Filtered by vendor Siemens
Subscribe
Total
2135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2772 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2025-04-11 | 6.9 MEDIUM | 7.8 HIGH |
| Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | |||||
| CVE-2013-6925 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | 8.3 HIGH | N/A |
| The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. | |||||
| CVE-2013-0676 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 4.0 MEDIUM | N/A |
| Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query. | |||||
| CVE-2011-4875 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. | |||||
| CVE-2012-2596 | 1 Siemens | 1 Wincc | 2025-04-11 | 5.5 MEDIUM | N/A |
| The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. | |||||
| CVE-2013-0677 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 5.8 MEDIUM | N/A |
| The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. | |||||
| CVE-2011-4879 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 8.5 HIGH | N/A |
| miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. | |||||
| CVE-2012-2597 | 1 Siemens | 1 Wincc | 2025-04-11 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. | |||||
| CVE-2011-4529 | 1 Siemens | 1 Automation License Manager | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command. | |||||
| CVE-2013-4779 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0670 | 1 Siemens | 1 Wincc Tia Portal | 2025-04-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2011-4509 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. | |||||
| CVE-2012-1802 | 1 Siemens | 10 Scalance X-300, Scalance X-300 Firmware, Scalance X-300eec and 7 more | 2025-04-11 | 7.8 HIGH | N/A |
| Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. | |||||
| CVE-2013-6840 | 1 Siemens | 1 Comos | 2025-04-11 | 6.9 MEDIUM | N/A |
| Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. | |||||
| CVE-2013-0679 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname. | |||||
| CVE-2014-1699 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2025-04-11 | 5.0 MEDIUM | N/A |
| Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. | |||||
| CVE-2011-4513 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. | |||||
| CVE-2012-4698 | 1 Siemens | 4 Ros, Rox I Os, Rox Ii Os and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. | |||||
| CVE-2013-4943 | 1 Siemens | 1 Comos | 2025-04-11 | 7.2 HIGH | N/A |
| The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. | |||||
| CVE-2011-4512 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||