Filtered by vendor Siemens
Subscriptions
Total
2170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3957 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-4529 | 1 Siemens | 1 Automation License Manager | 2025-04-11 | N/A |
| Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command. | ||||
| CVE-2014-1699 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. | ||||
| CVE-2013-3633 | 1 Siemens | 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more | 2025-04-11 | N/A |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. | ||||
| CVE-2014-1698 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. | ||||
| CVE-2014-1697 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. | ||||
| CVE-2012-3016 | 1 Siemens | 6 Simatic S7-400 Cpu 412-2 Pn, Simatic S7-400 Cpu 414-3 Pn\/dp, Simatic S7-400 Cpu 414f-3 Pn\/dp and 3 more | 2025-04-11 | N/A |
| Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. | ||||
| CVE-2014-1696 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | N/A |
| Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2012-3034 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. | ||||
| CVE-2013-6926 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | N/A |
| The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. | ||||
| CVE-2011-4515 | 1 Siemens | 1 Wincc Tia Portal | 2025-04-11 | N/A |
| Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. | ||||
| CVE-2013-6925 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | N/A |
| The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. | ||||
| CVE-2013-0700 | 1 Siemens | 18 Simatic S7-1200, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1211c Firmware and 15 more | 2025-04-11 | N/A |
| Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). | ||||
| CVE-2010-2772 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2025-04-11 | 7.8 High |
| Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | ||||
| CVE-2013-6840 | 1 Siemens | 1 Comos | 2025-04-11 | N/A |
| Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. | ||||
| CVE-2011-4056 | 1 Siemens | 1 Tecnomatix Factorylink | 2025-04-11 | N/A |
| An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. | ||||
| CVE-2011-4530 | 1 Siemens | 1 Automation License Manager | 2025-04-11 | N/A |
| Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function. | ||||
| CVE-2013-5944 | 1 Siemens | 3 Scalance X-200, Scalance X-200 Series Firmware, Scalance X-200irt | 2025-04-11 | N/A |
| The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. | ||||
| CVE-2011-4875 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | N/A |
| Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. | ||||
| CVE-2013-4943 | 1 Siemens | 1 Comos | 2025-04-11 | N/A |
| The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. | ||||