Filtered by vendor Siemens
Subscriptions
Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2200 | 1 Siemens | 15 Simatic S7-1500 Cpu Firmware, Simatic S7-1511-1 Pn Cpu, Simatic S7-1511c-1 Pn Cpu and 12 more | 2025-04-12 | N/A |
| Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. | ||||
| CVE-2015-3610 | 1 Siemens | 1 Homecontrol For Room Automation | 2025-04-12 | N/A |
| The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. | ||||
| CVE-2015-5386 | 1 Siemens | 2 Sicam Mic, Sicam Mic Firmware | 2025-04-12 | N/A |
| Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. | ||||
| CVE-2016-1488 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2015-5084 | 1 Siemens | 2 Simatic Wincc Sm\@rtclient, Simatic Wincc Sm\@rtclient Lite | 2025-04-12 | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-5232 | 2 Apple, Siemens | 2 Iphone Os, Simatic Wincc Sm\@rtclient | 2025-04-12 | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. | ||||
| CVE-2015-7836 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-12 | N/A |
| Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. | ||||
| CVE-2014-8478 | 1 Siemens | 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more | 2025-04-12 | N/A |
| The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. | ||||
| CVE-2015-6675 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-12 | N/A |
| Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. | ||||
| CVE-2015-5698 | 1 Siemens | 2 Simatic S7 1200 Cpu, Simatic S7 1200 Cpu Firmware | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2015-5537 | 1 Siemens | 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System | 2025-04-12 | N/A |
| The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | ||||
| CVE-2015-1357 | 1 Siemens | 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more | 2025-04-12 | N/A |
| Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. | ||||
| CVE-2014-5231 | 2 Apple, Siemens | 2 Iphone Os, Simatic Wincc Sm\@rtclient | 2025-04-12 | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. | ||||
| CVE-2016-7114 | 1 Siemens | 2 En100 Ethernet Module, En100 Ethernet Module Firmware | 2025-04-12 | N/A |
| A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful. | ||||
| CVE-2014-4682 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-12 | N/A |
| The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. | ||||
| CVE-2016-8564 | 1 Siemens | 1 Automation License Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. | ||||
| CVE-2016-9155 | 1 Siemens | 30 Ccid1445-dn18, Ccid1445-dn18 Firmware, Ccid1445-dn28 and 27 more | 2025-04-12 | N/A |
| The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances. | ||||
| CVE-2015-2177 | 1 Siemens | 2 Simatic S7-300 Cpu, Simatic S7-300 Cpu Firmware | 2025-04-12 | N/A |
| Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. | ||||
| CVE-2016-8561 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2025-04-12 | N/A |
| A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. | ||||
| CVE-2015-1601 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | ||||