| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. |
| Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. |
| Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. |
| Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets. |
| Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. |
| Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. |
| The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. |
| Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. |
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. |
| A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files\*" or the localized equivalent). |
| Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. |
| ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. |
| Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. |
| The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. |
| Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. |
| The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. |
