Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-11466

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-12 Dec, 2018 | 16:00
Updated At-05 Aug, 2024 | 08:10
Rejected At-
Credits

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:12 Dec, 2018 | 16:00
Updated At:05 Aug, 2024 | 08:10
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known

Affected Products
Vendor
Siemens AGSiemens AG
Product
SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
Versions
Affected
  • SINUMERIK 808D V4.7 : All versions
  • SINUMERIK 808D V4.8 : All versions
  • SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1
  • SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5
  • SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3
Problem Types
TypeCWE IDDescription
CWECWE-248CWE-248: Uncaught Exception
Type: CWE
CWE ID: CWE-248
Description: CWE-248: Uncaught Exception
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/106185
vdb-entry
x_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/106185
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/106185
vdb-entry
x_refsource_BID
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/106185
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:12 Dec, 2018 | 16:29
Updated At:09 Oct, 2019 | 23:33

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). Specially crafted network packets sent to port 102/tcp (ISO-TSAP) could allow a remote attacker to either cause a Denial-of-Service condition of the integrated software firewall or allow to execute code in the context of the software firewall. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 102/tcp. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Siemens AG
siemens
>>sinumerik_808d_v4.7_firmware>>*
cpe:2.3:o:siemens:sinumerik_808d_v4.7_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_808d_v4.7>>-
cpe:2.3:h:siemens:sinumerik_808d_v4.7:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_808d_v4.8_firmware>>*
cpe:2.3:o:siemens:sinumerik_808d_v4.8_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_808d_v4.8>>-
cpe:2.3:h:siemens:sinumerik_808d_v4.8:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_840d_sl_v4.7_firmware>>Versions up to 4.7(inclusive)
cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_840d_sl_v4.7>>-
cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_840d_sl_v4.8_firmware>>Versions up to 4.8(inclusive)
cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_840d_sl_v4.8>>-
cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_828d_v4.7_firmware>>Versions up to 4.7(inclusive)
cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sinumerik_828d_v4.7>>-
cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-248Secondaryproductcert@siemens.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-248
Type: Secondary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/106185productcert@siemens.com
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdfproductcert@siemens.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/106185
Source: productcert@siemens.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf
Source: productcert@siemens.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

132Records found
CVE-2021-27384
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.43% / 80.72%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsinamics_gm150simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_sm150isinamics_gl150_firmwaresinamics_gl150simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_gm150_firmwaresinamics_sm150simatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_gh150simatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_gh150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsinamics_sh150sinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_comfort_panels_4\"sinamics_sl150_firmwaresinamics_sm150i_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsinamics_sm120_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SINAMICS SM150iSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SINAMICS GH150SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SINAMICS GL150 (with option X30)SINAMICS SH150SIMATIC WinCC Runtime Advanced V15SINAMICS SL150SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SINAMICS SM120SINAMICS SM150
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2021-27389
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.23%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.

Action-Not Available
Vendor-Siemens AG
Product-opcenter_qualityqms_automotiveQMS AutomotiveOpcenter Quality
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2021-25669
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.71% / 82.40%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x212-2ldscalance_x201-3p_irtscalance_xf204_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x204_irtscalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x212-2scalance_x202-2_irtscalance_x204-2ts_firmwarescalance_x208proscalance_xf204_firmwarescalance_x216_firmwarescalance_xf204-2ba_irtscalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf202-2p_irt_firmwarescalance_xf208_firmwarescalance_x208_firmwarescalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204_irt_pro_firmwarescalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_x202-2_irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_xf204scalance_x206-1ldscalance_x208pro_firmwarescalance_x224_firmwarescalance_xf204_irt_firmwareSCALANCE XF208SCALANCE X206-1LDSCALANCE X202-2P IRT PROSCALANCE XF204-2BA IRTSCALANCE X201-3P IRTSCALANCE X204-2FMSCALANCE X212-2 (incl. SIPLUS NET variant)SCALANCE X204-2TSSCALANCE X204-2LD TSSCALANCE X206-1SCALANCE XF204SCALANCE XF204-2 (incl. SIPLUS NET variant)SCALANCE X204-2 (incl. SIPLUS NET variant)SCALANCE X204 IRT PROSCALANCE X224SCALANCE X204-2LD (incl. SIPLUS NET variant)SCALANCE X208PROSCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE X200-4P IRTSCALANCE XF206-1SCALANCE XF201-3P IRTSCALANCE XF204 IRTSCALANCE XF202-2P IRTSCALANCE X208 (incl. SIPLUS NET variant)SCALANCE X202-2P IRT (incl. SIPLUS NET variant)SCALANCE X202-2 IRTSCALANCE X204 IRT
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-11462
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-10.54% / 93.29%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_808d_v4.7_firmwaresinumerik_828d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8sinumerik_828d_v4.7sinumerik_840d_sl_v4.8_firmwaresinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-264
Not Available
CVE-2021-25668
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.28% / 79.64%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x212-2ldscalance_x201-3p_irtscalance_xf204_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x204_irtscalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x212-2scalance_x202-2_irtscalance_x204-2ts_firmwarescalance_x208proscalance_xf204_firmwarescalance_x216_firmwarescalance_xf204-2ba_irtscalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf202-2p_irt_firmwarescalance_xf208_firmwarescalance_x208_firmwarescalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204_irt_pro_firmwarescalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_x202-2_irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_xf204scalance_x206-1ldscalance_x208pro_firmwarescalance_x224_firmwarescalance_xf204_irt_firmwareSCALANCE XF208SCALANCE X206-1LDSCALANCE X202-2P IRT PROSCALANCE XF204-2BA IRTSCALANCE X201-3P IRTSCALANCE X204-2FMSCALANCE X212-2 (incl. SIPLUS NET variant)SCALANCE X204-2TSSCALANCE X204-2LD TSSCALANCE X206-1SCALANCE XF204SCALANCE XF204-2 (incl. SIPLUS NET variant)SCALANCE X204-2 (incl. SIPLUS NET variant)SCALANCE X204 IRT PROSCALANCE X224SCALANCE X204-2LD (incl. SIPLUS NET variant)SCALANCE X208PROSCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE X200-4P IRTSCALANCE XF206-1SCALANCE XF201-3P IRTSCALANCE XF204 IRTSCALANCE XF202-2P IRTSCALANCE X208 (incl. SIPLUS NET variant)SCALANCE X202-2P IRT (incl. SIPLUS NET variant)SCALANCE X202-2 IRTSCALANCE X204 IRT
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25149
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 72.27%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 23:58
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-scalance_w1750d_firmwareinstantscalance_w1750dAruba Instant Access Points
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-22930
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 55.37%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 00:00
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)NetApp, Inc.Siemens AGDebian GNU/Linux
Product-sinec_infrastructure_network_servicesnextgen_apidebian_linuxnode.jsNode
CWE ID-CWE-416
Use After Free
CVE-2021-22931
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-0.66% / 71.19%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 00:00
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

Action-Not Available
Vendor-Oracle CorporationNode.js (OpenJS Foundation)NetApp, Inc.Siemens AG
Product-sinec_infrastructure_network_servicespeoplesoft_enterprise_peopletoolsgraalvmmysql_clusternextgen_apiactive_iq_unified_manageroncommand_workflow_automationsnapcenternode.jsoncommand_insightNode
CWE ID-CWE-170
Improper Null Termination
CWE ID-CWE-20
Improper Input Validation
CVE-2016-20009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 61.77%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 21:39
Updated-06 Aug, 2024 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-windrivern/aSiemens AG
Product-sgt-400sgt-a65_firmwaresgt-100sgt-300_firmwarevxworkssgt-200_firmwaresgt-400_firmwaresgt-a20sgt-100_firmwaresgt-200sgt-300sgt-a35sgt-a65sgt-a35_firmwaresgt-a20_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7593
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-17.29% / 95.05%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 13:18
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-logo\!_8_bmlogo\!_8_bm_firmwareLOGO! 8 BM (incl. SIPLUS variants)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-6869
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.47% / 80.99%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.

Action-Not Available
Vendor-n/aSiemens AG
Product-viewport_for_web_office_portalViewPort for Web Office Portal before revision number 1453
CWE ID-CWE-287
Improper Authentication
CVE-2014-1697
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.51% / 89.15%
||
7 Day CHG~0.00%
Published-07 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_wincc_open_architecturen/a
CVE-2018-13816
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-2.92% / 86.40%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-tim_1531_irc_firmwaretim_1531_ircTIM 1531 IRC
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2019-8271
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-4.00% / 88.44%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-1915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.96% / 89.69%
||
7 Day CHG~0.00%
Published-10 Apr, 2007 | 23:00
Updated-07 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.

Action-Not Available
Vendor-n/aMicrosoft CorporationSAP SEApple Inc.Siemens AGIBM CorporationHP Inc.Linux Kernel Organization, Inc
Product-os_400windows_serverlinux_kernelracfhp-uxtru64reliant_unixmacosrfc_libraryaixn/a
CVE-2021-31895
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.1||HIGH
EPSS-1.16% / 78.62%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-14 Oct, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_ros_rs900ruggedcom_ros_m2100ruggedcom_rst916pruggedcom_ros_rs900lruggedcom_ros_rs910wruggedcom_ros_rs969ruggedcom_i802ruggedcom_ros_rs920lruggedcom_rsg2300pruggedcom_ros_rs910lruggedcom_rs910lruggedcom_rmc30ruggedcom_ros_rmc30ruggedcom_rs900wruggedcom_ros_rsg2200ruggedcom_ros_rsg900rruggedcom_rs8000truggedcom_rs940gruggedcom_ros_i803ruggedcom_m969ruggedcom_rs930lruggedcom_ros_m2200ruggedcom_rsg2100ruggedcom_ros_rsg2288ruggedcom_rsg2100pruggedcom_ros_rmcruggedcom_rsg900gruggedcom_rs8000ruggedcom_rs910wruggedcom_ros_rsg900ruggedcom_ros_rsl910ruggedcom_ros_rs416ruggedcom_ros_rs930wruggedcom_ros_m969ruggedcom_ros_rsg2300pruggedcom_i803ruggedcom_ros_rsg900gruggedcom_ros_rsg920pruggedcom_rsg900rruggedcom_ros_rp110ruggedcom_rs401ruggedcom_rs900ruggedcom_ros_rmc8388ruggedcom_ros_rs900gruggedcom_rmc41ruggedcom_rs900gruggedcom_rs910ruggedcom_ros_rsg2100ruggedcom_rsg920pruggedcom_rp110ruggedcom_ros_rmc41ruggedcom_ros_rsg2300ruggedcom_ros_i802ruggedcom_rs416ruggedcom_ros_rst916cruggedcom_rs8000hruggedcom_rs920lruggedcom_ros_rst916pruggedcom_rmc8388ruggedcom_ros_rs416v2ruggedcom_ros_rs8000ruggedcom_ros_rs8000aruggedcom_ros_rst2228ruggedcom_rs400ruggedcom_ros_rs900wruggedcom_ros_rs930lruggedcom_ros_rs940gruggedcom_rs969ruggedcom_m2100ruggedcom_ros_i800ruggedcom_rsg2288ruggedcom_rsg900ruggedcom_m2200ruggedcom_ros_rs920wruggedcom_ros_rs401ruggedcom_ros_rs910ruggedcom_rsg2300ruggedcom_rsg2488ruggedcom_rsg900cruggedcom_ros_rsg900cruggedcom_rsg2200ruggedcom_rmc20ruggedcom_rs416v2ruggedcom_ros_rsg2488ruggedcom_ros_rsg2100pruggedcom_rmc40ruggedcom_rs930wruggedcom_rs920wruggedcom_rs900lruggedcom_ros_rs8000truggedcom_rmcruggedcom_rs900gpruggedcom_ros_rs400ruggedcom_rs8000aruggedcom_ros_rmc40ruggedcom_ros_rs900gpruggedcom_ros_rs8000hruggedcom_ros_rmc20ruggedcom_i801ruggedcom_rst2228ruggedcom_ros_i801ruggedcom_rsl910ruggedcom_i800ruggedcom_rst916cRUGGEDCOM RST916PRUGGEDCOM RSG2488 V4.XRUGGEDCOM RS969RUGGEDCOM RS900GRUGGEDCOM i801RUGGEDCOM RSG920P V5.XRUGGEDCOM RS930LRUGGEDCOM RS1600TRUGGEDCOM RS401RUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RSG920P V4.XRUGGEDCOM RS920LRUGGEDCOM M2200RUGGEDCOM RSG910CRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RSG2100PRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS8000TRUGGEDCOM RS8000HRUGGEDCOM RS900 (32M) V4.XRUGGEDCOM M2100RUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RSG2300 V5.XRUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RMC8388 V5.XRUGGEDCOM RS400RUGGEDCOM RS910LRUGGEDCOM RSG907RRUGGEDCOM RSL910RUGGEDCOM RS900GPRUGGEDCOM RST916CRUGGEDCOM RSG2200RUGGEDCOM RSG2488 V5.XRUGGEDCOM RS940GRUGGEDCOM RMC8388 V4.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RS910WRUGGEDCOM RS910RUGGEDCOM RS1600FRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM RSG2100RUGGEDCOM RMC30RUGGEDCOM RSG2288 V5.XRUGGEDCOM RSG2300P V4.XRUGGEDCOM RSG908CRUGGEDCOM RS416v2 V4.XRUGGEDCOM i800RUGGEDCOM RSG909RRUGGEDCOM i802RUGGEDCOM RP110RUGGEDCOM RS1600RUGGEDCOM RS416PRUGGEDCOM RST2228PRUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RS8000ARUGGEDCOM RS416v2 V5.XRUGGEDCOM RS920WRUGGEDCOM M969RUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RST2228RUGGEDCOM RS416RUGGEDCOM RS930WRUGGEDCOM RSG2300P V5.XRUGGEDCOM i803RUGGEDCOM RS900W
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2005-2424
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.64% / 81.99%
||
7 Day CHG~0.00%
Published-03 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze.

Action-Not Available
Vendor-n/aSiemens AG
Product-santis_50n/a
CVE-2019-6580
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 59.48%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:47
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a). An attacker with network access to port 80/TCP could change device properties without authorization. No user interaction is required to exploit this security vulnerability. Successful exploitation compromises confidentiality, integrity and availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-siveillance_video_management_software_2017_r2siveillance_video_management_software_2019_r1siveillance_video_management_software_2018_r2siveillance_video_management_software_2018_r1siveillance_video_management_software_2018_r3Siveillance VMS 2018 R3Siveillance VMS 2018 R1Siveillance VMS 2019 R1Siveillance VMS 2017 R2Siveillance VMS 2018 R2
CWE ID-CWE-862
Missing Authorization
CVE-2013-3958
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 62.20%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_pcs7winccn/a
CVE-2013-3957
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.58%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_pcs7winccn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-3634
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.93%
||
7 Day CHG~0.00%
Published-24 May, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials.

Action-Not Available
Vendor-n/aSiemens AG
Product-scalance_x204irtscalance_x200-4p_irtscalance_x202-2p_irtscalance_x202-2irtscalance_x200irt_firmwarescalance_xf204irtscalance_x201-3p_irtn/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0017
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.84%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Action-Not Available
Vendor-washington_universityscon/aSiemens AGIBM CorporationNetBSDFreeBSD FoundationGNUSun Microsystems (Oracle Corporation)The MITRE Corporation (Caldera)
Product-openserversunosopenlinuxreliant_unixwu-ftpdinetfreebsdaixunixwarenetbsdopen_desktopn/a
CVE-2020-27304
Matching Score-8
Assigner-JFrog
ShareView Details
Matching Score-8
Assigner-JFrog
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.98%
||
7 Day CHG~0.00%
Published-21 Oct, 2021 | 15:42
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal

Action-Not Available
Vendor-civetweb_projectcivetweb_projectSiemens AG
Product-sinec_infrastructure_network_servicescivetwebcivetweb
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-3020
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.29%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session.

Action-Not Available
Vendor-n/aSiemens AG
Product-synco_ozw_web_serversynco_ozw_web_server_firmwaren/a
CVE-2022-29873
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-2.95% / 86.48%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:47
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-7kg8551-0aa12-0aa0_firmware7kg8550-0aa10-2aa07kg8501-0aa31-2aa07kg8500-0aa30-2aa07kg8551-0aa32-2aa07kg8551-0aa01-0aa0_firmware7kg8551-0aa12-2aa0_firmware7kg8550-0aa30-2aa07kg8501-0aa32-0aa07kg8551-0aa02-0aa07kg8501-0aa31-0aa07kg8501-0aa12-0aa0_firmware7kg8500-0aa30-0aa0_firmware7kg8501-0aa01-2aa0_firmware7kg8551-0aa12-0aa07kg8501-0aa02-0aa0_firmware7kg8551-0aa31-2aa0_firmware7kg8551-0aa32-0aa07kg8551-0aa02-2aa0_firmware7kg8501-0aa11-0aa07kg8551-0aa01-2aa07kg8500-0aa00-2aa07kg8551-0aa31-0aa0_firmware7kg8501-0aa01-0aa0_firmware7kg8551-0aa11-2aa0_firmware7kg8500-0aa30-0aa07kg8501-0aa11-0aa0_firmware7kg8500-0aa10-0aa07kg8550-0aa00-0aa07kg8500-0aa00-2aa0_firmware7kg8501-0aa32-2aa07kg8500-0aa00-0aa0_firmware7kg8501-0aa31-2aa0_firmware7kg8550-0aa30-2aa0_firmware7kg8551-0aa02-0aa0_firmware7kg8550-0aa00-2aa0_firmware7kg8501-0aa12-2aa07kg8551-0aa11-0aa07kg8501-0aa12-2aa0_firmware7kg8550-0aa30-0aa07kg8501-0aa11-2aa0_firmware7kg8501-0aa02-0aa07kg8551-0aa31-2aa07kg8551-0aa31-0aa07kg8500-0aa10-0aa0_firmware7kg8551-0aa12-2aa07kg8551-0aa11-2aa07kg8501-0aa11-2aa07kg8501-0aa32-2aa0_firmware7kg8500-0aa00-0aa07kg8551-0aa01-2aa0_firmware7kg8551-0aa32-2aa0_firmware7kg8550-0aa00-2aa07kg8550-0aa30-0aa0_firmware7kg8500-0aa30-2aa0_firmware7kg8551-0aa01-0aa07kg8550-0aa10-0aa07kg8500-0aa10-2aa07kg8501-0aa12-0aa07kg8550-0aa00-0aa0_firmware7kg8500-0aa10-2aa0_firmware7kg8501-0aa02-2aa07kg8551-0aa11-0aa0_firmware7kg8550-0aa10-0aa0_firmware7kg8551-0aa02-2aa07kg8551-0aa32-0aa0_firmware7kg8501-0aa01-2aa07kg8501-0aa02-2aa0_firmware7kg8501-0aa32-0aa0_firmware7kg8501-0aa31-0aa0_firmware7kg8501-0aa01-0aa07kg8550-0aa10-2aa0_firmwareSICAM T
CWE ID-CWE-141
Improper Neutralization of Parameter/Argument Delimiters
CVE-2019-18293
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.55% / 85.52%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15782
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.55%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 16:10
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

Action-Not Available
Vendor-Siemens AG
Product-s7-1200_cpu_firmware6es7515-2fm01-0ab06es7516-3an02-0ab06es7515-2rm00-0ab06es7515-2am02-0ab06es7512-1ck00-0ab06es7513-1fl02-0ab06es7516-3fn02-0ab0cpu_1214csimatic_driver_controller_firmwarecpu_1212fc6es7512-1dk01-0ab06es7517-3up00-0ab0cpu_1515sp_pc6es7513-1rl00-0ab06es7517-3fp00-0ab0cpu_1211c6es7512-1ck01-0ab06es7511-1uk01-0ab06es7515-2fm02-0ab06es7511-1fk02-0ab06es7515-2um01-0ab0cpu_1507d_tf6es7511-1ak02-0ab06es7513-1al02-0ab0cpu_1217c6es7513-2gl00-0ab0et_200sp_open_controller_firmwarecpu_1215fc6es7510-1sj01-0ab0cpu_1214fc6es7516-3an01-0ab06es7518-4fp00-0ab06es7518-4fp00-3ab0simatic_s7-1500__software_controller6es7511-1fk01-0ab06es7515-2tm01-0ab06es7511-1ak01-0ab06es7513-2pl00-0ab0cpu_1215c6es7518-4ap00-0ab06es7516-3tn00-0ab06es7517-3ap00-0ab06es7517-3hp00-0ab06es7512-1sk01-0ab06es7518-4ap00-3ab0cpu_1515sp_pc26es7515-2am01-0ab0cpu_1504d_tf6es7511-1ck00-0ab06es7511-1tk01-0ab06es7513-1al01-0ab06es7510-1dj01-0ab06es7513-1fl01-0ab06es7516-3fn01-0ab0cpu_1212c6es7517-3tp00-0ab06es7516-3un00-0ab06es7511-1ck01-0ab0simatic_s7-plcsim_advanced6es7516-2gn00-0ab0s7-1500_cpu_firmware6es7516-2pn00-0ab0SINUMERIK ONESIMATIC S7-1500 Software ControllerSINAMICS PERFECT HARMONY GH180 DrivesSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC Drive Controller familySIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SINUMERIK MCSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIMATIC S7-PLCSIM Advanced
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8274
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-4.00% / 88.44%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18922
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.78% / 89.48%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 11:00
Updated-05 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

Action-Not Available
Vendor-libvncserver_projectn/aSiemens AGCanonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaresimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwarefedorasimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11656
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.08% / 90.78%
||
7 Day CHG+1.51%
Published-09 Apr, 2020 | 02:49
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationTenable, Inc.Siemens AG
Product-sinec_infrastructure_network_servicescommunications_messaging_serverontap_select_deploy_administration_utilitysqlitecommunications_network_charging_and_controlzfs_storage_appliance_kitoutside_in_technologytenable.schyperion_infrastructure_technologymysql_workbenchenterprise_manager_ops_centermysqln/a
CWE ID-CWE-416
Use After Free
CVE-2020-10042
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 79.73%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 13:18
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.

Action-Not Available
Vendor-Siemens AG
Product-sicam_t_firmwaresicam_mmusicam_sgu_firmwaresicam_mmu_firmwaresicam_sgusicam_tSICAM TSICAM MMUSICAM SGU
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-10038
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.24%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 13:18
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the device's web server might be able to execute administrative commands without authentication.

Action-Not Available
Vendor-Siemens AG
Product-sicam_t_firmwaresicam_mmusicam_sgu_firmwaresicam_mmu_firmwaresicam_sgusicam_tSICAM TSICAM MMUSICAM SGU
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-8272
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-1.40% / 80.48%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-193
Off-by-one Error
CVE-2019-8273
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-4.00% / 88.44%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8268
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-1.40% / 80.48%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-193
Off-by-one Error
CVE-2019-8275
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-4.33% / 88.93%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-170
Improper Null Termination
CVE-2019-8262
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-5.40% / 90.15%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 15:00
Updated-16 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.

Action-Not Available
Vendor-uvncUltraVNCSiemens AG
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8258
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-4.00% / 88.44%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 15:00
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

Action-Not Available
Vendor-uvncUltraVNCSiemens AG
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6579
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.33% / 79.94%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:40
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-spectrum_power_4Spectrum Power™ 4
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-3822
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-16.57% / 94.93%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 20:00
Updated-15 Apr, 2026 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxCanonical Ltd.NetApp, Inc.Red Hat, Inc.Siemens AGCURL
Product-libcurlubuntu_linuxcommunications_operations_monitoroncommand_insightenterprise_linuxactive_iq_unified_managerservices_tools_bundleoncommand_workflow_automationsnapcenterhttp_serverclustered_data_ontapdebian_linuxsecure_global_desktopsinema_remote_connect_cliententerprise_manager_ops_centermysql_servercurl
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.03%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 18:06
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-19317
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 76.87%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 13:53
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationSiemens AG
Product-sinec_infrastructure_network_servicescloud_backupsqliteontap_select_deploy_administration_utilitymysql_workbenchn/a
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2017-14491
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-57.79% / 98.18%
||
7 Day CHG-4.86%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Action-Not Available
Vendor-thekelleysn/aHuawei Technologies Co., Ltd.Debian GNU/LinuxSUSERed Hat, Inc.Aruba NetworksSynology, Inc.NVIDIA CorporationArista Networks, Inc.Canonical Ltd.openSUSEMicrosoft CorporationSiemens AG
Product-enterprise_linux_desktopruggedcom_rm1224_firmwarescalance_w1750d_firmwarescalance_s615enterprise_linux_workstationlinux_for_tegradnsmasqlinux_enterprise_serverleaprouter_managerlinux_enterprise_point_of_salearubaosenterprise_linux_serverdebian_linuxjetson_tk1scalance_s615_firmwaregeforce_experiencelinux_enterprise_debuginfoeosscalance_m-800diskstation_managerhonor_v9_play_firmwarejetson_tx1scalance_w1750druggedcom_rm1224ubuntu_linuxhonor_v9_playscalance_m-800_firmwarewindowsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13918
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 65.10%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 16:38
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CWE ID-CWE-521
Weak Password Requirements
CVE-2019-12256
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.84% / 94.31%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 17:57
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

Action-Not Available
Vendor-windriverbeldenn/aNetApp, Inc.Siemens AGSonicWall Inc.
Product-power_meter_9810_firmwarehirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018power_meter_9410_firmwarehirschmann_grs1042siprotec_5_firmwareruggedcom_win7000ruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwaree-series_santricity_os_controllervxworkshirschmann_msp40hirschmann_octopus_os3hirschmann_rsp30hirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25power_meter_9410power_meter_9810ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-2031
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.97% / 76.72%
||
7 Day CHG-0.34%
Published-31 Jan, 2020 | 19:33
Updated-05 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-aruba_instantairwavearubaosscalance_w1750d_firmwarescalance_w1750dn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-31.03% / 96.75%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

Action-Not Available
Vendor-ntpn/aNetApp, Inc.Siemens AGCitrix (Cloud Software Group, Inc.)
Product-oncommand_unified_manageroncommand_performance_managertim_4r-ie_dnp3_firmwareclustered_data_ontaptim_4r-ie_dnp3xenservertim_4r-ie_firmwaretim_4r-ientpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9944
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.60% / 85.65%
||
7 Day CHG~0.00%
Published-26 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.

Action-Not Available
Vendor-n/aSiemens AG
Product-7kt_pac1200_data_manager_firmware7kt_pac1200_data_managerSiemens 7KT PAC1200 data manager (7KT1260) All versions < V2.03
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2022-32262
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-2.15% / 84.27%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:22
Updated-21 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-32260
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.43%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:22
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-286
Incorrect User Management
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found