Filtered by vendor Siemens
Subscriptions
Total
2125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5537 | 1 Siemens | 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System | 2025-04-12 | N/A |
| The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | ||||
| CVE-2016-8561 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2025-04-12 | N/A |
| A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. | ||||
| CVE-2015-1598 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | N/A |
| The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. | ||||
| CVE-2015-2177 | 1 Siemens | 2 Simatic S7-300 Cpu, Simatic S7-300 Cpu Firmware | 2025-04-12 | N/A |
| Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. | ||||
| CVE-2014-2908 | 1 Siemens | 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-1601 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | ||||
| CVE-2015-1599 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | N/A |
| The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | ||||
| CVE-2014-8478 | 1 Siemens | 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more | 2025-04-12 | N/A |
| The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. | ||||
| CVE-2015-1596 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | N/A |
| The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-1595 | 1 Siemens | 1 Spcanywhere | 2025-04-12 | N/A |
| The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. | ||||
| CVE-2016-7112 | 1 Siemens | 2 En100 Ethernet Module, En100 Ethernet Module Firmware | 2025-04-12 | N/A |
| A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. | ||||
| CVE-2015-1594 | 1 Siemens | 5 Simatic Cfc, Simatic Prosave, Simatic Step 7 and 2 more | 2025-04-12 | N/A |
| Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. | ||||
| CVE-2015-1356 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | ||||
| CVE-2015-1355 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | ||||
| CVE-2016-5744 | 1 Siemens | 1 Simatic Wincc | 2025-04-12 | N/A |
| Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. | ||||
| CVE-2014-5231 | 2 Apple, Siemens | 2 Iphone Os, Simatic Wincc Sm\@rtclient | 2025-04-12 | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. | ||||
| CVE-2016-4953 | 5 Ntp, Opensuse, Oracle and 2 more | 15 Ntp, Leap, Opensuse and 12 more | 2025-04-12 | 7.5 High |
| ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | ||||
| CVE-2014-9369 | 1 Siemens | 6 Spc4000, Spc4000 Firmware, Spc5000 and 3 more | 2025-04-12 | N/A |
| Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. | ||||
| CVE-2014-2253 | 1 Siemens | 1 Simatic S7-1500 Cpu Firmware | 2025-04-12 | N/A |
| Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. | ||||
| CVE-2014-8551 | 1 Siemens | 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more | 2025-04-12 | N/A |
| The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | ||||