Filtered by vendor Siemens
Subscriptions
Total
2224 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9154 | 1 Siemens | 12 Desigo Web Module Pxa30-w0, Desigo Web Module Pxa30-w0 Firmware, Desigo Web Module Pxa30-w1 and 9 more | 2025-04-12 | N/A |
| Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. | ||||
| CVE-2014-2251 | 1 Siemens | 1 Simatic S7-1500 Cpu Firmware | 2025-04-12 | N/A |
| The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors. | ||||
| CVE-2016-8564 | 1 Siemens | 1 Automation License Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. | ||||
| CVE-2016-7090 | 1 Siemens | 4 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 1 more | 2025-04-12 | N/A |
| The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2014-2248 | 1 Siemens | 1 Simatic S7-1500 Cpu Firmware | 2025-04-12 | N/A |
| Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2014-2258 | 1 Siemens | 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more | 2025-04-12 | N/A |
| Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259. | ||||
| CVE-2014-2247 | 1 Siemens | 1 Simatic S7-1500 Cpu Firmware | 2025-04-12 | N/A |
| The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. | ||||
| CVE-2016-7165 | 1 Siemens | 18 Primary Setup Tool, Security Configuration Tool, Simatic It Production Suite and 15 more | 2025-04-12 | N/A |
| A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent). | ||||
| CVE-2015-3610 | 1 Siemens | 1 Homecontrol For Room Automation | 2025-04-12 | N/A |
| The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. | ||||
| CVE-2014-2246 | 1 Siemens | 1 Simatic S7-1500 Cpu Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-5084 | 1 Siemens | 2 Simatic Wincc Sm\@rtclient, Simatic Wincc Sm\@rtclient Lite | 2025-04-12 | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-1356 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | ||||
| CVE-2015-5386 | 1 Siemens | 2 Sicam Mic, Sicam Mic Firmware | 2025-04-12 | N/A |
| Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. | ||||
| CVE-2015-5698 | 1 Siemens | 2 Simatic S7 1200 Cpu, Simatic S7 1200 Cpu Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2016-2200 | 1 Siemens | 15 Simatic S7-1500 Cpu Firmware, Simatic S7-1511-1 Pn Cpu, Simatic S7-1511c-1 Pn Cpu and 12 more | 2025-04-12 | N/A |
| Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. | ||||
| CVE-2016-4954 | 5 Ntp, Opensuse, Oracle and 2 more | 15 Ntp, Leap, Opensuse and 12 more | 2025-04-12 | 7.5 High |
| The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | ||||
| CVE-2016-4955 | 6 Novell, Ntp, Opensuse and 3 more | 11 Suse Manager, Ntp, Leap and 8 more | 2025-04-12 | 5.9 Medium |
| ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. | ||||
| CVE-2016-5874 | 1 Siemens | 1 Simatic Net Pc-software | 2025-04-12 | N/A |
| Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. | ||||
| CVE-2016-2846 | 1 Siemens | 2 Simatic S7 1200 Cpu, Simatic S7 Cpu 1200 Firmware | 2025-04-12 | N/A |
| Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. | ||||
| CVE-2013-4651 | 1 Siemens | 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more | 2025-04-11 | N/A |
| Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship. | ||||