Filtered by vendor Siemens
Subscriptions
Total
2090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27398 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304) | ||||
| CVE-2023-27399 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346) | ||||
| CVE-2023-27400 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20300) | ||||
| CVE-2023-27401 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20308, ZDI-CAN-20345) | ||||
| CVE-2023-27402 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20334) | ||||
| CVE-2023-27403 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains a memory corruption vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20303, ZDI-CAN-20348) | ||||
| CVE-2023-27404 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20433) | ||||
| CVE-2023-27405 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432) | ||||
| CVE-2023-27406 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2025-02-27 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20449) | ||||
| CVE-2023-27462 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-27 | 3.1 Low |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for. | ||||
| CVE-2023-27309 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-27 | 5 Medium |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions. | ||||
| CVE-2023-29053 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2025-02-26 | 7.8 High |
| A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-50821 | 1 Siemens | 3 Simatic Pcs 7, Simatic Wincc, Simatic Wincc Runtime Professional | 2025-02-26 | 6.2 Medium |
| A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. | ||||
| CVE-2024-31485 | 1 Siemens | 2 Cpci85 Firmware, Sicore Base System | 2025-02-13 | 7.2 High |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | ||||
| CVE-2024-31484 | 1 Siemens | 2 Cpc80 Central Processing\/communication, Cpci85 Central Processing\/communication | 2025-02-13 | 7.8 High |
| A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition. | ||||
| CVE-2023-33921 | 1 Siemens | 3 Cp-8031 Master Module, Cp-8050 Master Module, Cpci85 Firmware | 2025-02-13 | 6.8 Medium |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device. | ||||
| CVE-2023-33920 | 1 Siemens | 3 Cp-8031 Master Module, Cp-8050 Master Module, Cpci85 Firmware | 2025-02-13 | 6.8 Medium |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability. | ||||
| CVE-2023-33919 | 1 Siemens | 3 Cp-8031 Master Module, Cp-8050 Master Module, Cpci85 Firmware | 2025-02-13 | 7.2 High |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | ||||
| CVE-2023-28489 | 1 Siemens | 4 Cp-8031, Cp-8031 Firmware, Cp-8050 and 1 more | 2025-02-13 | 9.8 Critical |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device. | ||||
| CVE-2024-35209 | 1 Siemens | 2 Sinec Traffic Analyzer, Traffic Analyzer | 2025-02-11 | 6.2 Medium |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files. | ||||