Filtered by vendor Siemens
Subscriptions
Total
1936 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9940 | 1 Siemens | 1 Sipass Integrated | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. | ||||
| CVE-2017-12734 | 1 Siemens | 2 Logo\!8 Bm Fs-05, Logo\!8 Bm Fs-05 Firmware | 2025-04-20 | 7.5 High |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks. | ||||
| CVE-2017-6867 | 1 Siemens | 3 Simatic Wincc, Simatic Wincc \(tia Portal\), Simatic Wincc Runtime | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface. | ||||
| CVE-2017-6868 | 1 Siemens | 1 Simatic Cp 44x-1 Redundant Network Access Modules | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU. | ||||
| CVE-2017-6866 | 1 Siemens | 1 Xhq Server | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. | ||||
| CVE-2017-5712 | 3 Asus, Intel, Siemens | 394 B150-a, B150-a Firmware, B150-plus and 391 more | 2025-04-20 | 7.2 High |
| Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. | ||||
| CVE-2017-6870 | 1 Siemens | 1 Simatic Wincc Sm\@rtclient | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack. | ||||
| CVE-2017-6864 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | ||||
| CVE-2017-6869 | 1 Siemens | 1 Viewport For Web Office Portal | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. | ||||
| CVE-2017-9944 | 1 Siemens | 2 7kt Pac1200 Data Manager, 7kt Pac1200 Data Manager Firmware | 2025-04-20 | N/A |
| A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. | ||||
| CVE-2017-6865 | 1 Siemens | 16 Pcs 7, Primary Setup Tool, Security Configuration Tool and 13 more | 2025-04-20 | N/A |
| A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover. | ||||
| CVE-2017-2685 | 1 Siemens | 3 Sinumerik Integrate Access Mymachine\/ethernet, Sinumerik Integrate Operate Client, Sinumerik Operate | 2025-04-20 | N/A |
| Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. | ||||
| CVE-2017-14491 | 13 Arista, Arubanetworks, Canonical and 10 more | 35 Eos, Arubaos, Ubuntu Linux and 32 more | 2025-04-20 | 9.8 Critical |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | ||||
| CVE-2017-5711 | 3 Asus, Intel, Siemens | 394 B150-a, B150-a Firmware, B150-plus and 391 more | 2025-04-20 | 7.8 High |
| Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. | ||||
| CVE-2017-6871 | 1 Siemens | 2 Simatic Wincc Sm\@rtclient, Simatic Wincc Sm\@rtclient Lite | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions. | ||||
| CVE-2017-6458 | 4 Apple, Hpe, Ntp and 1 more | 5 Mac Os X, Hpux-ntp, Ntp and 2 more | 2025-04-20 | 8.8 High |
| Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | ||||
| CVE-2017-0148 | 2 Microsoft, Siemens | 27 Server Message Block, Windows 10 1507, Windows 10 1511 and 24 more | 2025-04-20 | 8.1 High |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. | ||||
| CVE-2017-2688 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. | ||||
| CVE-2017-12069 | 2 Ocpfoundation, Siemens | 4 Local Discovery Server, Ua .net, Simatic Pcs7 and 1 more | 2025-04-20 | N/A |
| An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. | ||||
| CVE-2017-2689 | 1 Siemens | 1 Ruggedcom Rox I | 2025-04-20 | N/A |
| Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | ||||