Vulnerabilities (CVE)

Vendor filter

Siemens Subscribe

Filter

31 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10917 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-10-10 2.1
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-6567 1 Siemens 3 Scalance X-200irt Firmware, Scalance X-300 Firmware, Scalance X-414-3e Firmware 2019-10-09 2.1
A vulnerability has been identified in SCALANCE X-200 (All Versions < V5.2.4), SCALANCE X-200IRT (All versions), SCALANCE X-300 (All versions), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An...
CVE-2019-10926 1 Siemens 2 Simatic Mv420 Firmware, Simatic Mv440 Firmware 2019-10-09 2.6
A vulnerability has been identified in SIMATIC Ident MV420 family (All versions), SIMATIC Ident MV440 family (All versions). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an...
CVE-2018-4842 1 Siemens 2 Scalance X200irt Firmware, Scalance X300 Firmware 2019-10-09 3.5
A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if...
CVE-2018-4839 1 Siemens 4 En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 Firmware, En100 Ethernet Module Modbus Tcp Firmware and 1 more 2019-10-09 3.5
A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All...
CVE-2018-11449 1 Siemens 1 Scalance M875 Firmware 2019-10-09 2.1
A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system....
CVE-2018-11448 1 Siemens 1 Scalance M875 Firmware 2019-10-09 3.5
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful...
CVE-2017-9942 1 Siemens 1 Sipass Integrated 2019-10-09 2.1
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.
CVE-2018-4847 1 Siemens 1 Simatic Wincc Oa Operator 2019-10-03 2.1
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker...
CVE-2019-6577 1 Siemens 4 Simatic Wincc Runtime, Simatic Hmi Mp Firmware, Simatic Hmi Op Firmware and 1 more 2019-05-22 3.5
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F,...
CVE-2015-5084 1 Siemens 2 Simatic Wincc Sm%40rtclient Lite, Simatic Wincc Sm%40rtclient 2017-09-21 2.1
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors.
CVE-2015-7836 1 Siemens 1 Ruggedcom Rugged Operating System 2017-09-15 3.3
Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.
CVE-2004-2626 1 Siemens 1 S55 2017-07-20 3.7
GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.
CVE-2017-6864 1 Siemens 1 Ruggedcom Rox I 2017-07-12 3.5
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.
CVE-2016-7960 1 Siemens 1 Simatic Step 7 2016-12-22 1.9
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
CVE-2016-8562 1 Siemens 1 Simatic Cp 1543-1 Firmware 2016-12-22 3.5
Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables.
CVE-2016-7959 1 Siemens 1 Simatic Step 7 2016-12-22 1.9
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.
CVE-2016-3155 1 Siemens 1 Apogee Insight 2016-12-03 3.6
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-5849 1 Siemens 1 Sicam Pas 2016-11-28 1.9
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
CVE-2016-5848 1 Siemens 1 Sicam Pas 2016-11-28 1.7
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.