Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-11453

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-07 Aug, 2018 | 15:00
Updated At-16 Sep, 2024 | 17:42
Rejected At-
Credits

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:07 Aug, 2018 | 15:00
Updated At:16 Sep, 2024 | 17:42
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.

Affected Products
Vendor
Siemens AGSiemens AG
Product
SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15
Versions
Affected
  • SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions
  • SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2
  • SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6
  • SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276: Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276: Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/105115
vdb-entry
x_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/105115
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/105115
vdb-entry
x_refsource_BID
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/105115
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:07 Aug, 2018 | 15:29
Updated At:09 Oct, 2019 | 23:33

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Siemens AG
siemens
>>simatic_step_7_\(tia_portal\)>>10.0
cpe:2.3:a:siemens:simatic_step_7_\(tia_portal\):10.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_step_7_\(tia_portal\)>>11.0
cpe:2.3:a:siemens:simatic_step_7_\(tia_portal\):11.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_step_7_\(tia_portal\)>>12.0
cpe:2.3:a:siemens:simatic_step_7_\(tia_portal\):12.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_step_7_\(tia_portal\)>>13.0
cpe:2.3:a:siemens:simatic_step_7_\(tia_portal\):13.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_step_7_\(tia_portal\)>>13.0
cpe:2.3:a:siemens:simatic_step_7_\(tia_portal\):13.0:sp1:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_step_7_\(tia_portal\)>>14.0
cpe:2.3:a:siemens:simatic_step_7_\(tia_portal\):14.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_step_7_\(tia_portal\)>>15.0
cpe:2.3:a:siemens:simatic_step_7_\(tia_portal\):15.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_wincc_\(tia_portal\)>>10.0
cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):10.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_wincc_\(tia_portal\)>>11.0
cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):11.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_wincc_\(tia_portal\)>>12.0
cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):12.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_wincc_\(tia_portal\)>>13.0
cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):13.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_wincc_\(tia_portal\)>>14.0
cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):14.0:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_wincc_\(tia_portal\)>>15.0
cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\):15.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-732Primarynvd@nist.gov
CWE-276Secondaryproductcert@siemens.com
CWE ID: CWE-732
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-276
Type: Secondary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/105115productcert@siemens.com
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdfproductcert@siemens.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/105115
Source: productcert@siemens.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf
Source: productcert@siemens.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

368Records found
CVE-2020-28392
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine.

Action-Not Available
Vendor-Siemens AG
Product-simaris_configurationSIMARIS configuration
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-31465
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.40%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:21
Updated-21 Apr, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Action-Not Available
Vendor-Siemens AG
Product-xpedition_designerXpedition Designer VX.2.11Xpedition Designer VX.2.12Xpedition Designer VX.2.10Xpedition Designer VX.2.13
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-27001
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.63%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33626
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.57%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 02:21
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)Siemens AG
Product-simatic_ipc127e_firmwaresimatic_ipc377ginsydeh2osimatic_ipc677esimatic_ipc227g_firmwaresimatic_ipc647e_firmwaresimatic_ipc277gsimatic_ipc627e_firmwaresimatic_ipc477esimatic_field_pg_m6_firmwaresimatic_ipc627esimatic_ipc847e_firmwaresimatic_field_pg_m5simatic_itp1000simatic_ipc377g_firmwaresimatic_ipc327g_firmwaresimatic_ipc477e_firmwaresimatic_ipc427e_firmwaresimatic_ipc847esimatic_ipc427esimatic_field_pg_m6ruggedcom_apr1808simatic_ipc227gsimatic_ipc477e_prosimatic_field_pg_m5_firmwaresimatic_ipc677e_firmwaresimatic_ipc477e_pro_firmwaresimatic_ipc277g_firmwaresimatic_ipc127esimatic_itp1000_firmwareruggedcom_apr1808_firmwaresimatic_ipc647esimatic_ipc327gn/a
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2018-11461
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.6||MEDIUM
EPSS-0.05% / 16.37%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_828d_v4.7_firmwaresinumerik_808d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8_firmwaresinumerik_828d_v4.7sinumerik_840d_sl_v4.8sinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-264
Not Available
CVE-2018-11465
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.84%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_828d_v4.7_firmwaresinumerik_808d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8_firmwaresinumerik_828d_v4.7sinumerik_840d_sl_v4.8sinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-11449
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-scalance_m875scalance_m875_firmwareSCALANCE M875
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-11459
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_828d_v4.7_firmwaresinumerik_808d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8_firmwaresinumerik_828d_v4.7sinumerik_840d_sl_v4.8sinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2018-11463
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.11%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_828d_v4.7_firmwaresinumerik_808d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8_firmwaresinumerik_828d_v4.7sinumerik_840d_sl_v4.8sinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-11460
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_828d_v4.7_firmwaresinumerik_808d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8_firmwaresinumerik_828d_v4.7sinumerik_840d_sl_v4.8sinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2017-9942
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.43%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.

Action-Not Available
Vendor-n/aSiemens AG
Product-sipass_integratedSiPass integrated All versions before V2.70
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CVE-2014-4685
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 16.50%
||
7 Day CHG~0.00%
Published-24 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_pcs7winccn/a
CVE-2017-6871
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.37%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_wincc_sm\@rtclient_litesimatic_wincc_sm\@rtclientSIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2020-8744
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.04%
||
7 Day CHG-0.01%
Published-12 Nov, 2020 | 18:06
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationSiemens AG
Product-server_platform_servicessimatic_s7-1518f-4_pn\/dp_mfp_firmwaretrusted_execution_enginesimatic_s7-1518-4_pn\/dp_mfpconverged_security_and_management_enginesimatic_s7-1518f-4_pn\/dp_mfpsimatic_s7-1500_firmwaresimatic_s7-1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500Intel(R) CSME versions, Intel(R) TXE, Intel(R) SPS
CWE ID-CWE-665
Improper Initialization
CVE-2020-8177
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.02%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 19:42
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Action-Not Available
Vendor-n/aCURLDebian GNU/LinuxSplunk LLC (Cisco Systems, Inc.)Siemens AGFujitsu Limited
Product-m12-1m10-4s_firmwareuniversal_forwarderm10-4curlm12-1_firmwarem10-4sm10-4_firmwaresinec_infrastructure_network_servicesm12-2sdebian_linuxm10-1_firmwarem10-1m12-2s_firmwarem12-2_firmwarem12-2https://github.com/curl/curl
CWE ID-CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-8703
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:48
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel CorporationSiemens AG
Product-core_i7-7700kcore_i7-8705gcore_i7-8665uz270c627core_i3-8300tcore_i7-7660ucore_i7-8706gcore_i7-1068ng7core_i7-11700fcore_i7-1160g7core_i5-1035g7pentium_gold_g5420core_i7-10850hcore_i7-1185grecore_i7-11375hcore_i5-8400hcore_i7-8700core_i5-10400fc621acore_i5-8400core_i5-7y54core_i3-10300core_i3-7100tcore_i7-7700tcore_i7-10700tcore_i3-1110g4core_i7-8086kceleron_4305ucore_i5-10210usimatic_ipc547g_firmwarecore_i5-8257ucore_i7-8700kcore_i5-10200hpentium_gold_g5400tpentium_gold_g6405tq150core_i5-1035g4core_i3-8145ucore_i5-10400hceleron_4205ucore_i7-11700core_i5-7442eqcore_i3-10100ycore_i3-7020ucore_i5-10400tcore_i3-8109ucore_i7-11370hcore_i5-10310ucore_i7-7600ucore_i9-11900tcore_i9-11900kbcore_i5-10505c246core_i5-1030g7xeon_w-1270core_i3-1000ng4core_i3-7100ecore_i5-11600tcore_i3-7300pentium_gold_4417ucore_i7-11850hcore_i9-11900core_i3-1000g1core_i7-10510ycore_i3-10110ucore_i7-11800hcore_i5_l16g7simatic_field_pg_m6_firmwarec625simatic_ipc477ecore_i5-10400simatic_ipc427e_firmwarexeon_w-1270tecore_i5-8400bcore_i7-7700hqcore_i5-1155g7core_i5-10500tecore_i3-10105fcore_i7-7820hkcore_i3-8100hpentium_gold_4415ypentium_gold_g5620core_i9-11950hxeon_w-1290tcore_i5-11600h110core_i5-10300hpentium_gold_g6505tcore_i5-8350ucore_i9-10980hkcore_i5-7300uq270core_i7-11700tcore_i5-8600xeon_w-11855mcore_i5-8500tcore_i7-10510ucore_i5-7500core_i3-10100ecore_i5-1030ng7core_i3-8100core_i7-1060g7simatic_ipc527gcore_i9-11900hcore_i9-10900h410pentium_gold_g6500txeon_w-10855mcore_i5-7200ucore_i9-11900kcore_i3-10100tsimatic_ipc847e_firmwarecore_i9-8950hksimatic_ipc527g_firmwarecore_i9-10900ecore_i7-7700simatic_field_pg_m5core_i9-10850kcore_i9-10900kcore_i7-7920hqcore_i3-7102eh270core_i5-8600ksimatic_ipc477e_firmwareq470core_i9-10900fpentium_gold_g6400tcore_i5-8400tpentium_gold_g5600tsimatic_field_pg_m6xeon_w-1270pcore_i7-8750hcore_i7-10700simatic_ipc477e_procore_i5-8365ub150core_i3-10100tecore_i9-10910core_i5-7600simatic_ipc647ecore_i3-10105txeon_w-1250ecore_i7-10700fcore_i9-10885hcore_i5-11400tcore_i5-11300hcore_i9-11900kfcore_i3-10325core_i5-1145g7core_i3-1125g4core_i7-10750hq470ecore_i3-7100hcore_i3-8300core_i3-1000g4core_i5-7400tcore_i7-10875hq370core_i3-7100core_i7-8809gcore_i3-8145uecore_i5-7260ucore_i7-8700bcore_i7-8709gsimatic_ipc627ecore_i3-10100pentium_gold_g6505core_i5-7267uxeon_w-1250pcore_i3-1115g4celeron_6305core_i3-8100tcore_i3-8121uh170core_i5-10210yh310core_i5-1140g7core_i7-8557ucore_i5-10500esimatic_ipc547gcore_i7-8700tsimatic_ipc477e_pro_firmwarecore_i5-8300hcore_i5-10600tcore_m3-7y32core_i3-10110ycore_i5-7400core_i5-10600kfcore_i7-8650ucore_i5-11400fc629acore_i7-10700ecore_i5-1145grecore_i3-7320core_i7-1180g7c242pentium_gold_4410ycore_i5-11600kfz370pentium_gold_g5500tcore_i7-11700kfcloud_backupcore_i7-10870hpentium_gold_4415uw480core_i5-1035g1core_i5-1038ng7h420ecore_i5-11500bz170c624mobile_cm246simatic_ipc647e_firmwarex299pentium_gold_6405usimatic_ipc627e_firmwarecore_i5-8500bc627acore_i7-10700kcore_i5-11500tc622core_i7-1185g7core_i7-1165g7core_i7-1195g7core_i5-8269ucore_i5-11600kcore_i7-11390hcore_i5-1030g4core_i7-10700tecore_i5-10500core_i7-11700kcore_i7-10710ucore_i5-7287ucore_i7-10700kfcore_i5-7440eqh370xeon_w-1250texeon_w-1250core_i5-8279uw480exeon_w-1290ecore_i3-7100ucore_i7-8565ucore_i3-7101tecore_i3-7350kcore_i5-11400hcore_i7-11700bcore_i5-7600kcore_i5-8250ucore_i3-10305b365core_i5-7300hqcore_i7-7560uxeon_w-1270epentium_gold_g5420tcore_i7-7820eqcore_i9-11900fcore_i5-8259ucore_i5-7360ucore_i9-11980hkpentium_gold_g5500core_i5-10600kceleron_4305uesimatic_ipc847ecore_i3-8140usimatic_ipc427ecore_m3-8100ycore_i9-10900kfcore_i3-10105core_i3-11100bq170b460simatic_itp1000_firmwarecore_i5-1130g7core_i3-1120g4core_i5-7600tcore_i7-1060ng7core_i7-7500ucore_i7-8550ucore_i5-10310yxeon_w-1290pcore_i5-10500hcore_i5-8260ucore_i5-11320hpentium_gold_4425yb250core_i7-10810upentium_gold_g6500core_i3-1115grecore_i7-8850hcore_i5-11500hcore_i3-7130ucore_i7-10610usimatic_itp1000xeon_w-11955mcore_i3-10100fcore_i3-7167upentium_gold_g6400ecore_i7-8500ycore_i7-7567uc629pentium_gold_7505b360core_i5-10600c621core_i5-11260hsimatic_field_pg_m5_firmwarecore_i3-1115g4epentium_gold_g6400core_i7-7820hqcore_i5-8210ycore_m3-7y30core_i3-7300tcore_i5-8365uecore_i7-8665uexeon_w-1290celeron_6305ecore_i5-1145g7exeon_w-10885mcore_i3-10320core_i9-10900tcore_i5-8200ypentium_gold_g5400simatic_ipc677ecore_i3-10300tcore_i3-7101ecore_i5-8310yxeon_w-1290tecore_i5-1135g7core_i5-11500core_i5-8500c626core_i5-7440hqpentium_gold_g6600core_i7-8569uq250z490core_i5-8265ucore_i5-10500tpentium_gold_g6605core_i7-1185g7econverged_security_and_manageability_enginecore_i3_l13g4pentium_gold_5405ucore_i7-7y75core_i3-1005g1pentium_gold_g6405core_i3-8100bcore_i5-7y57simatic_ipc677e_firmwarecore_i3-10305tcore_i3-8350kcore_i5-11400core_i5-8600tcore_i5-7500tcore_i5-8305gcore_i7-1065g7core_i7-8559ucore_i9-10900tepentium_gold_g6400tez390core_i3-8130uc420h470pentium_gold_6500yc628pentium_gold_g5600Intel(R) CSME versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-8745
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 57.30%
||
7 Day CHG-0.11%
Published-12 Nov, 2020 | 18:06
Updated-28 Mar, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Action-Not Available
Vendor-n/aIntel CorporationSiemens AG
Product-sinumerik_828d_hw_pu.4_firmwaresimatic_ipc127esimatic_field_pg_m6trusted_execution_technologysimatic_ipc547gsinumerik_mc_mcu_1720sinumerik_840d_sl_ht_10simatic_ipc477e_prosimatic_ipc547g_firmwaresimatic_ipc847esimatic_ipc477esimatic_field_pg_m5_firmwaresimatic_ipc427e_firmwaresimatic_ipc527g_firmwaresinumerik_one_ppu_1740simatic_itp1000simatic_field_pg_m6_firmwaresinumerik_840d_sl_ht_10_firmwaresinumerik_one_ncu_1740_firmwaresimatic_ipc477e_firmwaresimatic_ipc647esimatic_ipc627e_firmwaresimatic_ipc667econverged_security_and_manageability_enginesinumerik_mc_mcu_1720_firmwaresimatic_ipc427esimatic_drive_controller_firmwaresimatic_ipc127e_firmwaresimatic_itp1000_firmwaresinumerik_one_ppu_1740_firmwaresimatic_drive_controllersinumerik_one_firmwaresimatic_et200sp_1515sp_pc2_firmwaresimatic_ipc667e_firmwaresimatic_field_pg_m5simatic_ipc527gsimatic_ipc647e_firmwaresimatic_ipc847e_firmwaresimatic_et200sp_1515sp_pc2simatic_ipc627esinumerik_828d_hw_pu.4sinumerik_one_ncu_1740sinumerik_oneIntel(R) CSME, Intel(R) TXE
CVE-2020-7590
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.17%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 15:30
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an attacker to read and or modify the onboard database. Successful exploitation requires direct physical access to the device.

Action-Not Available
Vendor-Siemens AG
Product-dca_vantage_analyzer_firmwaredca_vantage_analyzerDCA Vantage Analyzer
CWE ID-CWE-259
Use of Hard-coded Password
CVE-2020-7585
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 16:23
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.

Action-Not Available
Vendor-Siemens AG
Product-simatic_step_7simatic_pcs_7sinamics_startersimatic_process_device_managerSIMATIC STEP 7 V5.XSIMATIC PCS 7 V8.2 and earlierSINAMICS STARTER (containing STEP 7 OEM version)SIMATIC PCS 7 V9.0SIMATIC PDM
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2013-3927
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 16.50%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 18:45
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.

Action-Not Available
Vendor-n/aSiemens AG
Product-comosn/a
CVE-2020-27003
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-26999
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.77%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-27006
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24287
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.81%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:46
Updated-21 Apr, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.

Action-Not Available
Vendor-Siemens AG
Product-simatic_winccsimatic_pcs_7simatic_wincc_runtime_professionalSIMATIC PCS 7 V9.0SIMATIC WinCC Runtime Professional V17SIMATIC WinCC V7.4SIMATIC WinCC V7.5SIMATIC PCS 7 V8.2SIMATIC WinCC V7.3SIMATIC PCS 7 V9.1SIMATIC WinCC Runtime Professional V16 and earlier
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2019-10915
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-5.86% / 90.20%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 21:17
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in TIA Administrator (All versions < V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-tia_administratorsinetplanTIA Administrator
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-12360
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 39.19%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:53
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel CorporationSiemens AG
Product-xeon_platinum_8153xeon_e3-1230_v5xeon_e3-1558l_v5xeon_w-3245mxeon_e5-4610_v4xeon_e7-8894_v4xeon_gold_6146xeon_e5-2660_v3core_i7-1068ng7e-series_bioscore_i7-1160g7xeon_e5-1680_v3xeon_d-1527xeon_e5-2697_v4xeon_gold_5115xeon_platinum_8170xeon_gold_6136xeon_w-2125core_i9-10940xxeon_e5-4610_v3xeon_e5-4650_v4xeon_e7-8880_v4xeon_gold_6138xeon_e5-1660_v4simatic_ipc547g_firmwarexeon_e7-8891_v4xeon_platinum_8164xeon_e-2226gxeon_e3-1280_v5xeon_gold_6234xeon_e5-2699r_v4xeon_w-2255xeon_d-1518core_i7-11700core_i7-6822eqcore_i7-6700texeon_e3-1501l_v6xeon_gold_6262vcore_i7-11370hxeon_e5-2683_v4xeon_platinum_8168core_i7-7600uxeon_e5-2608l_v4xeon_e5-2640_v3xeon_e-2224xeon_gold_5218xeon_e5-1620_v4core_i7-11850hxeon_d-1567simatic_cpu_1518f-4_firmwarexeon_e5-2630l_v3xeon_e3-1505l_v6xeon_e-2278gexeon_e5-1607_v3xeon_e5-4640_v4xeon_gold_5117xeon_gold_5122xeon_w-2245xeon_d-1587xeon_e5-2699_v3xeon_d-2191xeon_gold_6248rcore_i7-7820hkxeon_e5-2689_v4xeon_e7-8870_v4xeon_w-1290tcore_i5-l16g7xeon_gold_6240core_i7-6970hqxeon_gold_6262xeon_platinum_8156xeon_e-2136core_i7-10510ucore_i7-1060g7xeon_w-2265xeon_e5-2667_v4xeon_platinum_8274xeon_w-10855mxeon_gold_6126fxeon_d-1539xeon_e3-1535m_v5xeon_e5-1680_v4core_i7-7700xeon_gold_5220rxeon_d-2146ntxeon_e3-1268l_v5xeon_platinum_8160fxeon_e5-2658_v3xeon_e5-4660_v4core_i7-8750hxeon_e3-1501m_v6xeon_gold_6250lxeon_gold_6210uxeon_d-2187ntxeon_platinum_8160mcore_i7-10700fxeon_d-2166ntxeon_e3-1270_v6xeon_e-2286mxeon_e3-1505m_v5core_i7-10750hxeon_silver_4216xeon_gold_6230xeon_platinum_8253xeon_e5-2630l_v4xeon_w-2195xeon_e5-4667_v4xeon_e5-2628l_v4xeon_e-2276gxeon_e5-2685_v3xeon_w-1390xeon_e-2186gxeon_d-2183itxeon_silver_4116txeon_e-2174gxeon_e5-2630_v4xeon_d-1622core_i7-8809gxeon_e5-4667_v3xeon_platinum_8160hcore_i7-8700bxeon_e5-2643_v3xeon_d-2145ntxeon_d-1581xeon_e5-1650_v4xeon_gold_6238xeon_e5-2630_v3xeon_w-1250pxeon_silver_4208xeon_e3-1585_v5xeon_w-2104xeon_e5-2623_v4core_i7-6560uxeon_w-2123xeon_gold_5220sxeon_w-3275mxeon_platinum_9282xeon_e5-2683_v3core_i7-10700exeon_silver_4108xeon_gold_6130txeon_silver_4210core_i7-11700kfcloud_backupcore_i7-10870hxeon_e7-8867_v4xeon_bronze_3106xeon_w-2102xeon_e-2274gcore_i7-10700kxeon_e-2278gelxeon_d-1540xeon_e3-1280_v6hci_compute_node_biosxeon_e5-2698_v4xeon_platinum_8160tcore_i7-11700kxeon_d-1528xeon_silver_4214rcore_i7-6500uxeon_e5-2697_v3xeon_e5-4627_v4xeon_e-2124core_i7-10710uxeon_d-2141icore_i7-10700kfxeon_d-1541xeon_e5-2660_v4xeon_e7-4830_v4xeon_w-1250texeon_platinum_8268xeon_platinum_8176mxeon_e-2276mecore_i7-8565uxeon_gold_5222xeon_e5-2687w_v4xeon_e5-1603_v3core_i7-7560uxeon_gold_5117fxeon_e3-1535m_v6xeon_d-1548xeon_d-1649nxeon_d-1529xeon_platinum_9221xeon_e3-1220_v5xeon_platinum_8160xeon_e5-2428l_v3core_i7-6700hqxeon_e7-4809_v4xeon_e5-4648_v3xeon_gold_6122xeon_silver_4123xeon_gold_6148fxeon_gold_6132biosxeon_e5-2618l_v4xeon_w-2155xeon_gold_6137core_i7-7500ucore_i7-8550uxeon_e-2224gxeon_w-2135xeon_d-1623nxeon_w-2145xeon_e-2226gecore_i7-6650uxeon_gold_6142core_i7-10610ucore_i7-8500ycore_i7-7567uxeon_silver_4214xeon_w-1390pxeon_d-2161ixeon_silver_4210rxeon_d-1632core_i7-7820hqxeon_e3-1585l_v5xeon_e5-2620_v3xeon_e5-2670_v3xeon_gold_5218bxeon_e5-2648l_v3xeon_gold_6142mxeon_e5-2609_v3xeon_e3-1275_v5xeon_e5-2438l_v3xeon_e3-1240_v5xeon_e5-2650_v3xeon_gold_6222core_i7-6567uxeon_e5-2648l_v4xeon_e5-4620_v4xeon_e7-8855_v4xeon_d-1513nxeon_d-1537xeon_e3-1515m_v5xeon_w-1290texeon_e3-1225_v5xeon_gold_6209uxeon_silver_4112xeon_d-1559xeon_w-3223xeon_gold_5120txeon_w-3175xxeon_gold_6134xeon_gold_6162xeon_e5-2628l_v3xeon_e-2254mexeon_w-3235core_i7-7y75xeon_e5-4669_v3xeon_w-2225xeon_gold_6130hxeon_w-2133core_i7-6700xeon_d-1557xeon_e5-4627_v3xeon_e7-4850_v4xeon_gold_6148xeon_e3-1505m_v6xeon_gold_6144xeon_gold_6140msimatic_cpu_1518f-4xeon_gold_5220txeon_platinum_8276lxeon_w-2223xeon_e5-2679_v4core_i7-7700kcore_i7-8705gxeon_e-2276mcore_i7-8665uxeon_gold_6129xeon_platinum_9222xeon_gold_6230tcore_i7-7660ucore_i7-6600ucore_i7-8706gxeon_gold_6126tcore_i7-11700fxeon_platinum_8165xeon_w-3225xeon_gold_6135xeon_e3-1565l_v5xeon_e-2236xeon_w-1370core_i7-10850hxeon_e5-1603_v4core_i7-1185grexeon_e5-2408l_v3core_i7-11375hxeon_e3-1240_v6xeon_d-1573ncore_i7-8700core_i7-7700tcore_i7-10700txeon_e5-1630_v4xeon_e5-4660_v3xeon_gold_6246core_i7-8086kxeon_w-2295core_i7-6770hqcore_i7-8700kxeon_e5-2603_v3fas_biosxeon_e-2134xeon_e5-2667_v3xeon_gold_5215xeon_e5-4655_v3xeon_d-2143itxeon_d-2163itxeon_e5-2699_v4xeon_e3-1285_v6xeon_w-1390tsimatic_cpu_1518-4xeon_w-1270xeon_e3-1225_v6xeon_platinum_8284xeon_silver_4109tcore_i7-10510yxeon_e3-1240l_v5xeon_e5-2690_v3xeon_e5-4655_v4xeon_gold_5215lxeon_silver_4215rxeon_e5-2658_v4xeon_gold_6138fcore_i7-11800hxeon_e5-1630_v3xeon_silver_4210txeon_e5-2680_v3xeon_gold_6212uxeon_e3-1205_v6core_i7-7700hqxeon_w-1270texeon_silver_4114xeon_e5-2698_v3core_i7-6498duxeon_e3-1245_v5core_i7-6870hqxeon_gold_6258rxeon_bronze_3104xeon_d-1571xeon_gold_6240lxeon_gold_6238lxeon_e5-2637_v3xeon_e5-1620_v3xeon_gold_6250xeon_d-2173itcore_i7-11700txeon_w-11855mxeon_d-2123itxeon_gold_5219yxeon_e-2246gxeon_w-3265mxeon_d-1627xeon_e5-2637_v4xeon_e5-2687w_v3xeon_d-1602xeon_e7-8890_v4xeon_e5-2680_v4xeon_gold_5218txeon_e5-2697a_v4xeon_gold_6150xeon_gold_6140xeon_e5-2690_v4xeon_e5-2609_v4core_i7-7920hqxeon_platinum_8174xeon_d-1612xeon_e-2254mlxeon_e3-1545m_v5core_i7-10700core_i9-10920xxeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5xeon_gold_6126xeon_e3-1260l_v5xeon_w-1250exeon_e5-2643_v4xeon_d-1563nxeon_e5-2699a_v4simatic_cpu_1518-4_firmwarecore_i7-10875hxeon_e-2276mlxeon_e-2244gxeon_e-2176gxeon_gold_6142fcore_i3-l13g4core_i7-8709gxeon_e5-4650_v3xeon_e5-2650l_v4xeon_gold_6130xeon_e-2104gxeon_platinum_8260core_i7-8557usimatic_ipc547gcore_i7-8700txeon_platinum_9242core_i7-6820hqxeon_platinum_8280lxeon_silver_4110core_i7-8650uxeon_bronze_3204xeon_gold_5119tcore_i7-1180g7core_i7-6700tcore_i7-6920hqxeon_gold_6246rxeon_e3-1230_v6xeon_gold_5217xeon_gold_6230nxeon_gold_6143xeon_w-3265xeon_gold_5218nxeon_e5-2620_v4xeon_gold_6138txeon_w-3245xeon_gold_5120core_i7-1185g7core_i7-1195g7xeon_e-2124gcore_i7-1165g7xeon_e5-2618l_v3xeon_d-1523nxeon_e5-2608l_v3core_i7-10700texeon_e-2288gxeon_d-1653nxeon_gold_5220xeon_e-2234xeon_d-1577xeon_d-1637xeon_gold_6254xeon_gold_6269yxeon_silver_4114tcore_i7-6700kxeon_gold_6240yxeon_e5-4669_v4aff_biosxeon_gold_6154xeon_w-1250xeon_e5-2640_v4hci_storage_node_biosxeon_gold_6208uxeon_e7-8893_v4xeon_w-1290exeon_e5-1650_v3xeon_w-3275core_i7-11700bxeon_d-1553nxeon_e-2126gxeon_silver_4209txeon_e5-4620_v3xeon_silver_4116xeon_w-1270exeon_d-1633ncore_i7-7820eqxeon_gold_6252nxeon_e7-4820_v4xeon_gold_6244xeon_e5-2695_v3xeon_gold_6248xeon_e3-1220_v6xeon_w-1370pxeon_platinum_8280xeon_e-2186mxeon_e5-1660_v3xeon_d-1520xeon_e-2176mcore_i7-6785rcore_i7-6820hkxeon_platinum_8256xeon_gold_6152core_i7-1060ng7xeon_e5-2623_v3xeon_platinum_8158xeon_e5-2658a_v3xeon_e5-2418l_v3xeon_w-1290pxeon_e-2286gxeon_gold_6222vxeon_platinum_8176xeon_gold_6242xeon_e3-1275_v6xeon_d-1531core_i7-10810uxeon_e3-1575m_v5xeon_e-2278gxeon_e5-2650_v4xeon_platinum_8260yxeon_e3-1505l_v5xeon_platinum_8270xeon_d-1533nxeon_gold_6242rxeon_e3-1245_v6xeon_gold_6128xeon_silver_4215xeon_d-2142itxeon_platinum_8180mcore_i7-8850hxeon_gold_5118xeon_w-2235xeon_e5-2695_v4xeon_gold_6130fxeon_w-11955mcore_i7-6820eqxeon_gold_6134mcore_i9-10900xxeon_platinum_8276xeon_gold_6238txeon_e3-1235l_v5xeon_silver_4214yxeon_e5-2603_v4core_i9-10980xexeon_e5-4628l_v4xeon_e7-8860_v4xeon_w-1350xeon_silver_4106hxeon_gold_6138pcore_i7-8665uexeon_w-1290xeon_platinum_8176fxeon_d-1524nsolidfire_biosxeon_gold_6240rxeon_w-10885mxeon_w-2275xeon_d-1543nxeon_gold_6226xeon_e-2144gxeon_gold_6256xeon_d-1521xeon_w-1350pxeon_gold_6230rcore_i7-8569uxeon_gold_6252xeon_e5-4640_v3core_i7-1185g7exeon_gold_5218rxeon_gold_6226rxeon_bronze_3206rxeon_e5-1607_v4core_i7-1065g7xeon_platinum_8260lxeon_e5-1428l_v3core_i7-8559uxeon_platinum_8170mxeon_e-2146gxeon_platinum_8180xeon_d-2177ntxeon_e5-2650l_v3xeon_w-2175Intel(R) Processors
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-12357
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:49
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel CorporationSiemens AG
Product-xeon_platinum_8153xeon_e3-1230_v5xeon_e3-1558l_v5xeon_w-3245mxeon_e5-4610_v4xeon_e7-8894_v4xeon_gold_6146xeon_e5-2660_v3core_i7-1068ng7e-series_bioscore_i7-1160g7xeon_e5-1680_v3xeon_d-1527xeon_e5-2697_v4xeon_gold_5115xeon_platinum_8170xeon_gold_6136xeon_w-2125core_i9-10940xxeon_e5-4610_v3xeon_e5-4650_v4xeon_e7-8880_v4xeon_gold_6138xeon_e5-1660_v4simatic_ipc547g_firmwarexeon_e7-8891_v4xeon_platinum_8164xeon_e-2226gxeon_e3-1280_v5xeon_gold_6234xeon_e5-2699r_v4xeon_w-2255xeon_d-1518core_i7-11700core_i7-6822eqcore_i7-6700texeon_e3-1501l_v6xeon_gold_6262vcore_i7-11370hxeon_e5-2683_v4xeon_platinum_8168core_i7-7600uxeon_e5-2608l_v4xeon_e5-2640_v3xeon_e-2224xeon_gold_5218xeon_e5-1620_v4core_i7-11850hxeon_d-1567xeon_e5-2630l_v3xeon_e3-1505l_v6xeon_e-2278gexeon_e5-1607_v3xeon_e5-4640_v4xeon_gold_5117xeon_gold_5122xeon_w-2245simatic_field_pg_m6_firmwarexeon_d-1587xeon_e5-2699_v3xeon_d-2191simatic_ipc427e_firmwarexeon_gold_6248rcore_i7-7820hkxeon_e5-2689_v4xeon_e7-8870_v4xeon_w-1290tcore_i5-l16g7xeon_gold_6240core_i7-6970hqxeon_gold_6262xeon_platinum_8156xeon_e-2136core_i7-10510ucore_i7-1060g7xeon_w-2265xeon_e5-2667_v4xeon_platinum_8274xeon_w-10855mxeon_gold_6126fxeon_d-1539xeon_e3-1535m_v5xeon_e5-1680_v4core_i7-7700xeon_gold_5220rxeon_d-2146ntxeon_e3-1268l_v5xeon_platinum_8160fsimatic_ipc477e_firmwarexeon_e5-2658_v3simatic_field_pg_m6xeon_e5-4660_v4core_i7-8750hxeon_e3-1501m_v6xeon_gold_6250lxeon_gold_6210uxeon_d-2187ntxeon_platinum_8160mcore_i7-10700fxeon_d-2166ntxeon_e3-1270_v6xeon_e-2286mxeon_e3-1505m_v5core_i7-10750hxeon_silver_4216xeon_gold_6230xeon_platinum_8253xeon_e5-2630l_v4xeon_w-2195xeon_e5-4667_v4xeon_e5-2628l_v4xeon_e-2276gxeon_e5-2685_v3xeon_w-1390xeon_e-2186gxeon_d-2183itxeon_silver_4116txeon_e-2174gxeon_e5-2630_v4xeon_d-1622core_i7-8809gxeon_e5-4667_v3xeon_platinum_8160hcore_i7-8700bxeon_e5-2643_v3xeon_d-2145ntxeon_d-1581xeon_e5-1650_v4xeon_gold_6238xeon_e5-2630_v3xeon_w-1250pxeon_silver_4208xeon_e3-1585_v5xeon_w-2104xeon_e5-2623_v4core_i7-6560uxeon_w-2123xeon_gold_5220sxeon_w-3275msimatic_ipc477e_pro_firmwarexeon_platinum_9282xeon_e5-2683_v3core_i7-10700exeon_silver_4108xeon_gold_6130txeon_silver_4210core_i7-11700kfcloud_backupcore_i7-10870hxeon_e7-8867_v4xeon_bronze_3106xeon_w-2102simatic_ipc647e_firmwarexeon_e-2274gcore_i7-10700kxeon_e-2278gelxeon_d-1540xeon_e3-1280_v6hci_compute_node_biosxeon_e5-2698_v4xeon_platinum_8160tcore_i7-11700kxeon_d-1528xeon_silver_4214rcore_i7-6500uxeon_e5-2697_v3xeon_e5-4627_v4xeon_e-2124core_i7-10710uxeon_d-2141icore_i7-10700kfxeon_d-1541xeon_e5-2660_v4xeon_e7-4830_v4xeon_w-1250texeon_platinum_8268xeon_platinum_8176mxeon_e-2276mecore_i7-8565uxeon_gold_5222xeon_e5-2687w_v4xeon_e5-1603_v3core_i7-7560uxeon_gold_5117fxeon_e3-1535m_v6xeon_d-1548xeon_d-1649nxeon_d-1529xeon_platinum_9221xeon_e3-1220_v5xeon_platinum_8160xeon_e5-2428l_v3simatic_ipc847esimatic_ipc427ecore_i7-6700hqxeon_e7-4809_v4xeon_e5-4648_v3xeon_gold_6122xeon_silver_4123xeon_gold_6148fxeon_gold_6132biosxeon_e5-2618l_v4xeon_w-2155xeon_gold_6137core_i7-7500ucore_i7-8550uxeon_e-2224gxeon_w-2135xeon_d-1623nxeon_w-2145xeon_e-2226gecore_i7-6650uxeon_gold_6142core_i7-10610ucore_i7-8500ycore_i7-7567uxeon_silver_4214xeon_w-1390pxeon_d-2161ixeon_silver_4210rxeon_d-1632core_i7-7820hqxeon_e3-1585l_v5xeon_e5-2620_v3xeon_e5-2670_v3xeon_gold_5218bxeon_e5-2648l_v3xeon_gold_6142mxeon_e5-2609_v3xeon_e3-1275_v5xeon_e5-2438l_v3xeon_e3-1240_v5xeon_e5-2650_v3xeon_gold_6222core_i7-6567uxeon_e5-2648l_v4simatic_ipc677exeon_e5-4620_v4xeon_e7-8855_v4xeon_d-1513nxeon_d-1537xeon_e3-1515m_v5xeon_w-1290texeon_e3-1225_v5xeon_gold_6209uxeon_silver_4112xeon_d-1559xeon_w-3223xeon_gold_5120txeon_w-3175xxeon_gold_6134xeon_gold_6162xeon_e5-2628l_v3xeon_e-2254mexeon_w-3235core_i7-7y75xeon_e5-4669_v3xeon_w-2225xeon_gold_6130hxeon_w-2133core_i7-6700xeon_d-1557xeon_e5-4627_v3xeon_e7-4850_v4xeon_gold_6148xeon_e3-1505m_v6xeon_gold_6144xeon_gold_6140mxeon_gold_5220txeon_platinum_8276lxeon_w-2223xeon_e5-2679_v4core_i7-7700kcore_i7-8705gxeon_e-2276mcore_i7-8665uxeon_gold_6129xeon_platinum_9222xeon_gold_6230tcore_i7-7660ucore_i7-6600ucore_i7-8706gxeon_gold_6126tcore_i7-11700fxeon_platinum_8165xeon_w-3225xeon_gold_6135xeon_e3-1565l_v5xeon_e-2236xeon_w-1370core_i7-10850hxeon_e5-1603_v4core_i7-1185grexeon_e5-2408l_v3core_i7-11375hxeon_e3-1240_v6xeon_d-1573ncore_i7-8700core_i7-7700tcore_i7-10700txeon_e5-1630_v4xeon_e5-4660_v3xeon_gold_6246core_i7-8086kxeon_w-2295core_i7-6770hqcore_i7-8700kxeon_e5-2603_v3fas_biosxeon_e-2134xeon_e5-2667_v3xeon_gold_5215xeon_e5-4655_v3xeon_d-2143itxeon_d-2163itxeon_e5-2699_v4xeon_e3-1285_v6xeon_w-1390tsimatic_cpu_1518-4xeon_w-1270xeon_e3-1225_v6xeon_platinum_8284xeon_silver_4109tcore_i7-10510yxeon_e3-1240l_v5xeon_e5-2690_v3xeon_e5-4655_v4xeon_gold_5215lxeon_silver_4215rxeon_e5-2658_v4xeon_gold_6138fcore_i7-11800hxeon_e5-1630_v3simatic_ipc477exeon_silver_4210txeon_e5-2680_v3xeon_gold_6212uxeon_e3-1205_v6core_i7-7700hqxeon_w-1270texeon_silver_4114xeon_e5-2698_v3core_i7-6498duxeon_e3-1245_v5core_i7-6870hqxeon_gold_6258rxeon_bronze_3104xeon_d-1571xeon_gold_6240lxeon_gold_6238lxeon_e5-2637_v3xeon_e5-1620_v3xeon_gold_6250xeon_d-2173itcore_i7-11700txeon_w-11855mxeon_d-2123itxeon_gold_5219yxeon_e-2246gxeon_w-3265mxeon_d-1627xeon_e5-2637_v4xeon_e5-2687w_v3xeon_d-1602xeon_e7-8890_v4xeon_e5-2680_v4xeon_gold_5218tsimatic_ipc847e_firmwarexeon_e5-2697a_v4xeon_gold_6150xeon_gold_6140xeon_e5-2690_v4xeon_e5-2609_v4core_i7-7920hqxeon_platinum_8174xeon_d-1612xeon_e-2254mlxeon_e3-1545m_v5core_i7-10700simatic_ipc477e_procore_i9-10920xxeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5xeon_gold_6126simatic_ipc647exeon_e3-1260l_v5xeon_w-1250exeon_e5-2643_v4xeon_d-1563nxeon_e5-2699a_v4simatic_cpu_1518-4_firmwarecore_i7-10875hxeon_e-2276mlxeon_e-2244gxeon_e-2176gxeon_gold_6142fcore_i3-l13g4core_i7-8709gsimatic_ipc627exeon_e5-4650_v3xeon_e5-2650l_v4xeon_gold_6130xeon_e-2104gxeon_platinum_8260core_i7-8557usimatic_ipc547gcore_i7-8700txeon_platinum_9242core_i7-6820hqxeon_platinum_8280lxeon_silver_4110core_i7-8650uxeon_bronze_3204xeon_gold_5119tcore_i7-1180g7core_i7-6700tcore_i7-6920hqxeon_gold_6246rxeon_e3-1230_v6xeon_gold_5217xeon_gold_6230nxeon_gold_6143xeon_w-3265xeon_gold_5218nxeon_e5-2620_v4xeon_gold_6138txeon_w-3245xeon_gold_5120simatic_ipc627e_firmwarecore_i7-1185g7core_i7-1195g7xeon_e-2124gcore_i7-1165g7xeon_e5-2618l_v3xeon_d-1523nxeon_e5-2608l_v3core_i7-10700texeon_e-2288gxeon_d-1653nxeon_gold_5220xeon_e-2234xeon_d-1577xeon_d-1637xeon_gold_6254xeon_gold_6269yxeon_silver_4114tcore_i7-6700kxeon_gold_6240yxeon_e5-4669_v4aff_biosxeon_gold_6154xeon_w-1250xeon_e5-2640_v4hci_storage_node_biosxeon_gold_6208uxeon_e7-8893_v4xeon_w-1290exeon_e5-1650_v3xeon_w-3275core_i7-11700bxeon_d-1553nxeon_e-2126gxeon_silver_4209txeon_e5-4620_v3xeon_silver_4116xeon_w-1270exeon_d-1633ncore_i7-7820eqxeon_gold_6252nxeon_e7-4820_v4xeon_gold_6244xeon_e5-2695_v3xeon_gold_6248xeon_e3-1220_v6xeon_w-1370pxeon_platinum_8280xeon_e-2186mxeon_e5-1660_v3xeon_d-1520simatic_itp1000_firmwarexeon_e-2176mcore_i7-6785rcore_i7-6820hkxeon_platinum_8256xeon_gold_6152core_i7-1060ng7xeon_e5-2623_v3xeon_platinum_8158xeon_e5-2658a_v3xeon_e5-2418l_v3xeon_w-1290pxeon_e-2286gxeon_gold_6222vxeon_platinum_8176xeon_gold_6242xeon_e3-1275_v6xeon_d-1531core_i7-10810uxeon_e3-1575m_v5xeon_e-2278gxeon_e5-2650_v4xeon_platinum_8260yxeon_e3-1505l_v5xeon_platinum_8270xeon_d-1533nxeon_gold_6242rxeon_e3-1245_v6xeon_gold_6128xeon_silver_4215xeon_d-2142itxeon_platinum_8180mcore_i7-8850hxeon_gold_5118xeon_w-2235xeon_e5-2695_v4xeon_gold_6130fsimatic_itp1000xeon_w-11955mcore_i7-6820eqxeon_gold_6134mcore_i9-10900xxeon_platinum_8276xeon_gold_6238txeon_e3-1235l_v5xeon_silver_4214yxeon_e5-2603_v4core_i9-10980xexeon_e5-4628l_v4xeon_e7-8860_v4xeon_w-1350xeon_silver_4106hxeon_gold_6138pcore_i7-8665uexeon_w-1290xeon_platinum_8176fxeon_d-1524nsolidfire_biosxeon_gold_6240rxeon_w-10885mxeon_w-2275xeon_d-1543nxeon_gold_6226xeon_e-2144gxeon_gold_6256xeon_d-1521xeon_w-1350pxeon_gold_6230rcore_i7-8569uxeon_gold_6252xeon_e5-4640_v3core_i7-1185g7exeon_gold_5218rxeon_gold_6226rxeon_bronze_3206rsimatic_ipc677e_firmwarexeon_e5-1607_v4core_i7-1065g7xeon_platinum_8260lxeon_e5-1428l_v3core_i7-8559uxeon_platinum_8170mxeon_e-2146gxeon_platinum_8180xeon_d-2177ntxeon_e5-2650l_v3xeon_w-2175Intel(R) Processors
CWE ID-CWE-665
Improper Initialization
CVE-2020-0590
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.63%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 17:54
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel CorporationSiemens AG
Product-xeon_platinum_8276lxeon_platinum_8153xeon_silver_4210r_firmwarexeon_platinum_8170_firmwarexeon_platinum_9222xeon_bronze_3104_firmwarexeon_gold_6230txeon_gold_6146xeon_gold_6126f_firmwarexeon_gold_6126txeon_gold_6140_firmwarexeon_platinum_8168_firmwarexeon_silver_4108_firmwarexeon_gold_5115xeon_gold_6238_firmwarexeon_platinum_8170xeon_gold_6136xeon_gold_6138f_firmwarexeon_gold_5217_firmwarexeon_gold_6138xeon_gold_6246simatic_ipc547g_firmwarexeon_platinum_8164xeon_gold_6240_firmwarexeon_gold_6234xeon_silver_4116t_firmwarexeon_gold_6238rxeon_gold_5215xeon_platinum_8268_firmwarexeon_gold_6248_firmwarexeon_gold_6262vxeon_platinum_8168xeon_gold_6244_firmwarexeon_gold_5218xeon_silver_4109txeon_bronze_3206r_firmwarexeon_silver_4215rxeon_gold_5215lxeon_silver_4215_firmwarexeon_gold_5220r_firmwarexeon_gold_5122_firmwarexeon_gold_6138t_firmwarexeon_gold_6138fxeon_silver_4116_firmwarexeon_gold_5122xeon_platinum_8180_firmwarexeon_silver_4210_firmwarexeon_gold_6132_firmwarexeon_gold_6136_firmwarexeon_silver_4210txeon_gold_6212u_firmwarexeon_gold_6212uxeon_gold_6126_firmwarexeon_gold_6240l_firmwarexeon_silver_4114xeon_gold_6248rxeon_gold_6250l_firmwarexeon_silver_4214r_firmwarexeon_platinum_8276_firmwarexeon_gold_6258rxeon_bronze_3104xeon_gold_6240xeon_gold_6238lxeon_gold_6240lxeon_gold_6150_firmwarexeon_gold_6250xeon_platinum_8156xeon_bronze_3106_firmwarexeon_gold_6138_firmwarexeon_gold_5218n_firmwarexeon_gold_5215_firmwarexeon_gold_5220s_firmwaresimatic_ipc527gxeon_platinum_8260y_firmwarexeon_gold_6144_firmwarexeon_gold_6126fxeon_silver_4109t_firmwarexeon_gold_5218tsimatic_ipc847e_firmwarexeon_gold_6240y_firmwaresimatic_ipc527g_firmwarexeon_gold_6150xeon_gold_6242_firmwarexeon_gold_5220rxeon_gold_6140xeon_silver_4114_firmwarexeon_gold_6230_firmwarexeon_platinum_8280l_firmwarexeon_platinum_8160fxeon_gold_6148f_firmwarexeon_gold_6250lxeon_gold_6210uxeon_gold_6126simatic_ipc647exeon_platinum_8158_firmwarexeon_gold_5120_firmwarexeon_silver_4216xeon_silver_4114t_firmwarexeon_gold_6230xeon_platinum_8253xeon_gold_6134_firmwarexeon_gold_6130t_firmwarexeon_gold_5218r_firmwarexeon_gold_6242r_firmwarexeon_gold_6130f_firmwarexeon_silver_4116tclustered_data_ontapxeon_gold_6246r_firmwarexeon_gold_6142fsimatic_ipc627exeon_gold_6238xeon_platinum_8153_firmwarexeon_gold_6126t_firmwarexeon_gold_6130xeon_silver_4214y_firmwarexeon_silver_4208xeon_platinum_8260xeon_platinum_8160t_firmwarexeon_bronze_3204_firmwarexeon_silver_4214_firmwarexeon_gold_5220ssimatic_ipc547gxeon_platinum_9242xeon_platinum_9282xeon_gold_5119t_firmwarexeon_platinum_8280lxeon_silver_4110xeon_gold_6142_firmwarexeon_bronze_3204xeon_platinum_9242_firmwarexeon_platinum_8280_firmwarexeon_gold_6240r_firmwarexeon_gold_5119txeon_silver_4108xeon_gold_6130txeon_silver_4210xeon_platinum_8256_firmwarexeon_gold_6246rcloud_backupxeon_gold_5217xeon_gold_6230nxeon_silver_4215r_firmwarexeon_gold_5218nxeon_gold_6246_firmwarexeon_gold_5222_firmwarexeon_bronze_3106xeon_gold_6138tsimatic_ipc647e_firmwarexeon_gold_6248r_firmwarexeon_platinum_9221_firmwarexeon_gold_6256_firmwarexeon_gold_5120simatic_ipc627e_firmwarexeon_gold_5220xeon_gold_6154_firmwarexeon_platinum_8160txeon_silver_4214rxeon_gold_6254xeon_silver_4209t_firmwarexeon_silver_4114txeon_gold_6240yxeon_platinum_8176_firmwarexeon_gold_6154xeon_gold_6230t_firmwarexeon_gold_5215l_firmwarexeon_silver_4208_firmwarexeon_gold_6208uxeon_platinum_8268xeon_gold_6252n_firmwarexeon_gold_5120t_firmwarexeon_gold_6230n_firmwarexeon_gold_5222xeon_platinum_8270_firmwarexeon_gold_6230r_firmwarexeon_silver_4209txeon_gold_6234_firmwarexeon_silver_4116xeon_gold_6210u_firmwarexeon_gold_6252nxeon_platinum_9221xeon_gold_6244xeon_platinum_8160xeon_gold_5218t_firmwarexeon_gold_6248xeon_gold_5115_firmwarexeon_platinum_8260l_firmwarexeon_gold_6226_firmwarexeon_platinum_8156_firmwaresimatic_ipc847exeon_gold_5118_firmwarexeon_platinum_8280xeon_gold_6152_firmwarexeon_gold_6146_firmwarexeon_platinum_8176f_firmwarexeon_gold_6148fxeon_gold_5218_firmwarexeon_gold_6132xeon_gold_6238t_firmwarexeon_platinum_8256xeon_gold_6152xeon_gold_6238l_firmwarexeon_platinum_8158xeon_gold_5218b_firmwarexeon_gold_6222vxeon_platinum_8176xeon_platinum_8160_firmwarexeon_gold_6242xeon_silver_4112_firmwarexeon_gold_6262v_firmwarexeon_gold_6142xeon_platinum_8260yxeon_platinum_8270xeon_gold_6242rxeon_gold_6148_firmwarexeon_silver_4215xeon_gold_6128xeon_platinum_9222_firmwarexeon_gold_5220t_firmwarexeon_platinum_8253_firmwarexeon_gold_5118xeon_silver_4210t_firmwarexeon_gold_6130fxeon_gold_5220_firmwarexeon_gold_6208u_firmwarexeon_silver_4214xeon_platinum_8276xeon_gold_6142f_firmwarexeon_gold_6250_firmwarexeon_gold_6238txeon_silver_4210rxeon_platinum_8164_firmwarexeon_silver_4214yxeon_gold_5218bxeon_silver_4216_firmwarexeon_gold_6138pxeon_gold_6254_firmwarexeon_gold_6138p_firmwarexeon_platinum_8176fxeon_gold_6240rsimatic_ipc677exeon_gold_6258r_firmwarexeon_gold_6209uxeon_silver_4112xeon_gold_6226xeon_gold_6256xeon_gold_6130_firmwarexeon_gold_6238r_firmwarexeon_gold_5120txeon_gold_6230rxeon_gold_6252xeon_gold_6134xeon_gold_6222v_firmwarexeon_platinum_8160f_firmwarexeon_gold_6226r_firmwarexeon_platinum_8260_firmwarexeon_gold_5218rxeon_gold_6226rxeon_bronze_3206rxeon_gold_6252_firmwaresimatic_ipc677e_firmwarexeon_gold_6148xeon_gold_6209u_firmwarexeon_silver_4110_firmwarefas\/aff_biosxeon_platinum_8260lxeon_gold_6144xeon_platinum_9282_firmwarexeon_platinum_8180xeon_platinum_8276l_firmwarexeon_gold_6128_firmwarexeon_gold_5220tIntel(R) Processors
CWE ID-CWE-20
Improper Input Validation
CVE-2020-0591
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 31.50%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 17:55
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationSiemens AG
Product-xeon_gold_6246rxeon_platinum_8276lxeon_w-2223core_i7-9800xxeon_platinum_9222xeon_w-3245mxeon_gold_5217xeon_gold_6230tcore_i7-6950xxeon_gold_6230ncore_i7-4960xxeon_w-3225xeon_w-3265xeon_gold_5218nxeon_w-3245xeon_d-1527xeon_w-2125core_i9-10940xxeon_d-1523nxeon_d-1540xeon_gold_5220xeon_gold_6246xeon_d-1653ncore_i7-7740xxeon_d-1528xeon_silver_4214rcore_i7-5820kxeon_d-1577xeon_gold_6254xeon_d-1637xeon_w-2295core_i7-3960xxeon_gold_6240yxeon_gold_6234xeon_d-2141ixeon_d-1541core_i7-3940xmxeon_gold_6238rxeon_w-1250xeon_d-1518xeon_w-1250texeon_w-2255xeon_gold_6208ucore_i7-4940mxxeon_platinum_8268xeon_gold_5215xeon_w-1290exeon_d-2143itxeon_gold_6262vcore_i7-4930kxeon_d-2163itcore_i9-7920xxeon_gold_5222xeon_w-3275xeon_gold_5218simatic_cpu_1518-4xeon_d-1553nxeon_w-1270xeon_silver_4209txeon_d-1567simatic_cpu_1518f-4_firmwarexeon_w-1270exeon_d-1633nxeon_gold_5215lxeon_silver_4215rxeon_gold_6252nxeon_d-1548core_i7-4820kxeon_d-1649nxeon_d-1529xeon_platinum_9221xeon_w-2245xeon_gold_6244xeon_silver_4210tcore_i9-7960xcore_i7-7820xxeon_gold_6248xeon_gold_6212uxeon_w-1270tecore_i9-7980xexeon_platinum_8280xeon_gold_6248rcore_i7-6900kcore_i9-9940xxeon_gold_6258rxeon_d-1520xeon_w-1290txeon_d-1571xeon_gold_6240xeon_gold_6238lxeon_gold_6240lxeon_gold_6250biosxeon_platinum_8256core_i9-9820xxeon_d-2173itxeon_w-2155core_i9-9900xxeon_d-2123itxeon_w-1290pxeon_w-3265mxeon_w-2135xeon_gold_6222vxeon_d-1627core_i7-3930kxeon_gold_6242xeon_w-2265xeon_d-1623nxeon_w-2145xeon_d-1531xeon_d-1602xeon_w-10855mxeon_platinum_8260yxeon_platinum_8270xeon_d-1539xeon_d-1533nxeon_gold_6242rxeon_gold_5218txeon_silver_4215core_i9-9980xexeon_d-2142itxeon_w-2235xeon_gold_5220rcore_i7-6800kxeon_d-2146ntcore_i9-10900xxeon_silver_4214xeon_platinum_8276xeon_gold_6238txeon_w-1270pxeon_silver_4210rxeon_gold_6250lxeon_d-2161ixeon_silver_4214yxeon_gold_6210ucore_i9-10920xcore_i9-10980xexeon_d-2187ntxeon_gold_5218bcore_i7-6850kcore_i7-3970xcore_i9-7940xcore_i9-9960xxeon_d-2166ntxeon_w-1250exeon_w-1290core_i7-3920xmxeon_silver_4216xeon_gold_6230xeon_platinum_8253xeon_gold_6240rxeon_w-10885mxeon_w-2195simatic_cpu_1518-4_firmwarexeon_d-2183itxeon_d-1513nxeon_d-1537xeon_w-2275xeon_d-1622xeon_w-1290tecore_i5-7640xcore_i9-7900xxeon_d-1543nxeon_gold_6209uxeon_w-3223xeon_gold_6226xeon_d-1559xeon_gold_6256xeon_d-1521core_i7-5960xxeon_d-2145ntxeon_gold_6230rxeon_w-3175xxeon_gold_6238xeon_gold_6252xeon_w-1250pcore_i7-7800xcore_i9-9920xcore_i7-4930mxxeon_w-3235xeon_silver_4208core_i7-5930kxeon_gold_5218rxeon_gold_6226rxeon_bronze_3206rxeon_w-2225xeon_w-2123xeon_gold_5220sxeon_w-2133xeon_w-3275mxeon_platinum_9242xeon_platinum_9282core_i7-3820xeon_d-1557xeon_platinum_8260lxeon_platinum_8280lxeon_bronze_3204simatic_cpu_1518f-4xeon_d-2177ntxeon_w-2175xeon_gold_5220txeon_silver_4210Intel(R) Processors
CVE-2019-5317
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 17.43%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 15:48
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-scalance_w1750d_firmwareinstantscalance_w1750dAruba Instant Access Points
CWE ID-CWE-287
Improper Authentication
CVE-2011-4515
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 16.82%
||
7 Day CHG~0.00%
Published-21 Mar, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.

Action-Not Available
Vendor-n/aSiemens AG
Product-wincc_tia_portaln/a
CVE-2016-8566
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database.

Action-Not Available
Vendor-n/aSiemens AG
Product-sicam_pas\/pqsSiemens SICAM PAS before 8.00
CVE-2021-31338
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-19 Aug, 2021 | 10:00
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connectSINEMA Remote Connect Client
CWE ID-CWE-15
External Control of System or Configuration Setting
CVE-2016-6486
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.05%
||
7 Day CHG~0.00%
Published-08 Aug, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aSiemens AG
Product-sinema_servern/a
CVE-2019-13945
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 35.41%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 13:19
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-200_smart_cpu_st40_firmwaresimatic_s7-200_smart_cpu_sr30simatic_s7-200_smart_cpu_st30simatic_s7-1200simatic_s7-200_smart_cpu_cr20ssimatic_s7-200_smart_cpu_cr30s_firmwaresimatic_s7-200_smart_cpu_st60simatic_s7-200_smart_cpu_st20_firmwaresimatic_s7-200_smart_cpu_sr40_firmwaresimatic_s7-200_smart_cpu_sr40simatic_s7-200_smart_cpu_st30_firmwares7-200_smartsimatic_s7-200_smart_cpu_st20simatic_s7-200_smart_cpu_cr60simatic_s7-1200_firmwaresimatic_s7-200_smart_cpu_sr20_firmwaresimatic_s7-200_smart_cpu_sr60_firmwares7-200_smart_firmwaresimatic_s7-200_smart_cpu_cr20s_firmwaresimatic_s7-200_smart_cpu_sr20simatic_s7-200_smart_cpu_cr60ssimatic_s7-200_smart_cpu_sr30_firmwaresimatic_s7-200_smart_cpu_sr60simatic_s7-200_smart_cpu_st60_firmwaresimatic_s7-200_smart_cpu_st40simatic_s7-200_smart_cpu_cr60_firmwaresimatic_s7-200_smart_cpu_cr40_firmwaresimatic_s7-200_smart_cpu_cr40s_firmwaresimatic_s7-200_smart_cpu_cr40ssimatic_s7-200_smart_cpu_cr60s_firmwaresimatic_s7-200_smart_cpu_cr40simatic_s7-200_smart_cpu_cr30sSIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)SIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)SIMATIC S7-200 SMART CPU familySIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants)SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2019-10928
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.6||MEDIUM
EPSS-0.13% / 33.51%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 18:55
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_sc-600scalance_sc-600_firmwareSCALANCE SC-600
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2020-7586
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.39%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 16:23
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.

Action-Not Available
Vendor-Siemens AG
Product-simatic_step_7simatic_pcs_7sinamics_startersimatic_process_device_managerSIMATIC STEP 7 V5.XSIMATIC PCS 7 V8.2 and earlierSINAMICS STARTER (containing STEP 7 OEM version)SIMATIC PCS 7 V9.0SIMATIC PDM
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27000
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27005
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.03%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 15:38
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7583
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-14 Aug, 2020 | 15:24
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing.

Action-Not Available
Vendor-Siemens AG
Product-automation_license_managerAutomation License Manager 5Automation License Manager 6
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-30208
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.2||MEDIUM
EPSS-0.03% / 7.57%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-02 Aug, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The "DBTest" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC RTLS Locating Managersimatic_rtls_locating_manager
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-50236
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.23%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-07 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Siemens AG
Product-polarion_almPolarion ALM
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-40572
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 1.62%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to access sensitive information stored on the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_lpe9403scalance_lpe9403_firmwareSCALANCE LPE9403
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-31894
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions < V9.1 SP2), SIMATIC PDM (All versions < V9.2 SP2), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.

Action-Not Available
Vendor-Siemens AG
Product-simatic_step_7simatic_pdmsimatic_pcs_7sinamics_startersimatic_pcs_7_firmwaresimatic_step_7_firmwaresinamics_starter_firmwaresimatic_pdm_firmwareSIMATIC STEP 7 V5.XSIMATIC PCS 7 V9.XSIMATIC PCS 7 V8.2 and earlierSINAMICS STARTER (containing STEP 7 OEM version)SIMATIC PDM
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-11454
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-07 Aug, 2018 | 15:00
Updated-16 Sep, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_wincc_\(tia_portal\)simatic_step_7_\(tia_portal\)SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-44120
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.06%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:59
Updated-14 Nov, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access.

Action-Not Available
Vendor-Siemens AG
Product-spectrum_power_7Spectrum Power 7
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-38557
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.02% / 2.37%
||
7 Day CHG~0.00%
Published-14 Sep, 2023 | 10:39
Updated-27 Feb, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Action-Not Available
Vendor-Siemens AG
Product-spectrum_power_7Spectrum Power 7
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-22921
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.71% / 71.20%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 10:22
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Siemens AGMicrosoft Corporation
Product-sinec_infrastructure_network_serviceswindowsnode.jsNode
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-43517
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges.

Action-Not Available
Vendor-Siemens AG
Product-star-ccm\+Simcenter STAR-CCM+
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2025-40574
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.81%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service.

Action-Not Available
Vendor-Siemens AG
Product-scalance_lpe9403scalance_lpe9403_firmwareSCALANCE LPE9403
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found