Filtered by vendor Siemens
Subscriptions
Total
1927 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37206 | 1 Siemens | 3 Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300 | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. | ||||
| CVE-2021-37205 | 1 Siemens | 95 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 92 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. | ||||
| CVE-2021-37204 | 1 Siemens | 95 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 92 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations. | ||||
| CVE-2021-37203 | 1 Siemens | 2 Nx 1980, Solid Edge | 2024-11-21 | 7.1 High |
| A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. | ||||
| CVE-2021-37202 | 1 Siemens | 2 Nx 1980, Solid Edge | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2021-37201 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link. | ||||
| CVE-2021-37200 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 7.7 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. | ||||
| CVE-2021-37199 | 1 Siemens | 4 Sinumerik 808d, Sinumerik 808d Firmware, Sinumerik 828d and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device. | ||||
| CVE-2021-37198 | 1 Siemens | 1 Comos | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. | ||||
| CVE-2021-37197 | 1 Siemens | 1 Comos | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements. | ||||
| CVE-2021-37196 | 1 Siemens | 1 Comos | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. | ||||
| CVE-2021-37195 | 1 Siemens | 1 Comos | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. | ||||
| CVE-2021-37194 | 1 Siemens | 1 Comos | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files. | ||||
| CVE-2021-37193 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa). | ||||
| CVE-2021-37192 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. | ||||
| CVE-2021-37191 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. | ||||
| CVE-2021-37190 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user. | ||||
| CVE-2021-37186 | 1 Siemens | 12 Logo\! Cmr2020, Logo\! Cmr2020 Firmware, Logo\! Cmr2040 and 9 more | 2024-11-21 | 5.4 Medium |
| A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information. | ||||
| CVE-2021-37185 | 1 Siemens | 95 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 92 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. | ||||
| CVE-2021-37184 | 1 Siemens | 1 Industrial Edge Management | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system. | ||||