206-2g_poe__firmware *
siemens scalance_xp208eec_firmware *
siemens scalance_xp208_firmware *
siemens scalance_xb-200_firmware *
siemens scalance_xc216_firmware *
siemens scalance_xr528_firmware *
siemens scalance_sc622-2c_firmware *
siemens scalance_w700_ieee_802.11ac_firmware *
siemens scalance_xc224-4c_g__firmware *
siemens scalance_xp208_(eip)_firmware *
siemens scalance_xr526-8c_l3_firmware *
siemens scalance_xr552-12m_2hr2_firmware *
siemens scalance_xc208g_eec_firmware *
siemens scalance_xr552_firmware *
siemens scalance_xr528-6m_l3_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_xr326-2c_poe_wg_firmware *
siemens scalance_xr526_firmware *
siemens scalance_xr528-6m_firmware *
siemens scalance_xr-300wg_firmware *
siemens scalance_w700_ieee_802.11n_firmware *
siemens scalance_m-800_firmware *
siemens scalance_xp216_firmware *
siemens scalance_xp208poe_eec_firmware *
siemens scalance_xr552-12_firmware *
siemens scalance_xc208g_firmware *
siemens scalance_xc224-4c_g_(e/ip)_firmware *
siemens scalance_sc-600_firmware *
siemens scalance_xr324-12m_firmware *
siemens scalance_xb216_firmware *
siemens scalance_sc632-2c_firmware *
siemens scalance_xc224-4c_g_eec_firmware *
siemens scalance_xf-200ba_firmware *
siemens scalance_xr328-4c_wg_firmware *
siemens scalance_xr528-6m_2hr2_firmware *
siemens scalance_xm416-4c_l3_firmware *
siemens scalance_xc206-2sfp_g_(e/ip)_firmware *
siemens scalance_xp216eec_firmware *
siemens scalance_xb205-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_xr500_firmware *
siemens scalance_xr528-6m_2hr2_l3_firmware *
siemens scalance_w700_ieee_802.11ax_firmware *
siemens scalance_sc642-2c_firmware *
siemens scalance_xc208g_(e/ip)_firmware *
siemens scalance_xr324-4m_eec_firmware *
siemens scalance_xc206-2g_poe_eec_firmware *
siemens scalance_xc216eec_firmware *
siemens scalance_xr324-4m_poe_firmware *
siemens scalance_xc224__firmware *
siemens scalance_xc206-2sfp_eec_firmware *
siemens scalance_xc216-4c_g_(e/ip)_firmware *
siemens scalance_xc216-4c_g_eec_firmware *
siemens scalance_xm408-4c_firmware *
siemens scalance_xm416-4c_firmware *
siemens scalance_xc206-2_firmware *
siemens scalance_xr552-12m_firmware *
siemens scalance_xc206-2sfp_g_firmware *
siemens scalance_sc636-2c_firmware *
siemens scalance_xr524-8c_l3_firmware *
siemens scalance_xr324-4m_poe_ts_firmware *
siemens scalance_xp216_(eip)_firmware *
siemens scalance_xb205-3ld_firmware *
siemens scalance_xm408-4c_l3_firmware *
siemens scalance_xf204-2ba_dna_firmware *
siemens scalance_xr-300eec_firmware *
siemens scalance_xc216-4c_firmware *
siemens scalance_xr-300poe_firmware *
siemens scalance_xp216poe_eec_firmware *
siemens scalance_xc216-4c_g_firmware *
siemens scalance_xm408-8c_l3_firmware *
siemens scalance_xp-200_firmware *
siemens scalance_xm400_firmware *
siemens scalance_xc208g_poe_firmware *
siemens scalance_xc208_firmware *
siemens scalance_sc646-2c_firmware *
siemens scalance_xr526-8c_firmware *
siemens scalance_xb213-3ld_firmware *
siemens scalance_xr-300_firmware *
siemens scalance_xm408-8c_firmware *
siemens scalance_xc-200_firmware *
siemens scalance_xb208_firmware *
siemens scalance_xr324wg_firmware *
siemens scalance_xc208eec_firmware *
siemens scalance_xr524-8c_firmware *
siemens scalance_xc206-2sfp_g_eec_firmware *
siemens scalance_xr324-12m_ts_firmware *
siemens scalance_xr524_firmware *
siemens scalance_xr552-12m_2hr2_l3_firmware *
CVE-2022-36360

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker to manipulate a firmware update and flash it to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
siemens logo!8_bm_fs-05_firmware *
CVE-2022-36361

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
siemens logo!8_bm_fs-05_firmware *
CVE-2022-36362

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
siemens logo!8_bm_fs-05_firmware *
CVE-2022-36363

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
siemens logo!_8_bm_firmware *
siemens logo!8_bm_fs-05_firmware *
CVE-2022-37864

A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge se2020
CVE-2022-37885

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37886

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37887

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37888

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37889

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37890

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
arubanetworks instant *
siemens scalance_w1750d_firmware -
arubanetworks arubaos *
CVE-2022-37891

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37892

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37893

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37894

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37895

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-37896

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
arubanetworks instant *
arubanetworks arubaos *
siemens scalance_w1750d_firmware *
CVE-2022-38371

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens talon_tc_compact_firmware *
siemens nucleus_net *
siemens apogee_pxc_compact_firmware *
siemens desigo_pxc50-e.d_firmware *
siemens desigo_pxc100-e.d_firmware *
siemens desigo_pxc22.1-e.d_firmware *
siemens desigo_pxc128-u_firmware *
siemens apogee_modular_building_controller_firmware *
siemens desigo_pxc200-e.d_firmware *
siemens nucleus_source_code -
siemens desigo_pxc64-u_firmware *
siemens desigo_pxc36.1-e.d_firmware *
siemens apogee_modular_equiment_controller_firmware *
siemens apogee_pxc_modular_firmware *
siemens desigo_pxc001-e.d_firmware *
siemens desigo_pxc22-e.d_firmware *
siemens desigo_pxc12-e.d_firmware *
siemens desigo_pxc00-e.d_firmware *
siemens desigo_pxc00-u_firmware *
siemens desigo_pxm20-e_firmware *
siemens nucleus_readystart_v3 *
CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions < V6.21), SINUMERIK ONE (All versions < V6.21). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simatic_s7-1500_cpu_1515r-2_firmware *
siemens simatic_s7-1200_cpu_12_1214fc_firmware *
siemens simatic_s7-1500_cpu_151511c-1_firmware *
siemens simatic_s7-1500_cpu_1511t-1_firmware *
siemens simatic_s7-1200_cpu_12_1215c_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_firmware *
siemens simatic_s7-1200_cpu_12_1211c_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_firmware *
siemens simatic_s7-1500_cpu_1512c-1_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_firmware *
siemens simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware *
siemens simatic_s7-1200_cpu_12_1217c_firmware *
siemens simatic_s7-1500_cpu_1516t-3_firmware *
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1513-1_firmware *
siemens simatic_s7-1500_cpu_1515-2_firmware *
siemens simatic_s7-1500_cpu_151511f-1_firmware *
siemens simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_firmware *
siemens simatic_s7-1500_cpu_1510sp_firmware *
siemens simatic_s7-1500_cpu_1516pro_f_firmware *
siemens simatic_s7-1500_cpu_1515t-2_firmware *
siemens simatic_drive_controller_cpu_1504d_tf_firmware *
siemens simatic_s7-1500_cpu_1516f-3_firmware *
siemens simatic_s7-1500_cpu_1515f-2_firmware *
siemens simatic_s7-1500_cpu_1517f-3_firmware *
siemens simatic_s7-1500_cpu_1517-3_firmware *
siemens simatic_s7-1500_software_controller *
siemens simatic_s7-1500_cpu_1512spf-1_firmware *
siemens simatic_s7-1500_cpu_1511-1_firmware *
siemens simatic_s7-1200_cpu_12_1212fc_firmware *
siemens simatic_s7-1500_cpu_1516-3_firmware *
siemens simatic_s7-1200_cpu_12_1215fc_firmware *
siemens simatic_s7-1500_cpu_1512sp-1_firmware *
siemens simatic_drive_controller_cpu_1507d_tf_firmware *
siemens simatic_s7-1200_cpu_12_1212c_firmware *
siemens simatic_s7-1200_cpu_12_1214c_firmware *
siemens simatic_s7-1500_cpu_1513f-1_firmware *
siemens simatic_s7-1500_cpu_15prof-2_firmware *
siemens simatic_s7-1500_cpu_1518f-4_firmware *
siemens simatic_s7-1500_cpu_1513r-1_firmware *
siemens simatic_s7-1500_cpu_15pro-2_firmware *
siemens simatic_s7-1500_cpu_1518-4_firmware *
siemens simatic_s7-1500_cpu_1518t-4_firmware *
CVE-2022-38466

A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens coreshield_one-way_gateway *
CVE-2022-38773

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.

Products Affected

Vendor Product Version
siemens siplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmware -
siemens siplus_s7-1500_cpu_1511-1_pn_t1_rail_firmware -
siemens simatic_s7-1500_cpu_1511t-1_pn_firmware -
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware -
siemens simatic_s7-1500_cpu_1516pro-2_pn_firmware -
siemens simatic_drive_controller_cpu_1504d_tf_firmware -
siemens siplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmware -
siemens siplus_s7-1500_cpu_1515f-2_pn_rail_firmware -
siemens siplus_s7-1500_cpu_1516f-3_pn/dp_rail_firmware -
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware -
siemens simatic_s7-1500_cpu_1517h-3_pn_firmware -
siemens simatic_s7-1500_cpu_1511c-1_pn_firmware -
siemens siplus_s7-1500_cpu_1518-4_pn/dp_mfp_firmware -
siemens simatic_s7-1500_cpu_s7-1518f-4_pn/dp_odk_firmware -
siemens simatic_s7-1500_cpu_1518hf-4_pn_firmware -
siemens simatic_s7-1500_cpu_1513pro_f-2_pn_firmware -
siemens simatic_s7-1500_cpu_1510sp-1_pn_firmware -
siemens simatic_s7-1500_cpu_1512c-1_pn_firmware -
siemens simatic_s7-1500_cpu_s7-1518-4_pn/dp_odk_firmware -
siemens siplus_s7-1500_cpu_1515r-2_pn_firmware -
siemens simatic_s7-1500_cpu_1513-1_pn_firmware -
siemens simatic_s7-1500_cpu_1515t-2_pn_firmware -
siemens siplus_et_200sp_cpu_1512sp-1_pn_rail_firmware -
siemens siplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmware -
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware -
siemens siplus_s7-1500_cpu_1517h-3_pn_firmware -
siemens siplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmware -
siemens siplus_s7-1500_cpu_1513-1_pn_firmware -
siemens siplus_s7-1500_cpu_1513f-1_pn_firmware -
siemens siplus_s7-1500_cpu_1516-3_pn/dp_rail_firmware -
siemens simatic_s7-1500_cpu_1515r-2_pn_firmware -
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware -
siemens siplus_et_200sp_cpu_1512sp_f-1_pn_firmware -
siemens simatic_s7-1500_cpu_1513r-1_pn_firmware -
siemens simatic_s7-1500_cpu_1518tf-4_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1513pro-2_pn_firmware -
siemens siplus_s7-1500_cpu_1518-4_pn/dp_firmware -
siemens siplus_et_200sp_cpu_1510sp-1_pn_firmware -
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1515tf-2_pn_firmware -
siemens siplus_s7-1500_cpu_1518f-4_pn/dp_firmware -
siemens siplus_s7-1500_cpu_1511-1_pn_firmware -
siemens simatic_s7-1500_cpu_1517tf-3_pn/dp_firmware -
siemens siplus_s7-1500_cpu_1516f-3_pn/dp_firmware -
siemens siplus_et_200sp_cpu_1510sp-1_pn_rail_firmware -
siemens simatic_s7-1500_cpu_1516t-3_pn/dp_firmware -
siemens simatic_drive_controller_cpu_1507d_tf_firmware -
siemens siplus_et_200sp_cpu_1512sp-1_pn_firmware -
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware -
siemens siplus_s7-1500_cpu_1511f-1_pn_firmware -
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1516tf-3_pn/dp_firmware -
siemens siplus_s7-1500_cpu_1516-3_pn/dp_tx_rail_firmware -
siemens simatic_s7-1500_cpu_1512sp_f-1_pn_firmware -
siemens simatic_s7-1500_cpu_1516pro_f-2_pn_firmware -
siemens simatic_s7-1500_cpu_1511tf-1_pn_firmware -
siemens simatic_s7-1500_cpu_1518-4f_pn/dp_firmware -
siemens siplus_s7-1500_cpu_1516-3_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1511-1_pn_firmware -
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware -
siemens simatic_s7-1500_cpu_1515-2_pn_firmware -
siemens siplus_et_200sp_cpu_1510sp_f-1_pn_firmware -
siemens simatic_s7-1500_cpu_1518t-4_pn/dp_firmware -
siemens simatic_s7-1500_cpu_1510sp_f-1_pn_firmware -
siemens siplus_s7-1500_cpu_1515f-2_pn_firmware -
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_mfp_firmware -
siemens siplus_s7-1500_cpu_1511-1_pn_tx_rail_firmware -
siemens simatic_s7-1500_cpu_1512sp-1_pn_firmware -
siemens simatic_s7-1500_cpu_1517t-3_pn/dp_firmware -
CVE-2022-39062

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sicam_toolbox_ii *
CVE-2022-39136

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-39137

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-17276)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39138

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17284)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39139

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17289)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39140

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17292)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39141

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-17296)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39142

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17485)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39143

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17493)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39144

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17494)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39145

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17496)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39146

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17502)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39147

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17506)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39148

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17513)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39149

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17733)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39150

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17735)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39151

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17736)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39152

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17740)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39153

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18187)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39154

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18188)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39155

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18192)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39156

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application is vulnerable to out of bounds read past the end of an allocated buffer when parsing X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18196)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2022-39157

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184), Simcenter Femap (All versions < V2023.1). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
CVE-2022-39158

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2022-40147

A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
siemens industrial_edge_management *
CVE-2022-40176

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). There exists an Improper Neutralization of Special Elements used in an OS Command with root privileges during a restore operation due to the missing validation of the names of files included in the input package. By restoring a specifically crafted package, a remote low-privileged attacker can execute arbitrary system commands with root privileges on the device, leading to a full compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
siemens pxg3.w200-1_firmware *
siemens desigo_pxm30-1_firmware *
siemens desigo_pxm40-1_firmware *
siemens pxg3.w100-2_firmware *
siemens desigo_pxm50-1_firmware *
siemens desigo_pxm50.e_firmware *
siemens pxg3.w100-1_firmware *
siemens desigo_pxm40.e_firmware *
siemens desigo_pxm30.e_firmware *
siemens pxg3.w200-2_firmware *
CVE-2022-40177

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Endpoints of the “Operation” web application that interpret and execute Axon language queries allow file read access to the device file system with root privileges. By supplying specific I/O related Axon queries, a remote low-privileged attacker can read sensitive files on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
siemens pxg3.w200-1_firmware *
siemens desigo_pxm30-1_firmware *
siemens desigo_pxm40-1_firmware *
siemens pxg3.w100-2_firmware *
siemens desigo_pxm50-1_firmware *
siemens desigo_pxm50.e_firmware *
siemens pxg3.w100-1_firmware *
siemens desigo_pxm40.e_firmware *
siemens desigo_pxm30.e_firmware *
siemens pxg3.w200-2_firmware *
CVE-2022-40178

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). Improper Neutralization of Input During Web Page Generation exists in the “Import Files“ functionality of the “Operation” web application, due to the missing validation of the titles of files included in the input package. By uploading a specifically crafted graphics package, a remote low-privileged attacker can execute arbitrary JavaScript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
siemens pxg3.w200-1_firmware *
siemens desigo_pxm30-1_firmware *
siemens desigo_pxm40-1_firmware *
siemens pxg3.w100-2_firmware *
siemens desigo_pxm50-1_firmware *
siemens desigo_pxm50.e_firmware *
siemens pxg3.w100-1_firmware *
siemens desigo_pxm40.e_firmware *
siemens desigo_pxm30.e_firmware *
siemens pxg3.w200-2_firmware *
CVE-2022-40179

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in endpoints of the “Operation” web application that interpret and execute Axon language queries, due to the missing validation of anti-CSRF tokens or other origin checks. By convincing a victim to click on a malicious link or visit a specifically crafted webpage while logged-in to the device web application, a remote unauthenticated attacker can execute arbitrary Axon queries against the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
siemens pxg3.w200-1_firmware *
siemens desigo_pxm30-1_firmware *
siemens desigo_pxm40-1_firmware *
siemens pxg3.w100-2_firmware *
siemens desigo_pxm50-1_firmware *
siemens desigo_pxm50.e_firmware *
siemens pxg3.w100-1_firmware *
siemens desigo_pxm40.e_firmware *
siemens desigo_pxm30.e_firmware *
siemens pxg3.w200-2_firmware *
CVE-2022-40180

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). A Cross-Site Request Forgery exists in the “Import Files“ functionality of the “Operation” web application due to the missing validation of anti-CSRF tokens or other origin checks. A remote unauthenticated attacker can upload and enable permanent arbitrary JavaScript code into the device just by convincing a victim to visit a specifically crafted webpage while logged-in to the device web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

Products Affected

Vendor Product Version
siemens pxg3.w200-1_firmware *
siemens desigo_pxm30-1_firmware *
siemens desigo_pxm40-1_firmware *
siemens pxg3.w100-2_firmware *
siemens desigo_pxm50-1_firmware *
siemens desigo_pxm50.e_firmware *
siemens pxg3.w100-1_firmware *
siemens desigo_pxm40.e_firmware *
siemens desigo_pxm30.e_firmware *
siemens pxg3.w200-2_firmware *
CVE-2022-40181

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded browser does not prevent interaction with alternative URI schemes when redirected to corresponding resources by web application code. By setting the homepage URI, the favorite URIs, or redirecting embedded browser users via JavaScript code to alternative scheme resources, a remote low privileged attacker can perform a range of attacks against the device, such as read arbitrary files on the filesystem, execute arbitrary JavaScript code in order to steal or manipulate the information on the screen, or trigger denial of service conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 2.8 5.5

Products Affected

Vendor Product Version
siemens pxg3.w200-1_firmware *
siemens desigo_pxm30-1_firmware *
siemens desigo_pxm40-1_firmware *
siemens pxg3.w100-2_firmware *
siemens desigo_pxm50-1_firmware *
siemens desigo_pxm50.e_firmware *
siemens pxg3.w100-1_firmware *
siemens desigo_pxm40.e_firmware *
siemens desigo_pxm30.e_firmware *
siemens pxg3.w200-2_firmware *
CVE-2022-40182

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). The device embedded Chromium-based browser is launched as root with the “--no-sandbox” option. Attackers can add arbitrary JavaScript code inside “Operation” graphics and successfully exploit any number of publicly known vulnerabilities against the version of the embedded Chromium-based browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens pxg3.w200-1_firmware *
siemens desigo_pxm30-1_firmware *
siemens desigo_pxm40-1_firmware *
siemens pxg3.w100-2_firmware *
siemens desigo_pxm50-1_firmware *
siemens desigo_pxm50.e_firmware *
siemens pxg3.w100-1_firmware *
siemens desigo_pxm40.e_firmware *
siemens desigo_pxm30.e_firmware *
siemens pxg3.w200-2_firmware *
CVE-2022-40225

A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cause a denial of service condition on affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
siemens siplus_tim_1531_irc_firmware *
CVE-2022-40226

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-40227

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_hmi_comfort_panels_firmware *
siemens simatic_hmi_ktp400_basic_firmware *
siemens siplus_hmi_ktp700_basic_firmware 17.0
siemens simatic_hmi_ktp700_basic_firmware *
siemens siplus_hmi_ktp400_basic_firmware 17.0
siemens simatic_hmi_ktp_mobile_panels_firmware 17.0
siemens siplus_hmi_ktp900_basic_firmware 17.0
siemens simatic_hmi_ktp1200_basic_firmware 17.0
siemens simatic_hmi_ktp1200_basic_firmware *
siemens siplus_hmi_ktp900_basic_firmware *
siemens simatic_hmi_ktp900_basic_firmware 17.0
siemens simatic_hmi_ktp_mobile_panels_firmware *
siemens simatic_hmi_ktp900_basic_firmware *
siemens siplus_hmi_ktp1200_basic_firmware 17.0
siemens simatic_hmi_comfort_panels_firmware 17.0
siemens simatic_hmi_ktp400_basic_firmware 17.0
siemens siplus_hmi_ktp400_basic_firmware *
siemens simatic_hmi_ktp700_basic_firmware 17.0
siemens siplus_hmi_ktp700_basic_firmware *
siemens siplus_hmi_ktp1200_basic_firmware *
CVE-2022-40631

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202-2P IRT PRO (All versions < V5.5.0), SCALANCE X204-2 (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X204IRT (All versions < V5.5.0), SCALANCE X204IRT PRO (All versions < V5.5.0), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < V5.5.0), SCALANCE XF202-2P IRT (All versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204-2 (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < V5.5.0), SCALANCE XF204IRT (All versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.0). There is a cross-site scripting vulnerability on the affected devices, that if used by a threat actor, it could result in session hijacking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
siemens scalance_x204-2ld_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x204-2fm_firmware *
siemens scalance_x212-2ld_firmware *
siemens scalance_x200-4p_irt_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x208_firmware *
siemens scalance_x208pro_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x212-2_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_xf206-1_firmware *
siemens scalance_xf204_firmware *
siemens scalance_x204-2ts_firmware *
siemens scalance_x204irt_pro_firmware *
siemens scalance_x206-1ld_firmware *
siemens siplus_net_scalance_x202-2p_irt_firmware *
siemens scalance_xf208_firmware *
siemens scalance_x202-2p_irt_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_x224_firmware *
siemens scalance_x204-2_firmware *
siemens scalance_xf204-2_firmware *
siemens scalance_x204-2ld_ts_firmware *
siemens scalance_x216_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x206-1_firmware *
CVE-2022-41278

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens jt2go -
CVE-2022-41279

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41280

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41281

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41282

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41283

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41284

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41285

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41286

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41287

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains divide by zero vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens jt2go -
CVE-2022-41288

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go -
CVE-2022-41660

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-41661

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-41662

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-41663

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-41664

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-41665

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

Products Affected

Vendor Product Version
siemens 7kg8501-0aa31-2aa0_firmware *
siemens 7kg8551-0aa02-2aa0_firmware *
siemens 7kg8550-0aa10-2aa0_firmware *
siemens 7kg8551-0aa12-2aa0_firmware *
siemens 7kg8501-0aa32-2aa0_firmware *
siemens 7kg8551-0aa31-0aa0_firmware *
siemens 7kg8500-0aa10-0aa0_firmware *
siemens 7kg8501-0aa11-2aa0_firmware *
siemens 7kg8551-0aa01-2aa0_firmware *
siemens 7kg8551-0aa32-2aa0_firmware *
siemens 7kg8550-0aa10-0aa0_firmware *
siemens 7kg8501-0aa31-0aa0_firmware *
siemens 7kg8501-0aa02-2aa0_firmware *
siemens 7kg8500-0aa30-2aa0_firmware *
siemens 7kg8551-0aa31-2aa0_firmware *
siemens 7kg8501-0aa01-2aa0_firmware *
siemens 7kg8501-0aa32-0aa0_firmware *
siemens 7kg8501-0aa12-0aa0_firmware *
siemens 7kg8501-0aa01-0aa0_firmware *
siemens 7kg8501-0aa02-0aa0_firmware *
siemens 7kg8500-0aa00-2aa0_firmware *
siemens 7kg8551-0aa32-0aa0_firmware *
siemens 7kg8551-0aa01-0aa0_firmware *
siemens 7kg8501-0aa12-2aa0_firmware *
siemens 7kg8550-0aa00-2aa0_firmware *
siemens 7kg8551-0aa12-0aa0_firmware *
siemens 7kg8500-0aa10-2aa0_firmware *
siemens 7kg8551-0aa02-0aa0_firmware *
siemens 7kg8550-0aa30-0aa0_firmware *
siemens 7kg8550-0aa00-0aa0_firmware *
siemens 7kg8550-0aa30-2aa0_firmware *
siemens 7kg8501-0aa11-0aa0_firmware *
siemens 7kg8551-0aa11-2aa0_firmware *
siemens 7kg8500-0aa30-0aa0_firmware *
siemens 7kg8551-0aa11-0aa0_firmware *
siemens 7kg8500-0aa00-0aa0_firmware *
CVE-2022-41851

A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens simcenter_femap *
CVE-2022-42732

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

Products Affected

Vendor Product Version
siemens syngo_dynamics_cardiovascular_imaging_and_information_system *
CVE-2022-42733

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool.

Products Affected

Vendor Product Version
siemens syngo_dynamics_cardiovascular_imaging_and_information_system *
CVE-2022-42734

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.

Products Affected

Vendor Product Version
siemens syngo_dynamics_cardiovascular_imaging_and_information_system *
CVE-2022-42784

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
productcert@siemens.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
siemens 6ag1052-2cc08-7ba1_firmware *
siemens 6ed1052-1md08-0ba1_firmware *
siemens 6ed1052-2cc08-0ba1_firmware *
siemens 6ed1052-2md08-0ba1_firmware *
siemens 6ed1052-1hb08-0ba1_firmware *
siemens 6ag1052-1fb08-7ba1_firmware *
siemens 6ed1052-1cc08-0ba1_firmware *
siemens 6ed1052-1fb08-0ba1_firmware *
siemens 6ag1052-2hb08-7ba1_firmware *
siemens 6ag1052-2md08-7ba1_firmware *
siemens 6ag1052-1md08-7ba1_firmware *
siemens 6ag1052-1hb08-7ba1_firmware *
siemens 6ed1052-2hb08-0ba1_firmware *
siemens 6ag1052-2fb08-7ba1_firmware *
siemens 6ag1052-1cc08-7ba1_firmware *
siemens 6ed1052-2fb08-0ba1_firmware *
CVE-2022-42891

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.

Products Affected

Vendor Product Version
siemens syngo_dynamics_cardiovascular_imaging_and_information_system *
CVE-2022-42892

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool.

Products Affected

Vendor Product Version
siemens syngo_dynamics_cardiovascular_imaging_and_information_system *
CVE-2022-42893

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool.

Products Affected

Vendor Product Version
siemens syngo_dynamics_cardiovascular_imaging_and_information_system *
CVE-2022-42894

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.

Products Affected

Vendor Product Version
siemens syngo_dynamics_cardiovascular_imaging_and_information_system *
CVE-2022-43397

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Simcenter Femap (All versions < V2023.1). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17854)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
CVE-2022-43398

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
siemens 7kg9501-0aa31-2aa1_firmware *
siemens 7kg9501-0aa01-2aa1_firmware *
CVE-2022-43400

A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens siveillance_video_mobile_server *
CVE-2022-43439

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions < V2.50), SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
siemens 7kg9501-0aa31-2aa1_firmware *
siemens 7kg9501-0aa01-2aa1_firmware *
CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user.

Products Affected

Vendor Product Version
siemens automation_license_manager 6.0
siemens automation_license_manager 5.3.4.4
siemens automation_license_manager 5.0.0
siemens automation_license_manager 5.3
siemens automation_license_manager 5.2
siemens automation_license_manager 6.0.9
siemens automation_license_manager 5.1
siemens automation_license_manager 6.0.8
siemens automation_license_manager 6.0.1
CVE-2022-43514

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution.

Products Affected

Vendor Product Version
siemens automation_license_manager 6.0
siemens automation_license_manager 5.3.4.4
siemens automation_license_manager 5.0.0
siemens automation_license_manager 5.3
siemens automation_license_manager 5.2
siemens automation_license_manager 6.0.9
siemens automation_license_manager 5.1
siemens automation_license_manager 6.0.8
siemens automation_license_manager 6.0.1
CVE-2022-43517

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.

Products Affected

Vendor Product Version
siemens star-ccm+ *
CVE-2022-43545

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens 7kg9501-0aa31-2aa1_firmware *
siemens 7kg9501-0aa01-2aa1_firmware *
CVE-2022-43546

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
siemens 7kg9501-0aa31-2aa1_firmware *
siemens 7kg9501-0aa01-2aa1_firmware *
CVE-2022-43716

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens siplus_net_cp_1242-7_v2_firmware *
siemens simatic_cp_1542sp-1_firmware *
siemens simatic_cp_1543sp-1_firmware *
siemens simatic_cp_1243-1_firmware *
siemens simatic_cp_1542sp-1_irc_firmware *
siemens simatic_ipc_diagmonitor_firmware *
siemens simatic_cp_1243-8_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens siplus_tim_1531_irc_firmware *
siemens simatic_cp_1243-1_dnp3_firmware *
siemens tim_1531_irc_firmware *
siemens simatic_ipc_diagbase_firmware *
siemens simatic_cp_443-1_advanced_firmware *
siemens siplus_net_cp_443-1_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens siplus_net_cp_443-1_advanced_firmware *
siemens simatic_cp_1243-7_lte_eu_firmware *
siemens simatic_cp_1243-1_iec_firmware *
siemens simatic_cp_1242-7_v2_firmware *
siemens simatic_cp_1243-7_lte_us_firmware *
siemens simatic_cp_443-1_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
CVE-2022-43722

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

Products Affected

Vendor Product Version
siemens sicam_pas *
siemens sicam_pas/pqs *
siemens sicam_pqs *
CVE-2022-43723

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

Products Affected

Vendor Product Version
siemens sicam_pas *
siemens sicam_pas/pqs *
siemens sicam_pqs *
CVE-2022-43724

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

Products Affected

Vendor Product Version
siemens sicam_pas *
siemens sicam_pas/pqs *
siemens sicam_pqs *
CVE-2022-43767

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens siplus_net_cp_1242-7_v2_firmware *
siemens simatic_cp_1542sp-1_firmware *
siemens simatic_cp_1543sp-1_firmware *
siemens simatic_cp_1243-1_firmware *
siemens simatic_cp_1542sp-1_irc_firmware *
siemens simatic_ipc_diagmonitor_firmware *
siemens simatic_cp_1243-8_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens siplus_tim_1531_irc_firmware *
siemens simatic_cp_1243-1_dnp3_firmware *
siemens tim_1531_irc_firmware *
siemens simatic_ipc_diagbase_firmware *
siemens simatic_cp_443-1_advanced_firmware *
siemens siplus_net_cp_443-1_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens siplus_net_cp_443-1_advanced_firmware *
siemens simatic_cp_1243-7_lte_eu_firmware *
siemens simatic_cp_1243-1_iec_firmware *
siemens simatic_cp_1242-7_v2_firmware *
siemens simatic_cp_1243-7_lte_us_firmware *
siemens simatic_cp_443-1_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
CVE-2022-43768

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens siplus_net_cp_1242-7_v2_firmware *
siemens simatic_cp_1542sp-1_firmware *
siemens simatic_cp_1543sp-1_firmware *
siemens simatic_cp_1243-1_firmware *
siemens simatic_cp_1542sp-1_irc_firmware *
siemens simatic_ipc_diagmonitor_firmware *
siemens simatic_cp_1243-8_irc_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware *
siemens siplus_s7-1200_cp_1243-1_rail_firmware *
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware *
siemens siplus_tim_1531_irc_firmware *
siemens simatic_cp_1243-1_dnp3_firmware *
siemens tim_1531_irc_firmware *
siemens simatic_ipc_diagbase_firmware *
siemens simatic_cp_443-1_advanced_firmware *
siemens siplus_net_cp_443-1_firmware *
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware *
siemens siplus_net_cp_443-1_advanced_firmware *
siemens simatic_cp_1243-7_lte_eu_firmware *
siemens simatic_cp_1243-1_iec_firmware *
siemens simatic_cp_1242-7_v2_firmware *
siemens simatic_cp_1243-7_lte_us_firmware *
siemens simatic_cp_443-1_firmware *
siemens siplus_s7-1200_cp_1243-1_firmware *
CVE-2022-43958

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.1 5.5
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2022-44575

A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.

Products Affected

Vendor Product Version
siemens plm_help_server 4.2
CVE-2022-44731

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMATIC WinCC OA V3.18 (All versions < V3.18 P014). The affected component allows to inject custom arguments to the Ultralight Client backend application under certain circumstances. This could allow an authenticated remote attacker to inject arbitrary parameters when starting the client via the web interface (e.g., open attacker chosen panels with the attacker's credentials or start a Ctrl script).

Products Affected

Vendor Product Version
siemens simatic_wincc_oa 3.16
siemens simatic_wincc_oa 3.18
siemens simatic_wincc_oa 3.15
siemens simatic_wincc_oa 3.17
CVE-2022-45044

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.

Products Affected

Vendor Product Version
siemens siprotec_5_6md86_firmware -
siemens siprotec_5_6md85_firmware -
siemens siprotec_5_7sx85_firmware -
siemens siprotec_5_6mu85_firmware -
siemens siprotec_5_7sk82_firmware -
siemens siprotec_5_communication_module_ethba2el_firmware -
siemens siprotec_5_7um85_firmware -
siemens siprotec_5_7sk85_firmware -
siemens siprotec_5_6md89_firmware -
siemens siprotec_5_compact_7sx800_firmware -
siemens siprotec_5_7ut82_firmware -
siemens siprotec_5_7ve85_firmware -
siemens siprotec_5_7ut87_firmware -
siemens siprotec_5_7sa86_firmware -
siemens siprotec_5_7ut85_firmware -
siemens siprotec_5_7sj86_firmware -
siemens siprotec_5_7sa82_firmware -
siemens siprotec_5_7st85_firmware -
siemens siprotec_5_7sa87_firmware -
siemens siprotec_5_7ut86_firmware -
siemens siprotec_5_7sd86_firmware -
siemens siprotec_5_7sj85_firmware -
siemens siprotec_5_7ke85_firmware -
siemens siprotec_5_7sl86_firmware -
siemens siprotec_5_7sd82_firmware -
siemens siprotec_5_communication_module_ethbb2fo_firmware -
siemens siprotec_5_7sl82_firmware -
siemens siprotec_5_7sj82_firmware -
siemens siprotec_5_7ss85_firmware -
siemens siprotec_5_7sd87_firmware -
siemens siprotec_5_7vk87_firmware -
siemens siprotec_5_7sj81_firmware -
siemens siprotec_5_7sl87_firmware -
siemens siprotec_5_communication_module_ethbd2fo_firmware -
CVE-2022-45092

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2022-45093

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2022-45094

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component.

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2022-45484

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2022-45936

A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.

Products Affected

Vendor Product Version
siemens mendix_email_connector *
CVE-2022-45937

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

Products Affected

Vendor Product Version
siemens pxx-485.3_firmware *
siemens talon_tc_modular_(bacnet)_firmware *
siemens pxc24.2-pe.a_firmware *
siemens pxc24.2-pef.a_firmware *
siemens pxc24.2-per.a_firmware *
siemens pxc100-e96.a_firmware *
siemens pxc16.2-pe.a_firmware *
siemens pxc24.2-perf.a_firmware *
siemens pxc00-e96.a_firmware *
CVE-2022-46140

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
siemens scalance_m826-2_shdsl-router_firmware *
siemens scalance_sc626-2c_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_w788-2_m12_eec_firmware -
siemens scalance_xr326-2c_firmware -
siemens scalance_xc208_poe_firmware -
siemens scalance_xb213-3_firmware -
siemens scalance_w738-1_m12_firmware *
siemens scalance_mum856-1_firmware *
siemens scalance_xb205-3ld_firmware -
siemens scalance_xc206-2_firmware -
siemens scalance_xc206-2g_poe_firmware -
siemens scalance_xc216-4c_g_eec_firmware -
siemens scalance_w786-1_rj45_firmware -
siemens scalance_xp216poe_eec_firmware -
siemens scalance_w734-1_rj45_firmware *
siemens scalance_w788-2_m12_firmware -
siemens scalance_w786-2ia_rj45_firmware -
siemens scalance_xb213-3ld_firmware -
siemens scalance_xb216_firmware -
siemens scalance_sc642-2c_firmware *
siemens scalance_xc224_firmware -
siemens scalance_wam766-1_ecc_firmware -
siemens scalance_wam766-1_6ghz_firmware -
siemens scalance_w722-1_rj45_firmware *
siemens scalance_sc636-2c_firmware *
siemens scalance_xp216eec_firmware -
siemens scalance_xc216_firmware -
siemens scalance_xm408-4c_firmware -
siemens scalance_w761-1_rj45_firmware -
siemens siplus_net_scalance_xc206-2sfp_firmware -
siemens scalance_wum763-1_firmware -
siemens siplus_net_scalance_xc206-2_firmware -
siemens scalance_w774-1_m12_eec_firmware -
siemens scalance_w778-1_m12_eec_firmware -
siemens scalance_xc206-2sfp_eec_firmware -
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_w788-1_m12_firmware -
siemens siplus_net_scalance_xc208_firmware -
siemens scalance_sc646-2c_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_xp216_firmware -
siemens scalance_xp208_firmware -
siemens scalance_xr524-8c_firmware -
siemens scalance_xr328-4c_wg_firmware -
siemens scalance_w1788-2ia_m12_firmware -
siemens scalance_m876-4_firmware *
siemens scalance_w1748-1_m12_firmware -
siemens scalance_xf204-2bca_dna_firmware -
siemens scalance_xp208poe_eec_firmware -
siemens scalance_xr326-2c_poe_firmware -
siemens scalance_w786-2_sfp_firmware -
siemens scalance_sc622-2c_firmware *
siemens scalance_w748-1_m12_firmware *
siemens scalance_xm408-8c_firmware -
siemens scalance_w774-1_m12_rj45_firmware -
siemens scalance_wum766-1_firmware -
siemens scalance_xf204_dna_firmware -
siemens scalance_xp208eec_firmware -
siemens scalance_xr552-12m_firmware -
siemens scalance_xc224-4c_g_eec_firmware -
siemens scalance_xr528-6m_firmware -
siemens scalance_wum766-1_6ghz_firmware -
siemens scalance_xb208_firmware -
siemens scalance_m804pb_firmware *
siemens scalance_mum853-1_firmware *
siemens scalance_w1788-1_m12_firmware -
siemens scalance_w774-1_rj45_firmware -
siemens scalance_xr324wg_firmware -
siemens scalance_m876-3_firmware *
siemens scalance_xr526-8c_firmware -
siemens scalance_xc206-2sfp_g_eec_firmware -
siemens scalance_xc206-2sfp_firmware -
siemens scalance_xc224-4c_g_firmware -
siemens scalance_sc632-2c_firmware *
siemens scalance_xb205-3_firmware -
siemens scalance_xc216-3g_poe_firmware -
siemens scalance_w786-2_rj45_firmware -
siemens scalance_xc208_firmware -
siemens scalance_s615_firmware *
siemens scalance_xm416-4c_firmware -
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_xc216-4c_g_firmware -
siemens scalance_w721-1_rj45_firmware *
siemens scalance_w1788-2_eec_m12_firmware -
siemens scalance_m812-1_adsl-router_firmware *
siemens scalance_xc206-2g_poe_eec_firmware -
siemens scalance_xc208_eec_firmware -
siemens scalance_xf204_firmware -
siemens scalance_m816-1_adsl-router_firmware *
siemens scalance_wam766-1_firmware -
siemens scalance_xf204-2ba_firmware -
siemens scalance_wam763-1_firmware -
siemens scalance_xc216-4c_firmware -
siemens scalance_w788-1_rj45_firmware -
siemens scalance_xc216eec_firmware -
siemens scalance_w1788-2_m12_firmware -
siemens scalance_s615_eec_firmware *
siemens scalance_w778-1_m12_firmware -
siemens siplus_net_scalance_xc216-4c_firmware -
siemens scalance_xc206-2sfp_g_firmware -
CVE-2022-46141

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
siemens simatic_step_7 *
CVE-2022-46142

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6
productcert@siemens.com 5.7 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 0.9 4.7

Products Affected

Vendor Product Version
siemens scalance_m826-2_shdsl-router_firmware *
siemens scalance_sc626-2c_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_w788-2_m12_eec_firmware -
siemens scalance_xr326-2c_firmware -
siemens scalance_xc208_poe_firmware -
siemens scalance_xb213-3_firmware -
siemens scalance_w738-1_m12_firmware *
siemens scalance_mum856-1_firmware *
siemens scalance_xb205-3ld_firmware -
siemens scalance_xc206-2_firmware -
siemens scalance_xc206-2g_poe_firmware -
siemens scalance_xc216-4c_g_eec_firmware -
siemens scalance_w786-1_rj45_firmware -
siemens scalance_xp216poe_eec_firmware -
siemens scalance_w734-1_rj45_firmware *
siemens scalance_w788-2_m12_firmware -
siemens scalance_w786-2ia_rj45_firmware -
siemens scalance_xb213-3ld_firmware -
siemens scalance_xb216_firmware -
siemens scalance_sc642-2c_firmware *
siemens scalance_xc224_firmware -
siemens scalance_wam766-1_ecc_firmware -
siemens scalance_wam766-1_6ghz_firmware -
siemens scalance_w722-1_rj45_firmware *
siemens scalance_sc636-2c_firmware *
siemens scalance_xp216eec_firmware -
siemens scalance_xc216_firmware -
siemens scalance_xm408-4c_firmware -
siemens scalance_w761-1_rj45_firmware -
siemens siplus_net_scalance_xc206-2sfp_firmware -
siemens scalance_wum763-1_firmware -
siemens siplus_net_scalance_xc206-2_firmware -
siemens scalance_w774-1_m12_eec_firmware -
siemens scalance_w778-1_m12_eec_firmware -
siemens scalance_xc206-2sfp_eec_firmware -
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_w788-1_m12_firmware -
siemens siplus_net_scalance_xc208_firmware -
siemens scalance_sc646-2c_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_xp216_firmware -
siemens scalance_xp208_firmware -
siemens scalance_xr524-8c_firmware -
siemens scalance_xr328-4c_wg_firmware -
siemens scalance_w1788-2ia_m12_firmware -
siemens scalance_m876-4_firmware *
siemens scalance_w1748-1_m12_firmware -
siemens scalance_xf204-2bca_dna_firmware -
siemens scalance_xp208poe_eec_firmware -
siemens scalance_xr326-2c_poe_firmware -
siemens scalance_w786-2_sfp_firmware -
siemens scalance_sc622-2c_firmware *
siemens scalance_w748-1_m12_firmware *
siemens scalance_xm408-8c_firmware -
siemens scalance_w774-1_m12_rj45_firmware -
siemens scalance_wum766-1_firmware -
siemens scalance_xf204_dna_firmware -
siemens scalance_xp208eec_firmware -
siemens scalance_xr552-12m_firmware -
siemens scalance_xc224-4c_g_eec_firmware -
siemens scalance_xr528-6m_firmware -
siemens scalance_wum766-1_6ghz_firmware -
siemens scalance_xb208_firmware -
siemens scalance_m804pb_firmware *
siemens scalance_mum853-1_firmware *
siemens scalance_w1788-1_m12_firmware -
siemens scalance_w774-1_rj45_firmware -
siemens scalance_xr324wg_firmware -
siemens scalance_m876-3_firmware *
siemens scalance_xr526-8c_firmware -
siemens scalance_xc206-2sfp_g_eec_firmware -
siemens scalance_xc206-2sfp_firmware -
siemens scalance_xc224-4c_g_firmware -
siemens scalance_sc632-2c_firmware *
siemens scalance_xb205-3_firmware -
siemens scalance_xc216-3g_poe_firmware -
siemens scalance_w786-2_rj45_firmware -
siemens scalance_xc208_firmware -
siemens scalance_s615_firmware *
siemens scalance_xm416-4c_firmware -
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_xc216-4c_g_firmware -
siemens scalance_w721-1_rj45_firmware *
siemens scalance_w1788-2_eec_m12_firmware -
siemens scalance_m812-1_adsl-router_firmware *
siemens scalance_xc206-2g_poe_eec_firmware -
siemens scalance_xc208_eec_firmware -
siemens scalance_xf204_firmware -
siemens scalance_m816-1_adsl-router_firmware *
siemens scalance_wam766-1_firmware -
siemens scalance_xf204-2ba_firmware -
siemens scalance_wam763-1_firmware -
siemens scalance_xc216-4c_firmware -
siemens scalance_w788-1_rj45_firmware -
siemens scalance_xc216eec_firmware -
siemens scalance_w1788-2_m12_firmware -
siemens scalance_s615_eec_firmware *
siemens scalance_w778-1_m12_firmware -
siemens siplus_net_scalance_xc216-4c_firmware -
siemens scalance_xc206-2sfp_g_firmware -
CVE-2022-46143

Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4
productcert@siemens.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
siemens scalance_m826-2_shdsl-router_firmware *
siemens scalance_sc626-2c_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_w788-2_m12_eec_firmware -
siemens scalance_xr326-2c_firmware -
siemens scalance_xc208_poe_firmware -
siemens scalance_xb213-3_firmware -
siemens scalance_w738-1_m12_firmware *
siemens scalance_mum856-1_firmware *
siemens scalance_xb205-3ld_firmware -
siemens scalance_xc206-2_firmware -
siemens scalance_xc206-2g_poe_firmware -
siemens scalance_xc216-4c_g_eec_firmware -
siemens scalance_w786-1_rj45_firmware -
siemens scalance_xp216poe_eec_firmware -
siemens scalance_w734-1_rj45_firmware *
siemens scalance_w788-2_m12_firmware -
siemens scalance_w786-2ia_rj45_firmware -
siemens scalance_xb213-3ld_firmware -
siemens scalance_xb216_firmware -
siemens scalance_sc642-2c_firmware *
siemens scalance_xc224_firmware -
siemens scalance_wam766-1_ecc_firmware -
siemens scalance_wam766-1_6ghz_firmware -
siemens scalance_w722-1_rj45_firmware *
siemens scalance_sc636-2c_firmware *
siemens scalance_xp216eec_firmware -
siemens scalance_xc216_firmware -
siemens scalance_xm408-4c_firmware -
siemens scalance_w761-1_rj45_firmware -
siemens siplus_net_scalance_xc206-2sfp_firmware -
siemens scalance_wum763-1_firmware -
siemens siplus_net_scalance_xc206-2_firmware -
siemens scalance_w774-1_m12_eec_firmware -
siemens scalance_w778-1_m12_eec_firmware -
siemens scalance_xc206-2sfp_eec_firmware -
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_w788-1_m12_firmware -
siemens siplus_net_scalance_xc208_firmware -
siemens scalance_sc646-2c_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_xp216_firmware -
siemens scalance_xp208_firmware -
siemens scalance_xr524-8c_firmware -
siemens scalance_xr328-4c_wg_firmware -
siemens scalance_w1788-2ia_m12_firmware -
siemens scalance_m876-4_firmware *
siemens scalance_w1748-1_m12_firmware -
siemens scalance_xf204-2bca_dna_firmware -
siemens scalance_xp208poe_eec_firmware -
siemens scalance_xr326-2c_poe_firmware -
siemens scalance_w786-2_sfp_firmware -
siemens scalance_sc622-2c_firmware *
siemens scalance_w748-1_m12_firmware *
siemens scalance_xm408-8c_firmware -
siemens scalance_w774-1_m12_rj45_firmware -
siemens scalance_wum766-1_firmware -
siemens scalance_xf204_dna_firmware -
siemens scalance_xp208eec_firmware -
siemens scalance_xr552-12m_firmware -
siemens scalance_xc224-4c_g_eec_firmware -
siemens scalance_xr528-6m_firmware -
siemens scalance_wum766-1_6ghz_firmware -
siemens scalance_xb208_firmware -
siemens scalance_m804pb_firmware *
siemens scalance_mum853-1_firmware *
siemens scalance_w1788-1_m12_firmware -
siemens scalance_w774-1_rj45_firmware -
siemens scalance_xr324wg_firmware -
siemens scalance_m876-3_firmware *
siemens scalance_xr526-8c_firmware -
siemens scalance_xc206-2sfp_g_eec_firmware -
siemens scalance_xc206-2sfp_firmware -
siemens scalance_xc224-4c_g_firmware -
siemens scalance_sc632-2c_firmware *
siemens scalance_xb205-3_firmware -
siemens scalance_xc216-3g_poe_firmware -
siemens scalance_w786-2_rj45_firmware -
siemens scalance_xc208_firmware -
siemens scalance_s615_firmware *
siemens scalance_xm416-4c_firmware -
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_xc216-4c_g_firmware -
siemens scalance_w721-1_rj45_firmware *
siemens scalance_w1788-2_eec_m12_firmware -
siemens scalance_m812-1_adsl-router_firmware *
siemens scalance_xc206-2g_poe_eec_firmware -
siemens scalance_xc208_eec_firmware -
siemens scalance_xf204_firmware -
siemens scalance_m816-1_adsl-router_firmware *
siemens scalance_wam766-1_firmware -
siemens scalance_xf204-2ba_firmware -
siemens scalance_wam763-1_firmware -
siemens scalance_xc216-4c_firmware -
siemens scalance_w788-1_rj45_firmware -
siemens scalance_xc216eec_firmware -
siemens scalance_w1788-2_m12_firmware -
siemens scalance_s615_eec_firmware *
siemens scalance_w778-1_m12_firmware -
siemens siplus_net_scalance_xc216-4c_firmware -
siemens scalance_xc206-2sfp_g_firmware -
CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V2.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V2.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V2.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V2.0.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
siemens 6gk5642-2gs00-2ac2_firmware *
siemens 6gk5622-2gs00-2ac2_firmware *
siemens 6gk5626-2gs00-2ac2_firmware *
siemens 6gk5632-2gs00-2ac2_firmware *
siemens 6gk5646-2gs00-2ac2_firmware *
siemens 6gk5636-2gs00-2ac2_firmware *
CVE-2022-46265

A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
siemens polarion_alm *
CVE-2022-46345

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19070)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2022 *
siemens solid_edge_se2023 -
siemens parasolid *
siemens solid_edge_se2023 223.0
CVE-2022-46346

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2022 *
siemens solid_edge_se2023 -
siemens parasolid *
siemens solid_edge_se2023 223.0
CVE-2022-46347

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19079)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
CVE-2022-46348

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
CVE-2022-46349

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19384)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
CVE-2022-46350

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device.

Products Affected

Vendor Product Version
siemens 6gk5204-0bs00-2na3_firmware *
siemens 6gk5204-0bs00-3la3_firmware *
siemens 6gk5204-0ba00-2kb2_firmware *
siemens 6gk5204-0bs00-3pa3_firmware *
siemens 6gk5204-0ba00-2mb2_firmware *
CVE-2022-46351

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2).

Products Affected

Vendor Product Version
siemens 6gk5204-0bs00-2na3_firmware *
siemens 6gk5204-0bs00-3la3_firmware *
siemens 6gk5204-0ba00-2kb2_firmware *
siemens 6gk5204-0bs00-3pa3_firmware *
siemens 6gk5204-0ba00-2mb2_firmware *
CVE-2022-46352

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products.

Products Affected

Vendor Product Version
siemens 6gk5204-0bs00-2na3_firmware *
siemens 6gk5204-0bs00-3la3_firmware *
siemens 6gk5204-0ba00-2kb2_firmware *
siemens 6gk5204-0bs00-3pa3_firmware *
siemens 6gk5204-0ba00-2mb2_firmware *
CVE-2022-46353

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

Products Affected

Vendor Product Version
siemens 6gk5204-0bs00-2na3_firmware *
siemens 6gk5204-0bs00-3la3_firmware *
siemens 6gk5204-0ba00-2kb2_firmware *
siemens 6gk5204-0bs00-3pa3_firmware *
siemens 6gk5204-0ba00-2mb2_firmware *
CVE-2022-46354

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.

Products Affected

Vendor Product Version
siemens 6gk5204-0bs00-2na3_firmware *
siemens 6gk5204-0bs00-3la3_firmware *
siemens 6gk5204-0ba00-2kb2_firmware *
siemens 6gk5204-0bs00-3pa3_firmware *
siemens 6gk5204-0ba00-2mb2_firmware *
CVE-2022-46355

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer.

Products Affected

Vendor Product Version
siemens 6gk5204-0bs00-2na3_firmware *
siemens 6gk5204-0bs00-3la3_firmware *
siemens 6gk5204-0ba00-2kb2_firmware *
siemens 6gk5204-0bs00-3pa3_firmware *
siemens 6gk5204-0ba00-2mb2_firmware *
CVE-2022-46664

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information.

Products Affected

Vendor Product Version
siemens mendix_workflow_commons *
CVE-2022-47374

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly. This could allow an attacker to exhaust system resources and create a denial of service condition for the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens 6es7416-3fs07-0ab0_firmware *
siemens sinamics_s120_firmware 5.0
siemens sinamics_s120_firmware 4.7
siemens sinamics_s120_firmware -
siemens 6ag1416-3es07-7ab0_firmware *
siemens 6es7414-3fm07-0ab0_firmware *
siemens sinamics_s120_firmware 4.8
siemens 6es7412-2ek07-0ab0_firmware *
siemens 6es7416-3es07-0ab0_firmware *
siemens sinamics_s120_firmware 4.9
siemens 6es7414-3em07-0ab0_firmware *
siemens 6ag1414-3em07-7ab0_firmware *
siemens simatic_pc-station_plus_firmware *
siemens sinamics_s120_firmware 5.1
siemens sinamics_s120_firmware 5.2
CVE-2022-47375

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens 6es7416-3fs07-0ab0_firmware *
siemens sinamics_s120_firmware 5.0
siemens sinamics_s120_firmware 4.7
siemens sinamics_s120_firmware -
siemens 6ag1416-3es07-7ab0_firmware *
siemens 6es7414-3fm07-0ab0_firmware *
siemens sinamics_s120_firmware 4.8
siemens 6es7412-2ek07-0ab0_firmware *
siemens 6es7416-3es07-0ab0_firmware *
siemens sinamics_s120_firmware 4.9
siemens 6es7414-3em07-0ab0_firmware *
siemens 6ag1414-3em07-7ab0_firmware *
siemens simatic_pc-station_plus_firmware *
siemens sinamics_s120_firmware 5.1
siemens sinamics_s120_firmware 5.2
CVE-2022-47935

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
siemens solid_edge *
CVE-2022-47936

A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150). The affected application contains a stack overflow vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
siemens parasolid *
CVE-2022-47967

A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2022-47977

A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2023-1709

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-23588

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
siemens simatic_ipc647d_firmware *
microchip maxview_storage_manager *
siemens simatic_ipc1047_firmware *
siemens simatic_ipc847d_firmware *
CVE-2023-24482

A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
siemens comos *
CVE-2023-24549

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24550

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24551

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24552

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2022 maintenance_pack_1
siemens solid_edge_se2022 maintenance_pack_2
siemens solid_edge_se2022 maintenance_pack_7
siemens solid_edge_se2022 maintenance_pack_8
siemens solid_edge_se2023 *
siemens solid_edge_se2022 maintenance_pack_10
siemens solid_edge_se2022 maintenance_pack_4
siemens solid_edge_se2022 maintenance_pack_3
siemens solid_edge_se2022 maintenance_pack_11
siemens solid_edge_se2022 maintenance_pack_5
siemens solid_edge_se2022 -
siemens solid_edge_se2022 maintenance_pack_9
CVE-2023-24553

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24554

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24555

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2022 maintenance_pack_1
siemens solid_edge_se2022 maintenance_pack_2
siemens solid_edge_se2022 maintenance_pack_7
siemens solid_edge_se2022 maintenance_pack_8
siemens solid_edge_se2023 *
siemens solid_edge_se2022 maintenance_pack_10
siemens solid_edge_se2022 maintenance_pack_4
siemens solid_edge_se2022 maintenance_pack_3
siemens solid_edge_se2022 maintenance_pack_11
siemens solid_edge_se2022 maintenance_pack_5
siemens solid_edge_se2022 -
siemens solid_edge_se2022 maintenance_pack_9
CVE-2023-24556

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24557

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24558

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24559

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24560

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24561

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24562

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24563

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24564

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a memory corruption vulnerability while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19069)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24565

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted STL file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19428)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24566

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19472)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24581

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted STP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19425)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
CVE-2023-24845

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2023-24978

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19788)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24979

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19789)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24980

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19790)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24981

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19791)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24982

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19804)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24983

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19805)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24984

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19806)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24985

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19807)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24986

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19808)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24987

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19809)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24988

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19810)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24989

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19811)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24990

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19812)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24991

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19813)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24992

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19814)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24993

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19815)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24994

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19816)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24995

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19817)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-24996

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19818)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-25140

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.1 (All versions < V35.1.150), Solid Edge SE2022 (All versions < V222.0MP12). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge se2022
siemens parasolid *
CVE-2023-25910

A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
siemens simatic_step_7 *
siemens simatic_pcs_7 *
siemens simatic_s7-pm *
CVE-2023-26293

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L 1.8 5.5

Products Affected

Vendor Product Version
siemens tia_portal 16
siemens tia_portal 17
siemens tia_portal 15
siemens tia_portal 18
CVE-2023-27309

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 1.6 3.4

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2023-27310

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2023-27398

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27399

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27400

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20300)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27401

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20308, ZDI-CAN-20345)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27402

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20334)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27403

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27404

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20433)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27405

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27406

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20449)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2023-27407

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2023-27408

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2023-27409

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.0 1.4

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2023-27410

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker to cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2023-27411

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2023-27462

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.6 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2023-27463

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2023-27465

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
siemens simotion_c240_pn_firmware *
siemens simotion_d435-2_dp_firmware 5.5
siemens simotion_d425-2_dp_firmware 5.5
siemens simotion_d445-2_dp/pn_(0aa1)_firmware 5.5
siemens simotion_d455-2_dp/pn_firmware 5.5
siemens simotion_d425-2_dp/pn_firmware *
siemens simotion_d435-2_dp/pn_firmware *
siemens simotion_d455-2_dp/pn_firmware *
siemens simotion_d445-2_dp/pn_(0aa0)_firmware 5.4
siemens simotion_d435-2_dp/pn_firmware 5.5
siemens simotion_p320-4_e_firmware 5.4
siemens simotion_c240_firmware *
siemens simotion_d445-2_dp/pn_(0aa1)_firmware *
siemens simotion_d410-2_dp/pn_firmware 5.5
siemens simotion_d410-2_dp_firmware 5.5
siemens simotion_c240_firmware 5.5
siemens simotion_d410-2_dp/pn_firmware *
siemens simotion_p320-4_s_firmware 5.4
siemens simotion_d410-2_dp_firmware *
siemens simotion_d425-2_dp_firmware *
siemens simotion_d435-2_dp_firmware *
siemens simotion_d425-2_dp/pn_firmware 5.5
siemens simotion_c240_pn_firmware 5.5
CVE-2023-28489

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens cp-8031_firmware *
siemens cp-8050_firmware *
CVE-2023-28766

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens siprotec_5_6md85_firmware *
siemens siprotec_5_7sl86_firmware *
siemens siprotec_5_7ut87_firmware *
siemens siprotec_5_6md86_firmware *
siemens siprotec_5_7ut86_firmware *
siemens siprotec_5_7sd87_firmware *
siemens siprotec_5_communication_module_ethba2el_firmware *
siemens siprotec_5_7vu85_firmware *
siemens siprotec_5_7sx82_firmware *
siemens siprotec_5_7sj81_firmware *
siemens siprotec_5_6mu85_firmware *
siemens siprotec_5_7sa87_firmware *
siemens siprotec_5_7sk85_firmware *
siemens siprotec_5_7sd86_firmware *
siemens siprotec_5_7um85_firmware *
siemens siprotec_5_7sl87_firmware *
siemens siprotec_5_7ut85_firmware *
siemens siprotec_5_7ke85_firmware *
siemens siprotec_5_7sa82_firmware *
siemens siprotec_5_7sk82_firmware *
siemens siprotec_5_7ss85_firmware *
siemens siprotec_5_7vk87_firmware *
siemens siprotec_5_7sj82_firmware *
siemens siprotec_5_compact_7sx800_firmware *
siemens siprotec_5_communication_module_ethbb2fo_firmware *
siemens siprotec_5_communication_module_ethbd2fo_firmware *
siemens siprotec_5_7ve85_firmware *
siemens siprotec_5_6md89_firmware *
siemens siprotec_5_7sa86_firmware *
siemens siprotec_5_7sj86_firmware *
siemens siprotec_5_7st85_firmware *
siemens siprotec_5_7ut82_firmware *
siemens siprotec_5_7sx85_firmware *
siemens siprotec_5_7sj85_firmware *
siemens siprotec_5_7sa84_firmware *
siemens siprotec_5_7sl82_firmware *
siemens siprotec_5_7sd84_firmware *
siemens siprotec_5_7sd82_firmware *
siemens siprotec_5_7st86_firmware *
CVE-2023-28828

A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
siemens polarion_alm *
CVE-2023-28829

A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.9 LOW CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L 0.5 3.4

Products Affected

Vendor Product Version
siemens simatic_net_pc_software 15.0
siemens simatic_wincc *
siemens simatic_pcs_7 8.2
siemens simatic_pcs_7 9.1
siemens simatic_net_pc_software 14.0
siemens simatic_pcs_7 9.0
siemens sinaut_st7sc *
CVE-2023-28830

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 update_0001
siemens solid_edge_se2022 maintenance_pack_1
siemens solid_edge_se2023 -
siemens solid_edge_se2022 maintenance_pack_2
siemens solid_edge_se2022 maintenance_pack_7
siemens solid_edge_se2022 maintenance_pack_8
siemens solid_edge_se2022 maintenance_pack_10
siemens solid_edge_se2022 maintenance_pack_4
siemens teamcenter_visualization *
siemens jt2go *
siemens solid_edge_se2023 update_0002
siemens solid_edge_se2022 maintenance_pack_3
siemens solid_edge_se2023 update_0003
siemens solid_edge_se2022 maintenance_pack_11
siemens solid_edge_se2022 maintenance_pack_12
siemens solid_edge_se2022 maintenance_pack_5
siemens solid_edge_se2022 -
siemens solid_edge_se2022 maintenance_pack_9
CVE-2023-28831

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens siplus_et_200sp_cpu_1512sp-1_pn_rail_firmware *
siemens simatic_s7-1500_software_controller_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1514sp-2_pn_firmware *
siemens simatic_s7-1500_cpu_s7-1518-4_pn/dp_odk_firmware *
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_pn/dp_firmware *
siemens siplus_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_pn_firmware *
siemens simatic_et_200sp_open_controller_cpu_firmware *
siemens siplus_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens siplus_s7-1500_cpu_1516-3_pn/dp_rail_firmware *
siemens siplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmware *
siemens simatic_s7-1500_cpu_1516tf-3_pn/dp_firmware *
siemens simatic_s7-1500_et_200pro_firmware *
siemens simatic_drive_controller_cpu_1504d_tf_firmware *
siemens simatic_s7-1500_cpu_1515t-2_pn_firmware *
siemens simatic_s7-1500_cpu_1517h-3_pn_firmware *
siemens siplus_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens simatic_cloud_connect_7_cc712_firmware *
siemens siplus_s7-1500_cpu_1511f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511c-1_pn_firmware *
siemens simatic_s7-1500_cpu_1518t-4_pn/dp_firmware *
siemens siplus_s7-1500_cpu_1515r-2_pn_firmware *
siemens siplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmware *
siemens siplus_s7-1500_cpu_1511-1_pn_t1_rail_firmware *
siemens simatic_s7-1500_cpu_1516t-3_pn/dp_firmware *
siemens siplus_et_200sp_cpu_1510sp-1_pn_rail_firmware *
siemens siplus_s7-1500_cpu_1516f-3_pn/dp_rail_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_mfp_firmware *
siemens siplus_s7-1500_cpu_1513-1_pn_firmware *
siemens siplus_s7-1500_cpu_1515f-2_pn_firmware *
siemens simatic_s7-1500_cpu_1517t-3_pn/dp_firmware *
siemens siplus_et_200sp_cpu_1512sp_f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511t-1_pn_firmware *
siemens siplus_s7-1500_cpu_1516-3_pn/dp_tx_rail_firmware *
siemens simatic_cloud_connect_7_cc716_firmware *
siemens simatic_s7-1500_cpu_1513-1_pn_firmware *
siemens siplus_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1515r-2_pn_firmware *
siemens siplus_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens siplus_s7-1500_cpu_1517h-3_pn_firmware *
siemens simatic_s7-1500_cpu_1514spt-2_pn_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1512sp-1_pn_firmware *
siemens siplus_s7-1500_cpu_1518hf-4_pn_firmware *
siemens siplus_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware *
siemens simatic_s7-1200_cpu_firmware *
siemens siplus_et_200sp_cpu_1510sp_f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1512c-1_pn_firmware *
siemens simatic_s7-1500_cpu_1514sp_f-2_pn_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_pn_firmware *
siemens siplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmware *
siemens siplus_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_pn_firmware *
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware *
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_drive_controller_cpu_1507d_tf_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1512sp_f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1510sp_f-1_pn_firmware *
siemens siplus_s7-1500_cpu_1511-1_pn_tx_rail_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_pn_firmware *
siemens siplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmware *
siemens siplus_et_200sp_cpu_1512sp-1_pn_firmware *
siemens simatic_s7-1500_cpu_1513r-1_pn_firmware *
siemens simatic_s7-1500_cpu_1514spt_f-2_pn_firmware *
siemens siplus_et_200sp_cpu_1510sp-1_pn_firmware *
siemens simatic_s7-1500_cpu_1515-2_pn_firmware *
siemens simatic_s7-1500_cpu_s7-1518f-4_pn/dp_odk_firmware *
siemens siplus_s7-1500_cpu_1515f-2_pn_rail_firmware *
CVE-2023-28832

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens 6gk1411-5ac00_firmware 2.0
siemens 6gk1411-1ac00_firmware 2.0
CVE-2023-29053

A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2023-29054

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H 1.2 5.5

Products Affected

Vendor Product Version
siemens siplus_net_scalance_x202-2p_irt_firmware *
siemens scalance_x202-2p_irt_firmware *
siemens scalance_xf202-2p_irt_firmware *
siemens scalance_x202-2irt_firmware *
siemens scalance_xf204irt_firmware *
siemens scalance_xf201-3p_irt_firmware *
siemens scalance_x201-3p_irt_pro_firmware *
siemens scalance_x200-4p_irt_firmware *
siemens scalance_xf204-2ba_irt_firmware *
siemens scalance_x202-2p_irt_pro_firmware *
siemens scalance_x204irt_firmware *
siemens scalance_x201-3p_irt_firmware *
siemens scalance_x204irt_pro_firmware *
CVE-2023-29103

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens 6gk1411-1ac00_firmware *
siemens 6gk1411-5ac00_firmware *
CVE-2023-29104

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 1.2 4.7

Products Affected

Vendor Product Version
siemens 6gk1411-5ac00_firmware 2.0
siemens 6gk1411-1ac00_firmware 2.0
CVE-2023-29105

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
siemens 6gk1411-1ac00_firmware *
siemens 6gk1411-5ac00_firmware *
CVE-2023-29106

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
siemens 6gk1411-5ac00_firmware 2.0
siemens 6gk1411-1ac00_firmware 2.0
CVE-2023-29107

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
siemens 6gk1411-5ac00_firmware 2.0
siemens 6gk1411-1ac00_firmware 2.0
CVE-2023-29128

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L 1.2 2.5

Products Affected

Vendor Product Version
siemens 6gk1411-5ac00_firmware 2.0
siemens 6gk1411-1ac00_firmware 2.0
CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
siemens simatic_cn_4100 *
siemens simatic_cn_4100_firmware *
CVE-2023-29131

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 3.1 3.7

Products Affected

Vendor Product Version
siemens simatic_cn_4100 *
siemens simatic_cn_4100_firmware *
CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
siemens totally_integrated_automation_portal 15
siemens totally_integrated_automation_portal 17
siemens totally_integrated_automation_portal 16
siemens totally_integrated_automation_portal 14.0
siemens totally_integrated_automation_portal 18
siemens totally_integrated_automation_portal 15.1
CVE-2023-30795

A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens jt_open *
siemens jt_utilities *
siemens parasolid *
CVE-2023-30796

A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens jt_open_toolkit *
siemens jt_utilities *
CVE-2023-30897

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens wincc *
CVE-2023-30898

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
siemens siveillance_video 2020
siemens siveillance_video 2021
siemens siveillance_video 2022
siemens siveillance_video 2023
CVE-2023-30899

A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
siemens siveillance_video 2020
siemens siveillance_video 2021
siemens siveillance_video 2022
siemens siveillance_video 2023
CVE-2023-30900

A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens xpedition_layout_browser *
CVE-2023-30901

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.11), SICAM T (All versions < V3.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens q200_firmware *
CVE-2023-30985

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
siemens solid_edge_se2023 update_0001
siemens solid_edge_se2023 -
CVE-2023-30986

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 update_0001
siemens solid_edge_se2023 -
CVE-2023-31238

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.11), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.11), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.11), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.11), SICAM T (All versions < V3.0). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 1.3 3.7

Products Affected

Vendor Product Version
siemens q200_firmware *
CVE-2023-33121

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-33122

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-33123

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-33124

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-33919

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens cpci85_firmware *
CVE-2023-33920

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
siemens cpci85_firmware *
CVE-2023-33921

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
siemens cpci85_firmware *
CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens sinema_server 14.0
CVE-2023-35920

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_mv550_h_firmware *
siemens simatic_mv540_s_firmware *
siemens simatic_mv560_x_firmware *
siemens simatic_mv550_s_firmware *
siemens simatic_mv540_h_firmware *
siemens simatic_mv560_u_firmware *
CVE-2023-35921

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_mv550_h_firmware *
siemens simatic_mv540_s_firmware *
siemens simatic_mv560_x_firmware *
siemens simatic_mv550_s_firmware *
siemens simatic_mv540_h_firmware *
siemens simatic_mv560_u_firmware *
CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens cp-8031_firmware *
siemens cp-8050_firmware *
CVE-2023-36386

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the get_elements parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36389

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected directly in the response without sanitization while throwing an “invalid path” error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36390

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the action parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36521

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

Products Affected

Vendor Product Version
siemens simatic_mv550_h_firmware *
siemens simatic_mv540_s_firmware *
siemens simatic_mv560_x_firmware *
siemens simatic_mv550_s_firmware *
siemens simatic_mv540_h_firmware *
siemens simatic_mv560_u_firmware *
CVE-2023-36748

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.9 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L 1.2 4.7

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36749

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36750

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36751

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36752

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36753

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36754

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-36755

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens ruggedcom_rox_mx5000re_firmware *
siemens ruggedcom_rox_rx1500_firmware *
siemens ruggedcom_rox_rx1510_firmware *
siemens ruggedcom_rox_rx1524_firmware *
siemens ruggedcom_rox_rx1536_firmware *
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1400_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_rx1501_firmware *
siemens ruggedcom_rox_rx5000_firmware *
CVE-2023-37194

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
siemens simatic_cp_1623_firmware -
siemens simatic_cp_1604_firmware -
siemens simatic_cp_1616_firmware -
siemens simatic_cp_1626_firmware -
siemens simatic_cp_1628_firmware -
CVE-2023-37195

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
siemens simatic_cp_1623_firmware -
siemens simatic_cp_1604_firmware -
siemens simatic_cp_1616_firmware -
siemens simatic_cp_1626_firmware -
siemens simatic_cp_1628_firmware -
CVE-2023-37246

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-37247

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-37248

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-37372

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2023-37373

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2023-37374

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-37375

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-37376

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-38070

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens tecnomatix_plant_simulation *
CVE-2023-38071

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens tecnomatix_plant_simulation *
CVE-2023-38072

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens tecnomatix_plant_simulation *
CVE-2023-38073

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens tecnomatix_plant_simulation *
CVE-2023-38074

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens tecnomatix_plant_simulation *
CVE-2023-38075

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens tecnomatix_plant_simulation *
CVE-2023-38076

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
siemens tecnomatix_plant_simulation *
CVE-2023-38380

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_cp_1243-1_dnp3_firmware -
siemens sinamics_s210_firmware 6.1
siemens simatic_cp_1243-1_firmware -
siemens 6gk7243-8rx30-0xe0_firmware -
siemens simatic_cp_1242-7_v2_firmware -
siemens simatic_cp_1243-1_iec_firmware -
siemens simatic_cp_1243-7_lte_firmware -
siemens sinamics_s210_firmware 5.1
siemens 6ag1543-1ax00-2xe0_firmware -
siemens 6gk7543-1ax00-0xe0_firmware -
siemens sinamics_s210_firmware 5.2
CVE-2023-38524

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38525

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38526

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38527

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38528

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38529

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38530

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38531

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38532

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H 1.8 4.7

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
CVE-2023-38533

A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens tia_administrator 3.0
siemens tia_administrator *
CVE-2023-38557

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
siemens spectrum_power_7 *
CVE-2023-38558

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
siemens simatic_pcs_neo 4.0
CVE-2023-38640

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 1.8 2.5
productcert@siemens.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7

Products Affected

Vendor Product Version
siemens sicam_pas/pqs *
CVE-2023-38641

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sicam_toolbox_ii *
CVE-2023-38679

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-38680

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-38681

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-38682

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-38683

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-39181

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2023-39182

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2023-39183

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2023-39184

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2023-39185

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2023-39186

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2023-39187

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2023-39188

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge *
siemens solid_edge se2023
CVE-2023-39269

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens ruggedcom_ros *
CVE-2023-39419

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge se2023
CVE-2023-39549

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge se2023
CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L 0.9 4.7
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 0.9 4.2

Products Affected

Vendor Product Version
siemens efibootguard *
CVE-2023-40724

A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 1.8 5.5

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-40725

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-40726

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-40727

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-40728

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L 1.8 5.5

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-40729

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2
productcert@siemens.com 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.1 5.2

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-40730

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 2.8 4.2

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-40731

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N 2.1 3.6
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-40732

A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 1.3 2.5
productcert@siemens.com 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 1.3 2.5

Products Affected

Vendor Product Version
siemens qms_automotive *
CVE-2023-41032

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2023-41033

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens parasolid *
CVE-2023-41846

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-42796

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
siemens cp-8031_firmware *
siemens cp-8050_firmware *
CVE-2023-42797

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens sicam_a8000_cp-8050_firmware *
siemens sicam_a8000_cp-8031_firmware *
CVE-2023-43503

A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.1 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens comos *
CVE-2023-43504

A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens comos *
CVE-2023-43505

A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
productcert@siemens.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 3.1 5.8

Products Affected

Vendor Product Version
siemens comos *
CVE-2023-43625

A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens simcenter_amesim *
CVE-2023-44081

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-44082

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-44083

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-44084

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-44085

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-44086

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-44087

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-44120

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens spectrum_power_7 *
CVE-2023-44315

A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
siemens sinec_nms *
CVE-2023-44317

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens scalance_xc206-2g_poe_eec_(54_v_dc)_firmware -
siemens scalance_xp208poe_eec_firmware -
siemens scalance_xb208_(e/ip)_firmware -
siemens scalance_xb216_(pn)_firmware -
siemens scalance_xb213-3_(sc,_pn)_firmware -
siemens scalance_xc208g_eec_firmware -
siemens scalance_xc216-3g_poe_(54_v_dc)_firmware -
siemens scalance_xb213-3_(st,_pn)_firmware -
siemens scalance_xf204-2ba_dna_firmware -
siemens scalance_xr328-4c_wg_(28xge,_dc_24v)_firmware -
siemens scalance_xb213-3ld_(sc,_pn)_firmware -
siemens scalance_xf204_dna_firmware -
siemens scalance_xb213-3_(sc,_e/ip)_firmware -
siemens scalance_xp208eec_firmware -
siemens scalance_xc224-4c_g_eec_firmware -
siemens scalance_xc208g_poe_(54_v_dc)_firmware -
siemens scalance_xc206-2g_poe_firmware -
siemens scalance_xr328-4c_wg_(24xfe,_4xge,dc24v)_firmware -
siemens scalance_xb213-3ld_(sc,_e/ip)_firmware -
siemens scalance_xc216-4c_g_eec_firmware -
siemens scalance_xb216_(e/ip)_firmware -
siemens scalance_xp216_(ethernet/ip)_firmware -
siemens scalance_xp216poe_eec_firmware -
siemens scalance_xr328-4c_wg_(24xfe,4xge,ac230v)_firmware -
siemens scalance_xc206-2sfp_g_eec_firmware -
siemens scalance_xc206-2sfp_firmware -
siemens scalance_xc224-4c_g_firmware -
siemens scalance_xc216-3g_poe_firmware -
siemens scalance_xc208eec_firmware -
siemens scalance_xc208_firmware -
siemens scalance_xb208_(pn)_firmware -
siemens scalance_xc216-4c_g_(eip_def.)_firmware -
siemens scalance_xr328-4c_wg_(24xfe,_4xge,_24v)_firmware -
siemens scalance_xb205-3_(st,_e/ip)_firmware -
siemens scalance_xr328-4c_wg_(28xge,_ac_230v)_firmware -
siemens scalance_xc224_firmware -
siemens scalance_xp208_(ethernet/ip)_firmware -
siemens scalance_xr326-2c_poe_wg_(without_ul)_firmware -
siemens scalance_xb205-3_(sc,_pn)_firmware -
siemens scalance_xc216-4c_g_firmware -
siemens scalance_xc224-4c_g_(eip_def.)_firmware -
siemens scalance_xb205-3ld_(sc,_pn)_firmware -
siemens scalance_xc206-2g_poe_(54_v_dc)_firmware -
siemens scalance_xr326-2c_poe_wg_firmware -
siemens scalance_xc208g_firmware -
siemens scalance_xp216eec_firmware -
siemens scalance_xc216_firmware -
siemens scalance_xr324wg_(24_x_fe,_ac_230v)_firmware -
siemens scalance_xf204_firmware -
siemens scalance_xb213-3_(st,_e/ip)_firmware -
siemens scalance_xr324wg_(24_x_fe,_dc_24v)_firmware -
siemens siplus_net_scalance_xc206-2sfp_firmware -
siemens scalance_xf204-2ba_firmware -
siemens siplus_net_scalance_xc206-2_firmware -
siemens scalance_xc206-2sfp_eec_firmware -
siemens scalance_xc216-4c_firmware -
siemens scalance_xb205-3_(st,_pn)_firmware -
siemens siplus_net_scalance_xc208_firmware -
siemens scalance_xc208g_(eip_def.)_firmware -
siemens scalance_xc206-2_(st/bfoc)_firmware -
siemens scalance_xp216_firmware -
siemens scalance_xp208_firmware -
siemens scalance_xc216eec_firmware -
siemens scalance_xb205-3ld_(sc,_e/ip)_firmware -
siemens scalance_xc208g_poe_firmware -
siemens siplus_net_scalance_xc216-4c_firmware -
siemens scalance_xc206-2sfp_g_firmware -
siemens scalance_xc206-2_(sc)_firmware -
siemens scalance_xc206-2sfp_g_(eip_def.)_firmware -
CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
siemens 6gk5224-4gs00-2tc2_firmware *
siemens 6gk5216-4gs00-2ac2_firmware *
siemens 6gk5216-0ha00-2as6_firmware *
siemens 6gk5205-3bd00-2ab2_firmware *
siemens 6gk5216-0ba00-2ab2_firmware *
siemens 6gk5224-4gs00-2ac2_firmware *
siemens 6gk5328-4fs00-2rr3_firmware *
siemens 6gk5205-3bb00-2ab2_firmware *
siemens 6gk5205-3bb00-2tb2_firmware *
siemens 6gk5326-2qs00-3ar3_firmware *
siemens 6gk5216-0ha00-2ts6_firmware *
siemens 6gk5216-0ua00-5es6_firmware *
siemens 6gk5206-2bs00-2fc2_firmware *
siemens 6gk5208-0ha00-2ts6_firmware *
siemens 6gk5213-3bf00-2tb2_firmware *
siemens 6ag1216-4bs00-7ac2_firmware *
siemens 6gk5208-0ba00-2fc2_firmware *
siemens 6gk5206-2bd00-2ac2_firmware *
siemens 6gk5208-0ra00-2ac2_firmware *
siemens 6gk5224-4gs00-2fc2_firmware *
siemens 6gk5206-2gs00-2fc2_firmware *
siemens 6gk5328-4fs00-3rr3_firmware *
siemens 6gk5208-0ga00-2tc2_firmware *
siemens 6gk5328-4fs00-3ar3_firmware *
siemens 6gk5213-3bb00-2tb2_firmware *
siemens 6gk5206-2bb00-2ac2_firmware *
siemens 6gk5216-3rs00-5ac2_firmware *
siemens 6gk5205-3bf00-2ab2_firmware *
siemens 6ag1206-2bs00-7ac2_firmware *
siemens 6gk5213-3bd00-2ab2_firmware *
siemens 6gk5204-0ba00-2yf2_firmware *
siemens 6gk5206-2gs00-2tc2_firmware *
siemens 6gk5204-2aa00-2gf2_firmware *
siemens 6gk5208-0ua00-5es6_firmware *
siemens 6gk5216-0ha00-2es6_firmware *
siemens 6gk5328-4fs00-2ar3_firmware *
siemens 6gk5213-3bd00-2tb2_firmware *
siemens 6gk5324-0ba00-3ar3_firmware *
siemens 6gk5208-0ba00-2tb2_firmware *
siemens 6gk5205-3bd00-2tb2_firmware *
siemens 6gk5213-3bf00-2ab2_firmware *
siemens 6gk5208-0ga00-2fc2_firmware *
siemens 6gk5208-0ha00-2es6_firmware *
siemens 6gk5206-2rs00-5ac2_firmware *
siemens 6gk5216-4gs00-2fc2_firmware *
siemens 6gk5208-0ba00-2ac2_firmware *
siemens 6gk5328-4ss00-2ar3_firmware *
siemens 6gk5216-4gs00-2tc2_firmware *
siemens 6ag1208-0ba00-7ac2_firmware *
siemens 6gk5206-2gs00-2ac2_firmware *
siemens 6gk5326-2qs00-3rr3_firmware *
siemens 6gk5216-3rs00-2ac2_firmware *
siemens 6gk5216-0ba00-2tb2_firmware *
siemens 6gk5216-0ba00-2ac2_firmware *
siemens 6gk5216-0ba00-2fc2_firmware *
siemens 6gk5204-0ba00-2gf2_firmware *
siemens 6gk5208-0ha00-2as6_firmware *
siemens 6gk5208-0ra00-5ac2_firmware *
siemens 6gk5213-3bb00-2ab2_firmware *
siemens 6gk5205-3bf00-2tb2_firmware *
siemens 6gk5206-2bs00-2ac2_firmware *
siemens 6gk5324-0ba00-2ar3_firmware *
siemens 6gk5208-0ga00-2ac2_firmware *
siemens 6gk5216-4bs00-2ac2_firmware *
siemens 6ag1206-2bb00-7ac2_firmware *
siemens 6gk5208-0ba00-2ab2_firmware *
siemens 6gk5206-2rs00-2ac2_firmware *
siemens 6gk5328-4ss00-3ar3_firmware *
siemens 6gk5206-2rs00-5fc2_firmware *
siemens 6gk5224-0ba00-2ac2_firmware *
siemens 6gk5204-2aa00-2yf2_firmware *
CVE-2023-44319

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
siemens 6gk5224-4gs00-2tc2_firmware *
siemens 6gk5216-4gs00-2ac2_firmware *
siemens 6gk5216-0ha00-2as6_firmware *
siemens 6gk5205-3bd00-2ab2_firmware *
siemens 6gk5216-0ba00-2ab2_firmware *
siemens 6gk5224-4gs00-2ac2_firmware *
siemens 6gk5328-4fs00-2rr3_firmware *
siemens 6gk5205-3bb00-2ab2_firmware *
siemens 6gk5205-3bb00-2tb2_firmware *
siemens 6gk5326-2qs00-3ar3_firmware *
siemens 6gk5216-0ha00-2ts6_firmware *
siemens 6gk5216-0ua00-5es6_firmware *
siemens 6gk5206-2bs00-2fc2_firmware *
siemens 6gk5208-0ha00-2ts6_firmware *
siemens 6gk5213-3bf00-2tb2_firmware *
siemens 6ag1216-4bs00-7ac2_firmware *
siemens 6gk5208-0ba00-2fc2_firmware *
siemens 6gk5206-2bd00-2ac2_firmware *
siemens 6gk5208-0ra00-2ac2_firmware *
siemens 6gk5224-4gs00-2fc2_firmware *
siemens 6gk5206-2gs00-2fc2_firmware *
siemens 6gk5328-4fs00-3rr3_firmware *
siemens 6gk5208-0ga00-2tc2_firmware *
siemens 6gk5328-4fs00-3ar3_firmware *
siemens 6gk5213-3bb00-2tb2_firmware *
siemens 6gk5206-2bb00-2ac2_firmware *
siemens 6gk5216-3rs00-5ac2_firmware *
siemens 6gk5205-3bf00-2ab2_firmware *
siemens 6ag1206-2bs00-7ac2_firmware *
siemens 6gk5213-3bd00-2ab2_firmware *
siemens 6gk5204-0ba00-2yf2_firmware *
siemens 6gk5206-2gs00-2tc2_firmware *
siemens 6gk5204-2aa00-2gf2_firmware *
siemens 6gk5208-0ua00-5es6_firmware *
siemens 6gk5216-0ha00-2es6_firmware *
siemens 6gk5328-4fs00-2ar3_firmware *
siemens 6gk5213-3bd00-2tb2_firmware *
siemens 6gk5324-0ba00-3ar3_firmware *
siemens 6gk5208-0ba00-2tb2_firmware *
siemens 6gk5205-3bd00-2tb2_firmware *
siemens 6gk5213-3bf00-2ab2_firmware *
siemens 6gk5208-0ga00-2fc2_firmware *
siemens 6gk5208-0ha00-2es6_firmware *
siemens 6gk5206-2rs00-5ac2_firmware *
siemens 6gk5216-4gs00-2fc2_firmware *
siemens 6gk5208-0ba00-2ac2_firmware *
siemens 6gk5328-4ss00-2ar3_firmware *
siemens 6gk5216-4gs00-2tc2_firmware *
siemens 6ag1208-0ba00-7ac2_firmware *
siemens 6gk5206-2gs00-2ac2_firmware *
siemens 6gk5326-2qs00-3rr3_firmware *
siemens 6gk5216-3rs00-2ac2_firmware *
siemens 6gk5216-0ba00-2tb2_firmware *
siemens 6gk5216-0ba00-2ac2_firmware *
siemens 6gk5216-0ba00-2fc2_firmware *
siemens 6gk5204-0ba00-2gf2_firmware *
siemens 6gk5208-0ha00-2as6_firmware *
siemens 6gk5208-0ra00-5ac2_firmware *
siemens 6gk5213-3bb00-2ab2_firmware *
siemens 6gk5205-3bf00-2tb2_firmware *
siemens 6gk5206-2bs00-2ac2_firmware *
siemens 6gk5324-0ba00-2ar3_firmware *
siemens 6gk5208-0ga00-2ac2_firmware *
siemens 6gk5216-4bs00-2ac2_firmware *
siemens 6ag1206-2bb00-7ac2_firmware *
siemens 6gk5208-0ba00-2ab2_firmware *
siemens 6gk5206-2rs00-2ac2_firmware *
siemens 6gk5328-4ss00-3ar3_firmware *
siemens 6gk5206-2rs00-5fc2_firmware *
siemens 6gk5224-0ba00-2ac2_firmware *
siemens 6gk5204-2aa00-2yf2_firmware *
CVE-2023-44320

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens 6gk5224-4gs00-2tc2_firmware *
siemens 6gk5216-4gs00-2ac2_firmware *
siemens 6gk5216-0ha00-2as6_firmware *
siemens 6gk5205-3bd00-2ab2_firmware *
siemens 6gk5216-0ba00-2ab2_firmware *
siemens 6gk5224-4gs00-2ac2_firmware *
siemens 6gk5328-4fs00-2rr3_firmware *
siemens 6gk5205-3bb00-2ab2_firmware *
siemens 6gk5205-3bb00-2tb2_firmware *
siemens 6gk5326-2qs00-3ar3_firmware *
siemens 6gk5216-0ha00-2ts6_firmware *
siemens 6gk5216-0ua00-5es6_firmware *
siemens 6gk5206-2bs00-2fc2_firmware *
siemens 6gk5208-0ha00-2ts6_firmware *
siemens 6gk5213-3bf00-2tb2_firmware *
siemens 6ag1216-4bs00-7ac2_firmware *
siemens 6gk5208-0ba00-2fc2_firmware *
siemens 6gk5206-2bd00-2ac2_firmware *
siemens 6gk5208-0ra00-2ac2_firmware *
siemens 6gk5224-4gs00-2fc2_firmware *
siemens 6gk5206-2gs00-2fc2_firmware *
siemens 6gk5328-4fs00-3rr3_firmware *
siemens 6gk5208-0ga00-2tc2_firmware *
siemens 6gk5328-4fs00-3ar3_firmware *
siemens 6gk5213-3bb00-2tb2_firmware *
siemens 6gk5206-2bb00-2ac2_firmware *
siemens 6gk5216-3rs00-5ac2_firmware *
siemens 6gk5205-3bf00-2ab2_firmware *
siemens 6ag1206-2bs00-7ac2_firmware *
siemens 6gk5213-3bd00-2ab2_firmware *
siemens 6gk5204-0ba00-2yf2_firmware *
siemens 6gk5206-2gs00-2tc2_firmware *
siemens 6gk5204-2aa00-2gf2_firmware *
siemens 6gk5208-0ua00-5es6_firmware *
siemens 6gk5216-0ha00-2es6_firmware *
siemens 6gk5328-4fs00-2ar3_firmware *
siemens 6gk5213-3bd00-2tb2_firmware *
siemens 6gk5324-0ba00-3ar3_firmware *
siemens 6gk5208-0ba00-2tb2_firmware *
siemens 6gk5205-3bd00-2tb2_firmware *
siemens 6gk5213-3bf00-2ab2_firmware *
siemens 6gk5208-0ga00-2fc2_firmware *
siemens 6gk5208-0ha00-2es6_firmware *
siemens 6gk5206-2rs00-5ac2_firmware *
siemens 6gk5216-4gs00-2fc2_firmware *
siemens 6gk5208-0ba00-2ac2_firmware *
siemens 6gk5328-4ss00-2ar3_firmware *
siemens 6gk5216-4gs00-2tc2_firmware *
siemens 6ag1208-0ba00-7ac2_firmware *
siemens 6gk5206-2gs00-2ac2_firmware *
siemens 6gk5326-2qs00-3rr3_firmware *
siemens 6gk5216-3rs00-2ac2_firmware *
siemens 6gk5216-0ba00-2tb2_firmware *
siemens 6gk5216-0ba00-2ac2_firmware *
siemens 6gk5216-0ba00-2fc2_firmware *
siemens 6gk5204-0ba00-2gf2_firmware *
siemens 6gk5208-0ha00-2as6_firmware *
siemens 6gk5208-0ra00-5ac2_firmware *
siemens 6gk5213-3bb00-2ab2_firmware *
siemens 6gk5205-3bf00-2tb2_firmware *
siemens 6gk5206-2bs00-2ac2_firmware *
siemens 6gk5324-0ba00-2ar3_firmware *
siemens 6gk5208-0ga00-2ac2_firmware *
siemens 6gk5216-4bs00-2ac2_firmware *
siemens 6ag1206-2bb00-7ac2_firmware *
siemens 6gk5208-0ba00-2ab2_firmware *
siemens 6gk5206-2rs00-2ac2_firmware *
siemens 6gk5328-4ss00-3ar3_firmware *
siemens 6gk5206-2rs00-5fc2_firmware *
siemens 6gk5224-0ba00-2ac2_firmware *
siemens 6gk5204-2aa00-2yf2_firmware *
CVE-2023-44321

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
productcert@siemens.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4

Products Affected

Vendor Product Version
siemens 6gk5224-4gs00-2tc2_firmware *
siemens 6gk5216-4gs00-2ac2_firmware *
siemens 6gk5216-0ha00-2as6_firmware *
siemens 6gk5205-3bd00-2ab2_firmware *
siemens 6gk5216-0ba00-2ab2_firmware *
siemens 6gk5224-4gs00-2ac2_firmware *
siemens 6gk5328-4fs00-2rr3_firmware *
siemens 6gk5205-3bb00-2ab2_firmware *
siemens 6gk5205-3bb00-2tb2_firmware *
siemens 6gk5326-2qs00-3ar3_firmware *
siemens 6gk5216-0ha00-2ts6_firmware *
siemens 6gk5216-0ua00-5es6_firmware *
siemens 6gk5206-2bs00-2fc2_firmware *
siemens 6gk5208-0ha00-2ts6_firmware *
siemens 6gk5213-3bf00-2tb2_firmware *
siemens 6ag1216-4bs00-7ac2_firmware *
siemens 6gk5208-0ba00-2fc2_firmware *
siemens 6gk5206-2bd00-2ac2_firmware *
siemens 6gk5208-0ra00-2ac2_firmware *
siemens 6gk5224-4gs00-2fc2_firmware *
siemens 6gk5206-2gs00-2fc2_firmware *
siemens 6gk5328-4fs00-3rr3_firmware *
siemens 6gk5208-0ga00-2tc2_firmware *
siemens 6gk5328-4fs00-3ar3_firmware *
siemens 6gk5213-3bb00-2tb2_firmware *
siemens 6gk5206-2bb00-2ac2_firmware *
siemens 6gk5216-3rs00-5ac2_firmware *
siemens 6gk5205-3bf00-2ab2_firmware *
siemens 6ag1206-2bs00-7ac2_firmware *
siemens 6gk5213-3bd00-2ab2_firmware *
siemens 6gk5204-0ba00-2yf2_firmware *
siemens 6gk5206-2gs00-2tc2_firmware *
siemens 6gk5204-2aa00-2gf2_firmware *
siemens 6gk5208-0ua00-5es6_firmware *
siemens 6gk5216-0ha00-2es6_firmware *
siemens 6gk5328-4fs00-2ar3_firmware *
siemens 6gk5213-3bd00-2tb2_firmware *
siemens 6gk5324-0ba00-3ar3_firmware *
siemens 6gk5208-0ba00-2tb2_firmware *
siemens 6gk5205-3bd00-2tb2_firmware *
siemens 6gk5213-3bf00-2ab2_firmware *
siemens 6gk5208-0ga00-2fc2_firmware *
siemens 6gk5208-0ha00-2es6_firmware *
siemens 6gk5206-2rs00-5ac2_firmware *
siemens 6gk5216-4gs00-2fc2_firmware *
siemens 6gk5208-0ba00-2ac2_firmware *
siemens 6gk5328-4ss00-2ar3_firmware *
siemens 6gk5216-4gs00-2tc2_firmware *
siemens 6ag1208-0ba00-7ac2_firmware *
siemens 6gk5206-2gs00-2ac2_firmware *
siemens 6gk5326-2qs00-3rr3_firmware *
siemens 6gk5216-3rs00-2ac2_firmware *
siemens 6gk5216-0ba00-2tb2_firmware *
siemens 6gk5216-0ba00-2ac2_firmware *
siemens 6gk5216-0ba00-2fc2_firmware *
siemens 6gk5204-0ba00-2gf2_firmware *
siemens 6gk5208-0ha00-2as6_firmware *
siemens 6gk5208-0ra00-5ac2_firmware *
siemens 6gk5213-3bb00-2ab2_firmware *
siemens 6gk5205-3bf00-2tb2_firmware *
siemens 6gk5206-2bs00-2ac2_firmware *
siemens 6gk5324-0ba00-2ar3_firmware *
siemens 6gk5208-0ga00-2ac2_firmware *
siemens 6gk5216-4bs00-2ac2_firmware *
siemens 6ag1206-2bb00-7ac2_firmware *
siemens 6gk5208-0ba00-2ab2_firmware *
siemens 6gk5206-2rs00-2ac2_firmware *
siemens 6gk5328-4ss00-3ar3_firmware *
siemens 6gk5206-2rs00-5fc2_firmware *
siemens 6gk5224-0ba00-2ac2_firmware *
siemens 6gk5204-2aa00-2yf2_firmware *
CVE-2023-44322

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
productcert@siemens.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

Products Affected

Vendor Product Version
siemens 6gk5224-4gs00-2tc2_firmware *
siemens 6gk5216-4gs00-2ac2_firmware *
siemens 6gk5216-0ha00-2as6_firmware *
siemens 6gk5205-3bd00-2ab2_firmware *
siemens 6gk5216-0ba00-2ab2_firmware *
siemens 6gk5224-4gs00-2ac2_firmware *
siemens 6gk5328-4fs00-2rr3_firmware *
siemens 6gk5205-3bb00-2ab2_firmware *
siemens 6gk5205-3bb00-2tb2_firmware *
siemens 6gk5326-2qs00-3ar3_firmware *
siemens 6gk5216-0ha00-2ts6_firmware *
siemens 6gk5216-0ua00-5es6_firmware *
siemens 6gk5206-2bs00-2fc2_firmware *
siemens 6gk5208-0ha00-2ts6_firmware *
siemens 6gk5213-3bf00-2tb2_firmware *
siemens 6ag1216-4bs00-7ac2_firmware *
siemens 6gk5208-0ba00-2fc2_firmware *
siemens 6gk5206-2bd00-2ac2_firmware *
siemens 6gk5208-0ra00-2ac2_firmware *
siemens 6gk5224-4gs00-2fc2_firmware *
siemens 6gk5206-2gs00-2fc2_firmware *
siemens 6gk5328-4fs00-3rr3_firmware *
siemens 6gk5208-0ga00-2tc2_firmware *
siemens 6gk5328-4fs00-3ar3_firmware *
siemens 6gk5213-3bb00-2tb2_firmware *
siemens 6gk5206-2bb00-2ac2_firmware *
siemens 6gk5216-3rs00-5ac2_firmware *
siemens 6gk5205-3bf00-2ab2_firmware *
siemens 6ag1206-2bs00-7ac2_firmware *
siemens 6gk5213-3bd00-2ab2_firmware *
siemens 6gk5204-0ba00-2yf2_firmware *
siemens 6gk5206-2gs00-2tc2_firmware *
siemens 6gk5204-2aa00-2gf2_firmware *
siemens 6gk5208-0ua00-5es6_firmware *
siemens 6gk5216-0ha00-2es6_firmware *
siemens 6gk5328-4fs00-2ar3_firmware *
siemens 6gk5213-3bd00-2tb2_firmware *
siemens 6gk5324-0ba00-3ar3_firmware *
siemens 6gk5208-0ba00-2tb2_firmware *
siemens 6gk5205-3bd00-2tb2_firmware *
siemens 6gk5213-3bf00-2ab2_firmware *
siemens 6gk5208-0ga00-2fc2_firmware *
siemens 6gk5208-0ha00-2es6_firmware *
siemens 6gk5206-2rs00-5ac2_firmware *
siemens 6gk5216-4gs00-2fc2_firmware *
siemens 6gk5208-0ba00-2ac2_firmware *
siemens 6gk5328-4ss00-2ar3_firmware *
siemens 6gk5216-4gs00-2tc2_firmware *
siemens 6ag1208-0ba00-7ac2_firmware *
siemens 6gk5206-2gs00-2ac2_firmware *
siemens 6gk5326-2qs00-3rr3_firmware *
siemens 6gk5216-3rs00-2ac2_firmware *
siemens 6gk5216-0ba00-2tb2_firmware *
siemens 6gk5216-0ba00-2ac2_firmware *
siemens 6gk5216-0ba00-2fc2_firmware *
siemens 6gk5204-0ba00-2gf2_firmware *
siemens 6gk5208-0ha00-2as6_firmware *
siemens 6gk5208-0ra00-5ac2_firmware *
siemens 6gk5213-3bb00-2ab2_firmware *
siemens 6gk5205-3bf00-2tb2_firmware *
siemens 6gk5206-2bs00-2ac2_firmware *
siemens 6gk5324-0ba00-2ar3_firmware *
siemens 6gk5208-0ga00-2ac2_firmware *
siemens 6gk5216-4bs00-2ac2_firmware *
siemens 6ag1206-2bb00-7ac2_firmware *
siemens 6gk5208-0ba00-2ab2_firmware *
siemens 6gk5206-2rs00-2ac2_firmware *
siemens 6gk5328-4ss00-3ar3_firmware *
siemens 6gk5206-2rs00-5fc2_firmware *
siemens 6gk5224-0ba00-2ac2_firmware *
siemens 6gk5204-2aa00-2yf2_firmware *
CVE-2023-44373

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V2.4.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.4.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V2.4.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V2.4.0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions < V2.4.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V2.4.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.4.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V2.4.0), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions < V2.4.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.4.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.4.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V2.4.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V2.4.0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions < V2.4.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V2.4.0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions < V2.4.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens 6gk5224-4gs00-2tc2_firmware *
siemens 6gk5216-4gs00-2ac2_firmware *
siemens 6gk5216-0ha00-2as6_firmware *
siemens 6gk5205-3bd00-2ab2_firmware *
siemens 6gk5216-0ba00-2ab2_firmware *
siemens 6gk5224-4gs00-2ac2_firmware *
siemens 6gk5328-4fs00-2rr3_firmware *
siemens 6gk5205-3bb00-2ab2_firmware *
siemens 6gk5205-3bb00-2tb2_firmware *
siemens 6gk5326-2qs00-3ar3_firmware *
siemens 6gk5216-0ha00-2ts6_firmware *
siemens 6gk5216-0ua00-5es6_firmware *
siemens 6gk5206-2bs00-2fc2_firmware *
siemens 6gk5208-0ha00-2ts6_firmware *
siemens 6gk5213-3bf00-2tb2_firmware *
siemens 6ag1216-4bs00-7ac2_firmware *
siemens 6gk5208-0ba00-2fc2_firmware *
siemens 6gk5206-2bd00-2ac2_firmware *
siemens 6gk5208-0ra00-2ac2_firmware *
siemens 6gk5224-4gs00-2fc2_firmware *
siemens 6gk5206-2gs00-2fc2_firmware *
siemens 6gk5328-4fs00-3rr3_firmware *
siemens 6gk5208-0ga00-2tc2_firmware *
siemens 6gk5328-4fs00-3ar3_firmware *
siemens 6gk5213-3bb00-2tb2_firmware *
siemens 6gk5206-2bb00-2ac2_firmware *
siemens 6gk5216-3rs00-5ac2_firmware *
siemens 6gk5205-3bf00-2ab2_firmware *
siemens 6ag1206-2bs00-7ac2_firmware *
siemens 6gk5213-3bd00-2ab2_firmware *
siemens 6gk5204-0ba00-2yf2_firmware *
siemens 6gk5206-2gs00-2tc2_firmware *
siemens 6gk5204-2aa00-2gf2_firmware *
siemens 6gk5208-0ua00-5es6_firmware *
siemens 6gk5216-0ha00-2es6_firmware *
siemens 6gk5328-4fs00-2ar3_firmware *
siemens 6gk5213-3bd00-2tb2_firmware *
siemens 6gk5324-0ba00-3ar3_firmware *
siemens 6gk5208-0ba00-2tb2_firmware *
siemens 6gk5205-3bd00-2tb2_firmware *
siemens 6gk5213-3bf00-2ab2_firmware *
siemens 6gk5208-0ga00-2fc2_firmware *
siemens 6gk5208-0ha00-2es6_firmware *
siemens 6gk5206-2rs00-5ac2_firmware *
siemens 6gk5216-4gs00-2fc2_firmware *
siemens 6gk5208-0ba00-2ac2_firmware *
siemens 6gk5328-4ss00-2ar3_firmware *
siemens 6gk5216-4gs00-2tc2_firmware *
siemens 6ag1208-0ba00-7ac2_firmware *
siemens 6gk5206-2gs00-2ac2_firmware *
siemens 6gk5326-2qs00-3rr3_firmware *
siemens 6gk5216-3rs00-2ac2_firmware *
siemens 6gk5216-0ba00-2tb2_firmware *
siemens 6gk5216-0ba00-2ac2_firmware *
siemens 6gk5216-0ba00-2fc2_firmware *
siemens 6gk5204-0ba00-2gf2_firmware *
siemens 6gk5208-0ha00-2as6_firmware *
siemens 6gk5208-0ra00-5ac2_firmware *
siemens 6gk5213-3bb00-2ab2_firmware *
siemens 6gk5205-3bf00-2tb2_firmware *
siemens 6gk5206-2bs00-2ac2_firmware *
siemens 6gk5324-0ba00-2ar3_firmware *
siemens 6gk5208-0ga00-2ac2_firmware *
siemens 6gk5216-4bs00-2ac2_firmware *
siemens 6ag1206-2bb00-7ac2_firmware *
siemens 6gk5208-0ba00-2ab2_firmware *
siemens 6gk5206-2rs00-2ac2_firmware *
siemens 6gk5328-4ss00-3ar3_firmware *
siemens 6gk5206-2rs00-5fc2_firmware *
siemens 6gk5224-0ba00-2ac2_firmware *
siemens 6gk5204-2aa00-2yf2_firmware *
CVE-2023-44374

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user, which could allow to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens 6gk5224-4gs00-2tc2_firmware *
siemens 6gk5216-4gs00-2ac2_firmware *
siemens 6gk5216-0ha00-2as6_firmware *
siemens 6gk5205-3bd00-2ab2_firmware *
siemens 6gk5216-0ba00-2ab2_firmware *
siemens 6gk5224-4gs00-2ac2_firmware *
siemens 6gk5328-4fs00-2rr3_firmware *
siemens 6gk5205-3bb00-2ab2_firmware *
siemens 6gk5205-3bb00-2tb2_firmware *
siemens 6gk5326-2qs00-3ar3_firmware *
siemens 6gk5216-0ha00-2ts6_firmware *
siemens 6gk5216-0ua00-5es6_firmware *
siemens 6gk5206-2bs00-2fc2_firmware *
siemens 6gk5208-0ha00-2ts6_firmware *
siemens 6gk5213-3bf00-2tb2_firmware *
siemens 6ag1216-4bs00-7ac2_firmware *
siemens 6gk5208-0ba00-2fc2_firmware *
siemens 6gk5206-2bd00-2ac2_firmware *
siemens 6gk5208-0ra00-2ac2_firmware *
siemens 6gk5224-4gs00-2fc2_firmware *
siemens 6gk5206-2gs00-2fc2_firmware *
siemens 6gk5328-4fs00-3rr3_firmware *
siemens 6gk5208-0ga00-2tc2_firmware *
siemens 6gk5328-4fs00-3ar3_firmware *
siemens 6gk5213-3bb00-2tb2_firmware *
siemens 6gk5206-2bb00-2ac2_firmware *
siemens 6gk5216-3rs00-5ac2_firmware *
siemens 6gk5205-3bf00-2ab2_firmware *
siemens 6ag1206-2bs00-7ac2_firmware *
siemens 6gk5213-3bd00-2ab2_firmware *
siemens 6gk5204-0ba00-2yf2_firmware *
siemens 6gk5206-2gs00-2tc2_firmware *
siemens 6gk5204-2aa00-2gf2_firmware *
siemens 6gk5208-0ua00-5es6_firmware *
siemens 6gk5216-0ha00-2es6_firmware *
siemens 6gk5328-4fs00-2ar3_firmware *
siemens 6gk5213-3bd00-2tb2_firmware *
siemens 6gk5324-0ba00-3ar3_firmware *
siemens 6gk5208-0ba00-2tb2_firmware *
siemens 6gk5205-3bd00-2tb2_firmware *
siemens 6gk5213-3bf00-2ab2_firmware *
siemens 6gk5208-0ga00-2fc2_firmware *
siemens 6gk5208-0ha00-2es6_firmware *
siemens 6gk5206-2rs00-5ac2_firmware *
siemens 6gk5216-4gs00-2fc2_firmware *
siemens 6gk5208-0ba00-2ac2_firmware *
siemens 6gk5328-4ss00-2ar3_firmware *
siemens 6gk5216-4gs00-2tc2_firmware *
siemens 6ag1208-0ba00-7ac2_firmware *
siemens 6gk5206-2gs00-2ac2_firmware *
siemens 6gk5326-2qs00-3rr3_firmware *
siemens 6gk5216-3rs00-2ac2_firmware *
siemens 6gk5216-0ba00-2tb2_firmware *
siemens 6gk5216-0ba00-2ac2_firmware *
siemens 6gk5216-0ba00-2fc2_firmware *
siemens 6gk5204-0ba00-2gf2_firmware *
siemens 6gk5208-0ha00-2as6_firmware *
siemens 6gk5208-0ra00-5ac2_firmware *
siemens 6gk5213-3bb00-2ab2_firmware *
siemens 6gk5205-3bf00-2tb2_firmware *
siemens 6gk5206-2bs00-2ac2_firmware *
siemens 6gk5324-0ba00-2ar3_firmware *
siemens 6gk5208-0ga00-2ac2_firmware *
siemens 6gk5216-4bs00-2ac2_firmware *
siemens 6ag1206-2bb00-7ac2_firmware *
siemens 6gk5208-0ba00-2ab2_firmware *
siemens 6gk5206-2rs00-2ac2_firmware *
siemens 6gk5328-4ss00-3ar3_firmware *
siemens 6gk5206-2rs00-5fc2_firmware *
siemens 6gk5224-0ba00-2ac2_firmware *
siemens 6gk5204-2aa00-2yf2_firmware *
CVE-2023-45204

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix *
CVE-2023-45205

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sicam_pas/pqs *
CVE-2023-45601

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens tecnomatix *
CVE-2023-45793

A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
siemens siveillance_control *
CVE-2023-45794

A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
siemens mendix *
CVE-2023-46096

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
siemens simatic_pcs_neo *
CVE-2023-46097

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L 2.1 4.2
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
siemens simatic_pcs_neo *
CVE-2023-46098

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens simatic_pcs_neo *
CVE-2023-46099

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.2 3.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
siemens simatic_pcs_neo *
CVE-2023-46156

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens siplus_et_200sp_1512sp_f-1_pn_firmware *
siemens siplus_et_200sp_cpu_1512sp-1_pn_rail_firmware *
siemens simatic_s7-1500_cpu_1517tf-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1514sp-2_pn_firmware *
siemens simatic_s7-1500_cpu_s7-1518-4_pn/dp_odk_firmware *
siemens simatic_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens sinumerik_one_firmware *
siemens simatic_s7-1500_cpu_1518tf-4_pn/dp_firmware *
siemens siplus_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1515tf-2_pn_firmware *
siemens siplus_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens simatic_et_200sp_open_control_1515sp_pc2_firmware *
siemens siplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmware *
siemens simatic_drive_controller_cpu_1504d_tf_firmware *
siemens simatic_s7-1500_et_200pro:_cpu_1516pro_f-2_pn_firmware *
siemens simatic_s7-1500_cpu_1515t-2_pn_firmware *
siemens simatic_s7-1500_cpu_1517h-3_pn_firmware *
siemens siplus_s7-1500_cpu_1516f-3_pn/dp_firmware *
siemens siplus_s7-1500_cpu_1511f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1517f-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1511f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511c-1_pn_firmware *
siemens simatic_s7-1500_cpu_1518t-4_pn/dp_firmware *
siemens siplus_s7-1500_cpu_1515r-2_pn_firmware *
siemens siplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmware *
siemens siplus_s7-1500_cpu_1511-1_pn_t1_rail_firmware *
siemens simatic_s7-1500_cpu_1516t-3_pn/dp_firmware *
siemens siplus_et_200sp_cpu_1510sp-1_pn_rail_firmware *
siemens siplus_s7-1500_cpu_1516f-3_pn/dp_rail_firmware *
siemens siplus_s7-1500_cpu_1513-1_pn_firmware *
siemens siplus_s7-1500_cpu_1515f-2_pn_firmware *
siemens simatic_s7-1500_cpu_1517t-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1511t-1_pn_firmware *
siemens siplus_s7-1500_cpu_1516-3_pn/dp_tx_rail_firmware *
siemens simatic_s7-1500_cpu_1513-1_pn_firmware *
siemens siplus_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1515r-2_pn_firmware *
siemens siplus_s7-1500_cpu_1518-4_pn/dp_mfp_firmware *
siemens simatic_s7-1500_cpu_1518-4_pn/dp_firmware *
siemens simatic_s7-1500_et_200pro:_cpu_1513pro-2_pn_firmware -
siemens siplus_s7-1500_cpu_1517h-3_pn_firmware *
siemens simatic_s7-1500_cpu_1514spt-2_pn_firmware *
siemens simatic_s7-1500_et_200pro:_cpu_1513pro_f-2_pn_firmware *
siemens simatic_s7-1500_cpu_1518f-4_pn/dp_firmware *
siemens simatic_s7-plcsim_advanced_firmware *
siemens simatic_s7-1500_cpu_1512sp-1_pn_firmware *
siemens siplus_s7-1500_cpu_1518hf-4_pn_firmware *
siemens siplus_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_s7-1500_cpu_1517-3_pn/dp_firmware *
siemens siplus_et_200sp_cpu_1510sp_f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1512c-1_pn_firmware *
siemens simatic_s7-1500_cpu_1514sp_f-2_pn_firmware *
siemens simatic_s7-1500_cpu_1518hf-4_pn_firmware *
siemens siplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmware *
siemens siplus_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511tf-1_pn_firmware *
siemens simatic_s7-1500_cpu_1515f-2_pn_firmware *
siemens sinumerik_mc_firmware *
siemens simatic_s7-1500_cpu_1513f-1_pn_firmware *
siemens simatic_s7-1500_cpu_1511-1_pn_firmware *
siemens simatic_drive_controller_cpu_1507d_tf_firmware *
siemens simatic_s7-1500_et_200pro:cpu_1516pro-2_pn_firmware *
siemens simatic_s7-1500_cpu_1516-3_pn/dp_firmware *
siemens simatic_s7-1500_cpu_1512sp_f-1_pn_firmware *
siemens simatic_s7-1500_software_controller_firmware -
siemens simatic_s7-1500_cpu_1510sp_f-1_pn_firmware *
siemens siplus_s7-1500_cpu_1511-1_pn_tx_rail_firmware *
siemens simatic_s7-1500_cpu_1510sp-1_pn_firmware *
siemens siplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmware *
siemens siplus_et_200sp_cpu_1512sp-1_pn_firmware *
siemens simatic_s7-1500_cpu_1513r-1_pn_firmware *
siemens simatic_s7-1500_cpu_1514spt_f-2_pn_firmware *
siemens siplus_et_200sp_cpu_1510sp-1_pn_firmware *
siemens simatic_s7-1500_cpu_1515-2_pn_firmware *
siemens simatic_s7-1500_cpu_s7-1518f-4_pn/dp_odk_firmware *
siemens siplus_s7-1500_cpu_1515f-2_pn_rail_firmware *
CVE-2023-46281

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
productcert@siemens.com 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L 1.6 5.5

Products Affected

Vendor Product Version
siemens totally_integrated_automation_portal -
siemens simatic_pcs_neo *
siemens totally_integrated_automation_portal *
siemens opcenter_quality -
siemens sinumerik_integrate_runmyhmi_/automotive -
siemens totally_integrated_automation_portal 18
CVE-2023-46282

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
productcert@siemens.com 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L 1.6 5.5

Products Affected

Vendor Product Version
siemens totally_integrated_automation_portal -
siemens simatic_pcs_neo *
siemens totally_integrated_automation_portal *
siemens opcenter_quality -
siemens sinumerik_integrate_runmyhmi_/automotive -
siemens totally_integrated_automation_portal 18
CVE-2023-46283

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens totally_integrated_automation_portal -
siemens simatic_pcs_neo *
siemens totally_integrated_automation_portal *
siemens opcenter_quality -
siemens sinumerik_integrate_runmyhmi_/automotive -
siemens totally_integrated_automation_portal 18
CVE-2023-46284

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens totally_integrated_automation_portal -
siemens simatic_pcs_neo *
siemens totally_integrated_automation_portal *
siemens opcenter_quality -
siemens sinumerik_integrate_runmyhmi_/automotive -
siemens totally_integrated_automation_portal 18
CVE-2023-46285

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens totally_integrated_automation_portal -
siemens simatic_pcs_neo *
siemens totally_integrated_automation_portal *
siemens opcenter_quality -
siemens sinumerik_integrate_runmyhmi_/automotive -
siemens totally_integrated_automation_portal 18
CVE-2023-46590

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens siemens_opc_ua_modeling_editor *
CVE-2023-46601

A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
productcert@siemens.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 3.1 5.8

Products Affected

Vendor Product Version
siemens comos *
CVE-2023-48363

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
siemens simatic_wincc 7.5
siemens simatic_batch *
siemens openpcs_7 *
siemens simatic_wincc_runtime_professional *
siemens simatic_route_control *
siemens simatic_wincc_runtime_professional 19
siemens simatic_wincc 7.4
siemens simatic_pcs_7 *
siemens simatic_wincc 8.0
CVE-2023-48364

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
siemens simatic_wincc 7.5
siemens simatic_batch *
siemens openpcs_7 *
siemens simatic_wincc_runtime_professional *
siemens simatic_route_control *
siemens simatic_wincc_runtime_professional 19
siemens simatic_wincc 7.4
siemens simatic_pcs_7 *
siemens simatic_wincc 8.0
CVE-2023-48427

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2023-48428

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2023-48429

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2023-48430

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4
productcert@siemens.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2023-48431

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 2.2 4.0
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2023-49121

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49122

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49123

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49124

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49125

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2023 *
siemens parasolid *
siemens solid_edge_se2023 223.0
siemens solid_edge_se2024 *
CVE-2023-49126

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49127

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49128

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49129

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49130

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49131

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49132

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2023 *
siemens solid_edge_se2023 223.0
CVE-2023-49251

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens simatic_cn_4100 *
siemens simatic_cn_4100_firmware *
CVE-2023-49252

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_cn_4100 *
siemens simatic_cn_4100_firmware *
CVE-2023-49621

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens simatic_cn_4100 *
siemens simatic_cn_4100_firmware *
CVE-2023-49691

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
siemens 6gk5812-1aa00-2aa2_firmware *
siemens 6gk5816-1aa00-2aa2_firmware *
siemens 6gk5615-0aa00-2aa2_firmware *
siemens 6gk5853-2ea00-2da1_firmware *
siemens 6gk5876-3aa02-2ea2_firmware *
siemens 6gk6108-4am00-2ba2_firmware *
siemens 6gk5804-0ap00-2aa2_firmware *
siemens 6gk5826-2ab00-2ab2_firmware *
siemens 6gk5856-2ea00-3da1_firmware *
siemens 6gk5876-3aa02-2ba2_firmware *
siemens 6gk5876-4aa00-2da2_firmware *
siemens 6gk5816-1ba00-2aa2_firmware *
siemens 6gk5876-4aa10-2ba2_firmware *
siemens 6gk6108-4am00-2da2_firmware *
siemens 6gk5812-1ba00-2aa2_firmware *
siemens 6gk5615-0aa01-2aa2_firmware *
siemens 6gk5856-2ea00-3aa1_firmware *
siemens 6gk5874-2aa00-2aa2_firmware *
siemens 6gk5874-3aa00-2aa2_firmware *
siemens 6gk5876-4aa00-2ba2_firmware *
CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens 6gk5812-1aa00-2aa2_firmware *
siemens 6gk5816-1aa00-2aa2_firmware *
siemens 6gk5615-0aa00-2aa2_firmware *
siemens 6gk5853-2ea00-2da1_firmware *
siemens 6gk5876-3aa02-2ea2_firmware *
siemens 6gk6108-4am00-2ba2_firmware *
siemens 6gk5804-0ap00-2aa2_firmware *
siemens 6gk5826-2ab00-2ab2_firmware *
siemens 6gk5856-2ea00-3da1_firmware *
siemens 6gk5876-3aa02-2ba2_firmware *
siemens 6gk5876-4aa00-2da2_firmware *
siemens 6gk5816-1ba00-2aa2_firmware *
siemens 6gk5876-4aa10-2ba2_firmware *
siemens 6gk6108-4am00-2da2_firmware *
siemens 6gk5812-1ba00-2aa2_firmware *
siemens 6gk5615-0aa01-2aa2_firmware *
siemens 6gk5856-2ea00-3aa1_firmware *
siemens 6gk5874-2aa00-2aa2_firmware *
siemens 6gk5874-3aa00-2aa2_firmware *
siemens 6gk5876-4aa00-2ba2_firmware *
CVE-2023-50236

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens polarion_alm *
CVE-2023-51439

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-51440

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens cp_343-1_lean_firmware -
siemens siplus_net_cp_343-1_firmware -
siemens siplus_net_cp_343-1_lean_firmware -
siemens simatic_cp_343-1_firmware *
siemens cp_343-1_firmware *
siemens simatic_cp_343-1_lean_firmware -
CVE-2023-51744

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-51745

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2023-51746

A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2024-22039

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
siemens cerberus_pro_en_engineering_tool *
siemens cerberus_pro_en_x300_cloud_distribution *
siemens cerberus_pro_en_x200_cloud_distribution *
siemens sinteso_mobile *
siemens sinteso_fs20_en_engineering_tool *
siemens sinteso_fs20_en_x200_cloud_distribution *
siemens cerberus_pro_en_fire_panel_fc72x *
siemens sinteso_fs20_en_fire_panel_fc20 *
siemens sinteso_fs20_en_x300_cloud_distribution *
CVE-2024-22042

A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens unicam_fx -
siemens unicam_fx_firmware *
CVE-2024-22043

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens parasolid *
CVE-2024-22045

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N 2.3 4.7

Products Affected

Vendor Product Version
siemens sinema_remote_connect_client 3.1
siemens sinema_remote_connect_client *
CVE-2024-23795

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-23796

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-23797

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-23798

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-23799

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation 2201.0
siemens tecnomatix_plant_simulation *
CVE-2024-23800

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation 2201.0
siemens tecnomatix_plant_simulation *
CVE-2024-23801

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation 2201.0
siemens tecnomatix_plant_simulation *
CVE-2024-23802

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-23803

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation 2201.0
siemens tecnomatix_plant_simulation *
CVE-2024-23804

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-23810

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinec_nms *
siemens sinec_nms 2.0
CVE-2024-23811

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinec_nms *
siemens sinec_nms 2.0
CVE-2024-23812

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
siemens sinec_nms *
siemens sinec_nms 2.0
CVE-2024-23813

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
siemens polarion_alm *
CVE-2024-23816

A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens location_intelligence *
CVE-2024-24920

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-24921

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-24922

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-24923

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-24924

A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-24925

A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-26275

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
siemens jt2go *
CVE-2024-26276

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
siemens jt2go *
CVE-2024-27907

A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22051)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-27939

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-27940

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-27942

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-27943

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-27944

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-27945

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-27946

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-27947

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
siemens ruggedcom_crossbow *
CVE-2024-31853

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to execute an on-path network (MitM) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
siemens sicam_toolbox_ii *
CVE-2024-31854

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute an on-path network (MitM) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
siemens sicam_toolbox_ii *
CVE-2024-31980

A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
CVE-2024-32006

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens sinema_remote_connect_client 3.2
siemens sinema_remote_connect_client *
CVE-2024-32055

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32056

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-32057

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32058

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32059

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32060

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32061

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32062

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32063

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32064

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32065

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32066

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
siemens ps/iges_parasolid_translator *
CVE-2024-32635

A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
siemens jt2go *
CVE-2024-32636

A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
siemens jt2go *
CVE-2024-32637

A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens parasolid *
siemens teamcenter_visualization *
siemens jt2go *
CVE-2024-32740

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens simatic_cn_4100_firmware *
CVE-2024-32741

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
siemens simatic_cn_4100_firmware *
CVE-2024-32742

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
siemens simatic_cn_4100_firmware *
CVE-2024-33577

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_nastran *
siemens simcenter_femap *
CVE-2024-33653

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-33654

A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2024-34085

A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2024-34086

A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens jt2go *
CVE-2024-35206

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application does not expire the session. This could allow an attacker to get unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2024-35207

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2024-35208

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.0 3.7

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2024-35209

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2024-35210

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2024-35211

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2024-35212

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2024-36266

A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
siemens powersys *
CVE-2024-37999

A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens medicalis_workflow_orchestrator *
CVE-2024-38876

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens omnivise_t3000_domain_controller *
siemens omnivise_t3000_terminal_server *
siemens omnivise_t3000_thin_client *
siemens omnivise_t3000_application_server *
siemens omnivise_t3000_product_data_management *
siemens omnivise_t3000_whitelisting_server *
CVE-2024-38877

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
siemens omnivise_t3000_domain_controller *
siemens omnivise_t3000_terminal_server *
siemens omnivise_t3000_thin_client *
siemens omnivise_t3000_application_server *
siemens omnivise_t3000_product_data_management *
siemens omnivise_t3000_whitelisting_server *
siemens omnivise_t3000_network_intrusion_detection_system *
CVE-2024-38878

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens omnivise_t3000_application_server r9.2
CVE-2024-38879

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens omnivise_t3000_application_server 9.2
siemens omnivise_t3000_application_server 8.2
CVE-2024-39567

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sinema_remote_connect_client 3.2
siemens sinema_remote_connect_client *
CVE-2024-39568

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sinema_remote_connect_client 3.2
siemens sinema_remote_connect_client *
CVE-2024-39569

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
siemens sinema_remote_connect_client 3.2
siemens sinema_remote_connect_client *
CVE-2024-39570

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39571

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39865

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39866

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39867

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39868

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39869

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39870

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39871

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39872

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 3.1 5.8

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39873

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39874

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39875

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-39876

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-41788

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the input parameters in specific GET requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41789

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41790

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41791

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41792

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices contains a path traversal vulnerability. This could allow an unauthenticated attacker it to access arbitrary files on the device with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
productcert@siemens.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41793

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 3.9 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41794

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41795

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator to click on a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41796

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices allows to change the login password without knowing the current password. In combination with a prepared CSRF attack (CVE-2024-41795) an unauthenticated attacker could be able to set the password to an attacker-controlled value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
siemens 7kt_pac1260_data_manager_firmware *
CVE-2024-41902

A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens jt2go *
CVE-2024-41979

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
productcert@siemens.com 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens opcenter_quality 13.2
CVE-2024-41980

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.1 LOW CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N 0.5 2.5
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
siemens opcenter_quality 13.2
CVE-2024-41982

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.8 MEDIUM CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
siemens opcenter_quality 13.2
CVE-2024-41983

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.1 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens opcenter_quality 13.2
CVE-2024-41984

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.1 1.4
productcert@siemens.com 2.6 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
siemens opcenter_quality 13.2
CVE-2024-41985

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 2.6 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 1.2 1.4
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.1 5.2

Products Affected

Vendor Product Version
siemens opcenter_quality 13.2
CVE-2024-41986

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L 1.6 4.7
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
siemens opcenter_quality 13.2
CVE-2024-42344

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
productcert@siemens.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 1.8 2.5

Products Affected

Vendor Product Version
siemens sinema_remote_connect_client 3.2
siemens sinema_remote_connect_client *
CVE-2024-42345

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2024-45385

A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7

Products Affected

Vendor Product Version
siemens industrial_edge_management *
CVE-2024-45463

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45464

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45465

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45466

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45467

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45468

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45469

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45470

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45471

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45472

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45473

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45474

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45475

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-45476

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-46891

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2024-46894

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
siemens sinec_ins 1.0
siemens sinec_ins *
CVE-2024-47046

A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_nastran *
CVE-2024-47196

A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
siemens modelsim *
siemens questa *
CVE-2024-47553

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
siemens sinec_security_monitor *
CVE-2024-47562

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
siemens sinec_security_monitor *
CVE-2024-47563

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
siemens sinec_security_monitor *
CVE-2024-47565

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens sinec_security_monitor *
CVE-2024-47901

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
siemens intermesh_7707_fire_subscriber_firmware *
siemens intermesh_7177_hybrid_2.0_subscriber *
CVE-2024-47902

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7

Products Affected

Vendor Product Version
siemens intermesh_7707_fire_subscriber_firmware *
siemens intermesh_7177_hybrid_2.0_subscriber *
CVE-2024-47903

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices allows to write arbitrary files to the web server's DocumentRoot directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
siemens intermesh_7707_fire_subscriber_firmware *
siemens intermesh_7177_hybrid_2.0_subscriber *
CVE-2024-47904

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens intermesh_7707_fire_subscriber_firmware *
siemens intermesh_7177_hybrid_2.0_subscriber *
CVE-2024-50557

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens scalance_mum853-1_(b1)_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_mum853-1_(eu)_firmware *
siemens scalance_m812-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_m876-4_(nam)_firmware *
siemens scalance_mum856-1_(cn)_firmware *
siemens scalance_m816-1_(annex_b)_firmware *
siemens scalance_mum856-1_(a1)_firmware *
siemens scalance_m876-3_(rok)_firmware *
siemens scalance_m804pb_firmware *
siemens scalance_m816-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_m876-3_firmware *
siemens scalance_m874-3_(cn)_firmware *
siemens scalance_mum856-1_(eu)_firmware *
siemens scalance_mum856-1_(row)_firmware *
siemens scalance_m812-1_(annex_b)_firmware *
siemens scalance_mum853-1_(a1)_firmware *
siemens scalance_mum856-1_(b1)_firmware *
siemens scalance_s615_eec_firmware *
siemens scalance_m826-2_firmware *
siemens scalance_m876-4_(eu)_firmware *
siemens scalance_m876-4_firmware *
CVE-2024-50558

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices improperly manage access control for read-only users. This could allow an attacker to cause a temporary denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
siemens scalance_mum853-1_(b1)_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_mum853-1_(eu)_firmware *
siemens scalance_m812-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_m876-4_(nam)_firmware *
siemens scalance_mum856-1_(cn)_firmware *
siemens scalance_m816-1_(annex_b)_firmware *
siemens scalance_mum856-1_(a1)_firmware *
siemens scalance_m876-3_(rok)_firmware *
siemens scalance_m804pb_firmware *
siemens scalance_m816-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_m876-3_firmware *
siemens scalance_m874-3_(cn)_firmware *
siemens scalance_mum856-1_(eu)_firmware *
siemens scalance_mum856-1_(row)_firmware *
siemens scalance_m812-1_(annex_b)_firmware *
siemens scalance_mum853-1_(a1)_firmware *
siemens scalance_mum856-1_(b1)_firmware *
siemens scalance_s615_eec_firmware *
siemens scalance_m826-2_firmware *
siemens scalance_m876-4_(eu)_firmware *
siemens scalance_m876-4_firmware *
CVE-2024-50559

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens scalance_mum853-1_(b1)_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_mum853-1_(eu)_firmware *
siemens scalance_m812-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_m876-4_(nam)_firmware *
siemens scalance_mum856-1_(cn)_firmware *
siemens scalance_m816-1_(annex_b)_firmware *
siemens scalance_mum856-1_(a1)_firmware *
siemens scalance_m876-3_(rok)_firmware *
siemens scalance_m804pb_firmware *
siemens scalance_m816-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_m876-3_firmware *
siemens scalance_m874-3_(cn)_firmware *
siemens scalance_mum856-1_(eu)_firmware *
siemens scalance_mum856-1_(row)_firmware *
siemens scalance_m812-1_(annex_b)_firmware *
siemens scalance_mum853-1_(a1)_firmware *
siemens scalance_mum856-1_(b1)_firmware *
siemens scalance_s615_eec_firmware *
siemens scalance_m826-2_firmware *
siemens scalance_m876-4_(eu)_firmware *
siemens scalance_m876-4_firmware *
CVE-2024-50560

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
siemens scalance_mum853-1_(b1)_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_mum853-1_(eu)_firmware *
siemens scalance_m812-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_m876-4_(nam)_firmware *
siemens scalance_mum856-1_(cn)_firmware *
siemens scalance_m816-1_(annex_b)_firmware *
siemens scalance_mum856-1_(a1)_firmware *
siemens scalance_m876-3_(rok)_firmware *
siemens scalance_m804pb_firmware *
siemens scalance_m816-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_m876-3_firmware *
siemens scalance_m874-3_(cn)_firmware *
siemens scalance_mum856-1_(eu)_firmware *
siemens scalance_mum856-1_(row)_firmware *
siemens scalance_m812-1_(annex_b)_firmware *
siemens scalance_mum853-1_(a1)_firmware *
siemens scalance_mum856-1_(b1)_firmware *
siemens scalance_s615_eec_firmware *
siemens scalance_m826-2_firmware *
siemens scalance_m876-4_(eu)_firmware *
siemens scalance_m876-4_firmware *
CVE-2024-50561

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens scalance_mum853-1_(b1)_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_mum853-1_(eu)_firmware *
siemens scalance_m812-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_m876-4_(nam)_firmware *
siemens scalance_mum856-1_(cn)_firmware *
siemens scalance_m816-1_(annex_b)_firmware *
siemens scalance_mum856-1_(a1)_firmware *
siemens scalance_m876-3_(rok)_firmware *
siemens scalance_m804pb_firmware *
siemens scalance_m816-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_m876-3_firmware *
siemens scalance_m874-3_(cn)_firmware *
siemens scalance_mum856-1_(eu)_firmware *
siemens scalance_mum856-1_(row)_firmware *
siemens scalance_m812-1_(annex_b)_firmware *
siemens scalance_mum853-1_(a1)_firmware *
siemens scalance_mum856-1_(b1)_firmware *
siemens scalance_s615_eec_firmware *
siemens scalance_m826-2_firmware *
siemens scalance_m876-4_(eu)_firmware *
siemens scalance_m876-4_firmware *
CVE-2024-50572

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens scalance_mum853-1_(b1)_firmware *
siemens scalance_m874-3_firmware *
siemens scalance_s615_firmware *
siemens scalance_mum853-1_(eu)_firmware *
siemens scalance_m812-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_nam_firmware *
siemens scalance_m876-4_(nam)_firmware *
siemens scalance_mum856-1_(cn)_firmware *
siemens scalance_m816-1_(annex_b)_firmware *
siemens scalance_mum856-1_(a1)_firmware *
siemens scalance_m876-3_(rok)_firmware *
siemens scalance_m804pb_firmware *
siemens scalance_m816-1_(annex_a)_firmware *
siemens ruggedcom_rm1224_lte(4g)_eu_firmware *
siemens scalance_m874-2_firmware *
siemens scalance_m876-3_firmware *
siemens scalance_m874-3_(cn)_firmware *
siemens scalance_mum856-1_(eu)_firmware *
siemens scalance_mum856-1_(row)_firmware *
siemens scalance_m812-1_(annex_b)_firmware *
siemens scalance_mum853-1_(a1)_firmware *
siemens scalance_mum856-1_(b1)_firmware *
siemens scalance_s615_eec_firmware *
siemens scalance_m826-2_firmware *
siemens scalance_m876-4_(eu)_firmware *
siemens scalance_m876-4_firmware *
CVE-2024-51444

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that bypasses authorization controls and allows to download any data from the application's database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
siemens polarion_alm *
siemens polarion_alm 2310.0
CVE-2024-51445

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from the application server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
siemens polarion_alm *
siemens polarion_alm 2310.0
CVE-2024-51446

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by uploading specially crafted xml files that are later downloaded and viewed by other users of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 2.3 3.7

Products Affected

Vendor Product Version
siemens polarion_alm *
siemens polarion_alm 2310.0
CVE-2024-51447

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
siemens polarion_alm *
siemens polarion_alm 2310
CVE-2024-52565

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52566

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52567

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52568

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52569

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52570

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52571

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52572

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52573

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-52574

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2024-53041

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2024-53242

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2024-53977

A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). An example setup script contained in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch the script from a user-writable directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
siemens modelsim *
siemens questa *
CVE-2024-54091

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2025 -
siemens parasolid *
siemens solid_edge_se2024 -
siemens solid_edge_se2025 225.0
CVE-2024-54093

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2024 *
CVE-2024-54094

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2024 *
CVE-2024-54095

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2024 *
CVE-2024-56835

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_ii_firmware *
CVE-2024-56836

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_ii_firmware *
CVE-2024-56837

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_ii_firmware *
CVE-2024-56838

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_ii_firmware *
CVE-2024-56839

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_ii_firmware *
CVE-2024-56840

A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens ruggedcom_rox_ii_firmware *
CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N 2.8 4.0

Products Affected

Vendor Product Version
siemens teamcenter 14.1
siemens teamcenter *
siemens teamcenter 14.2
CVE-2025-23364

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.5 3.6

Products Affected

Vendor Product Version
siemens tia_administrator *
CVE-2025-23365

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens tia_administrator *
CVE-2025-23396

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-23397

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-23398

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-23399

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-23400

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-23401

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-23402

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-24956

A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
siemens openv2g *
CVE-2025-25175

A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2025-25266

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 2.5 4.2
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L 1.8 4.2

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2025-25267

A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
productcert@siemens.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
siemens tecnomatix_plant_simulation *
CVE-2025-26389

A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
siemens ozw672_firmware *
siemens ozw772_firmware *
CVE-2025-26390

A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens ozw672_firmware *
siemens ozw772_firmware *
CVE-2025-27392

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2025-27393

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2025-27394

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2025-27395

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2
productcert@siemens.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2025-27396

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2025-27397

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2025-27398

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 1.2 1.4

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware *
CVE-2025-27438

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-27493

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
siemens sipass_integrated_acc-ap_firmware *
siemens sipass_integrated_ac5102_(acc-g2)_firmware *
CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens sipass_integrated_acc-ap_firmware *
siemens sipass_integrated_ac5102_(acc-g2)_firmware *
CVE-2025-27495

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25911)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-27539

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25914)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-27540

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'Authenticate' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25913)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-29905

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'RestoreFromBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25923)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-29931

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to determine the amount of memory to be allocated for deserialization. This could allow an unauthenticated remote attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a partial denial of service condition. Successful exploitation is only possible in redundant Telecontrol Server Basic setups and only if the connection between the redundant servers has been disrupted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-30002

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25909)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-30003

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25910)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-30030

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25924)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-30031

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25922)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-30032

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25921)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-30034

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2025-30174

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens sinec_nms *
siemens user_management_component *
siemens totally_integrated_automation_portal 17
siemens sinema_remote_connect -
siemens totally_integrated_automation_portal 18
siemens totally_integrated_automation_portal 19
siemens totally_integrated_automation_portal 20
CVE-2025-30175

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens sinec_nms *
siemens simatic_pcs_neo 5.0
siemens user_management_component *
siemens totally_integrated_automation_portal 17
siemens sinema_remote_connect -
siemens totally_integrated_automation_portal 18
siemens totally_integrated_automation_portal 19
siemens simatic_pcs_neo 4.1
siemens totally_integrated_automation_portal 20
CVE-2025-30176

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens sinec_nms *
siemens simatic_pcs_neo 5.0
siemens user_management_component *
siemens totally_integrated_automation_portal 17
siemens sinema_remote_connect -
siemens totally_integrated_automation_portal 18
siemens totally_integrated_automation_portal 19
siemens simatic_pcs_neo 4.1
siemens totally_integrated_automation_portal 20
CVE-2025-31343

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25920)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-31349

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25919)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-31350

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25918)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-31351

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25917)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-31352

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGateways' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25915)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-31353

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25916)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32454

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.14), Teamcenter Visualization V2312 (All versions < V2312.0010), Teamcenter Visualization V2406 (All versions < V2406.0008), Teamcenter Visualization V2412 (All versions < V2412.0004), Tecnomatix Plant Simulation V2404 (All versions < V2404.0013). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens teamcenter_visualization *
siemens tecnomatix_plant_simulation *
CVE-2025-32475

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25912)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32822

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'DeleteProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32823

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32824

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32825

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32826

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32827

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ActivateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32828

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32829

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectCrossCommunications' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32830

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32831

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32832

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32833

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32834

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32835

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariableArchivingBuffering' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32836

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32837

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetActiveConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32838

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32839

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32840

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGateway' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32841

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGateway' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32842

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetUsers' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32843

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32844

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32845

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32846

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32847

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32848

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32849

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32850

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32851

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32852

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32853

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32854

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32855

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32856

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32857

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32858

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32859

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32860

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockWebServerGatewaySettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32861

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UpdateTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32862

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'LockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32863

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32864

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32865

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateLog' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32866

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32867

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32868

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32870

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32871

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-32872

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2025-40566

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens simatic_pcs_neo 5.0
siemens simatic_pcs_neo *
siemens simatic_pcs_neo 4.1
CVE-2025-40572

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to access sensitive information stored on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40573

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40574

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40575

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40576

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40577

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40578

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this flaw by sending multiple packets in a very short time frame, which leads to a crash of the dcpd process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40579

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40580

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40581

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40582

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40583

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local attacker to retrieve this sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
siemens scalance_lpe9403_firmware -
CVE-2025-40593

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
siemens simatic_cn_4100 *
siemens simatic_cn_4100_firmware *
CVE-2025-40594

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L 1.0 4.7

Products Affected

Vendor Product Version
siemens sinamics_g220_firmware 6.4
siemens sinamics_s210_firmware 6.4
siemens sinamics_s200_firmware 6.4
CVE-2025-40735

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinec_nms *
CVE-2025-40736

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens sinec_nms *
CVE-2025-40737

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinec_nms *
CVE-2025-40738

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinec_nms *
CVE-2025-40739

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge se2025
siemens solid_edge *
CVE-2025-40740

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge se2025
siemens solid_edge *
CVE-2025-40741

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge se2025
siemens solid_edge *
CVE-2025-40746

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
productcert@siemens.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2025-40751

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.0 3.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simatic_rtls_locating_manager *
CVE-2025-40755

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
siemens sinec_nms 4.0
siemens sinec_nms *
CVE-2025-40762

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2025-40764

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2025-40765

A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens telecontrol_server_basic 3.1.2.2
CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2025-40767

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2025-40768

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
productcert@siemens.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.5 4.7

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2025-40770

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
siemens sinec_traffic_analyzer *
CVE-2025-40772

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they visit the affected page. Successful exploitation allows an attacker to impersonate other users within the application and steal their session data. This could enable unauthorized access to accounts and potentially lead to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
productcert@siemens.com 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.5 5.9

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2025-40773

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation allows an attacker to potentially manipulate data belonging to other users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
productcert@siemens.com 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.1 1.4

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2025-40774

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this vulnerability allows an attacker to obtain and use valid user passwords. This can lead to unauthorized access to user accounts, data breaches, and potential system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
siemens sipass_integrated *
CVE-2025-40795

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
siemens simatic_pcs_neo 5.0
siemens user_management_component *
siemens simatic_pcs_neo 4.1
CVE-2025-40796

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_pcs_neo 5.0
siemens user_management_component *
siemens simatic_pcs_neo 4.1
CVE-2025-40797

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_pcs_neo 5.0
siemens user_management_component *
siemens simatic_pcs_neo 4.1
CVE-2025-40798

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
siemens simatic_pcs_neo 5.0
siemens user_management_component *
siemens simatic_pcs_neo 4.1
CVE-2025-40802

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device may be susceptible to resource exhaustion when subjected to high volumes of query requests. This could allow an attacker to cause a temporary denial of service, with the system recovering once the activity stops.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
productcert@siemens.com 3.1 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.6 1.4

Products Affected

Vendor Product Version
siemens ruggedcom_rst2428p_firmware *
CVE-2025-40803

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device exposes certain non-critical information from the device. This could allow an unauthenticated attacker to access sensitive data, potentially leading to a breach of confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.1 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.6 1.4

Products Affected

Vendor Product Version
siemens ruggedcom_rst2428p_firmware *
CVE-2025-40806

A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
siemens gridscale_x_prepay *
CVE-2025-40807

A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
siemens gridscale_x_prepay *
CVE-2025-40809

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds write vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2025 -
siemens solid_edge_se2024 -
siemens solid_edge_se2025 225.0
CVE-2025-40810

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds write vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2025 -
siemens solid_edge_se2024 -
siemens solid_edge_se2025 225.0
CVE-2025-40811

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2025 -
siemens solid_edge_se2024 -
siemens solid_edge_se2025 225.0
CVE-2025-40812

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens solid_edge_se2024 224.0
siemens solid_edge_se2025 -
siemens solid_edge_se2024 -
siemens solid_edge_se2025 225.0
CVE-2025-40818

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2025-40819

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations without proper enforcement checks. This could allow with database access to circumvent licensing restrictions by directly modifying database values and potentially enabling unauthorized use beyond the permitted scope.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens sinema_remote_connect_server 3.2
siemens sinema_remote_connect_server *
CVE-2025-40829

A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_femap *
CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any file on server or sensor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
siemens sinec_security_monitor *
CVE-2025-40831

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
siemens sinec_security_monitor *
CVE-2025-40937

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
siemens simatic_cn_4100_firmware *
CVE-2025-40938

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
siemens simatic_cn_4100_firmware *
CVE-2025-40939

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

Products Affected

Vendor Product Version
siemens simatic_cn_4100_firmware *
CVE-2025-40940

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data, potentially leading to a breach of confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
siemens simatic_cn_4100_firmware *
CVE-2025-40941

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens simatic_cn_4100_firmware *
CVE-2025-40942

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
siemens telecontrol_server_basic *
CVE-2026-22923

A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens nx *
CVE-2026-23715

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_nastran *
siemens simcenter_femap *
CVE-2026-23716

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_nastran *
siemens simcenter_femap *
CVE-2026-23717

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_nastran *
siemens simcenter_femap *
CVE-2026-23718

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_nastran *
siemens simcenter_femap *
CVE-2026-23719

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_nastran *
siemens simcenter_femap *
CVE-2026-23720

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens simcenter_nastran *
siemens simcenter_femap *
CVE-2026-25573

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9

Products Affected

Vendor Product Version
siemens sicam_siapp_sdk *
CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 1.4 5.2

Products Affected

Vendor Product Version
siemens sicam_siapp_sdk *
CVE-2026-25655

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative privilege.(ZDI-CAN-28107)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens sinec_nms 4.0
siemens sinec_nms *
CVE-2026-25656

A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
siemens user_management_component *
siemens sinec_nms -
CVE-2026-27661

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors and email address, on `SSM Server`.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
productcert@siemens.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
siemens sinec_security_monitor *