Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-25678

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-22 Apr, 2021 | 20:42
Updated At-03 Aug, 2024 | 20:11
Rejected At-
Credits

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:22 Apr, 2021 | 20:42
Updated At:03 Aug, 2024 | 20:11
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)

Affected Products
Vendor
Siemens AGSiemens
Product
Solid Edge SE2020
Versions
Affected
  • All versions < SE2020MP13
Vendor
Siemens AGSiemens
Product
Solid Edge SE2020
Versions
Affected
  • All versions < SE2020MP14
Vendor
Siemens AGSiemens
Product
Solid Edge SE2021
Versions
Affected
  • All Versions < SE2021MP4
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-611/
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Resource:
x_refsource_MISC
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-611/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
x_refsource_MISC
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-21-611/
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-611/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:22 Apr, 2021 | 21:15
Updated At:03 Jun, 2022 | 13:45

A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Siemens AG
siemens
>>solid_edge_se2020>>Versions before se2020mp14(exclusive)
cpe:2.3:a:siemens:solid_edge_se2020:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>solid_edge_se2021>>Versions before se2021mp4(exclusive)
cpe:2.3:a:siemens:solid_edge_se2021:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primaryproductcert@siemens.com
CWE ID: CWE-787
Type: Primary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdfproductcert@siemens.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-611/productcert@siemens.com
Third Party Advisory
VDB Entry
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Source: productcert@siemens.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-611/
Source: productcert@siemens.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

3850Records found
CVE-2023-44086
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.31%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 10:21
Updated-27 Feb, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2302Tecnomatix Plant Simulation V2201
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-44085
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.31%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 10:21
Updated-27 Feb, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2302Tecnomatix Plant Simulation V2201
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-27438
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-4911
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 51.44%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.

Action-Not Available
Vendor-n/aSiemens AG
Product-winccn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-10039
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.1||HIGH
EPSS-0.20% / 42.31%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 13:18
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data.

Action-Not Available
Vendor-Siemens AG
Product-sicam_t_firmwaresicam_mmusicam_sgu_firmwaresicam_mmu_firmwaresicam_sgusicam_tSICAM TSICAM MMUSICAM SGU
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2017-2684
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9||CRITICAL
EPSS-1.71% / 81.59%
||
7 Day CHG~0.00%
Published-22 Feb, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_logonSIMATIC Logon All versions < V1.5 SP3 Update 2
CWE ID-CWE-592
DEPRECATED: Authentication Bypass Issues
CVE-2025-25175
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.60%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 09:07
Updated-19 Aug, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2406Simcenter Femap V2401
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-23397
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-23398
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-23401
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-23402
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 5.56%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-416
Use After Free
CVE-2025-23399
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-11 Mar, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39184
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39186
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-10 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39188
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-39183
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30033
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.02% / 2.37%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:16
Updated-12 Aug, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC PCS 7/OPEN OS V9.1SIMATIC S7-PLCSIM V20SIMATIC PCS 7 Advanced Process Functions V2.2TIA Portal Test Suite V19SIMATIC NET PC Software V17SIMATIC WinCC flexible ESSIMATIC PCS 7 PowerControlSIMATIC WinCC Visualization Architect (SiVArc) V20SIMATIC WinCC Visualization Architect (SiVArc) V18SIMATIC NET PC Software V19SIMATIC PCS 7 V10.0SIMATIC ProSave V20SIMATIC WinCC Runtime Professional V20SIMATIC S7-1500 Software Controller V2SIMATIC Process Historian 2024SIMIT Rapid TesterStandard PID CTRL ToolSIMATIC PCS 7 Basis Faceplates V9.1SIMATIC WinCC TeleControlSIMATIC WinCC Unified PC Runtime V18SIMATIC PDM V9.2SIMATIC S7-PLCSIM AdvancedSIMATIC eaSie Document SkillsSIMATIC WinCC Unified PC Runtime V19SIMATIC MTP CREATOR V3.xSIMATIC S7-PLCSIM V18SIMATIC PCS 7 Standard Chemical Library V9.1SIMATIC PCS neo V6.0SIMATIC Automation ToolSINAMICS Startdrive V19SIMATIC Safety MatrixSIMATIC MTP CREATOR V5.xSIMATIC S7-PCTModular PID CTRL ToolTeleControl Server Basic V3.1Automation License Manager V6.2SIMATIC S7-1500 Software Controller V3OpenPCS 7 V9.1SIMATIC D7-SYSSIMATIC WinCC Visualization Architect (SiVArc) V19SIMATIC NET PC Software V20SIMATIC Process Function Library (PFL) V4.0TIA Portal Test Suite V20SIMATIC ProSave V19SIMATIC WinCC Unified Line CoordinationSIMATIC PCS 7 Industry Library V9.1SIMATIC NET PC Software V18SIMATIC STEP 7 CFC V19SIMIT Simulation PlatformSIMATIC MTP CREATOR V4.xSIMATIC Logon V1.6SINEMA Remote Connect ClientSIMATIC Management AgentSIMATIC WinCC Visualization Architect (SiVArc) V17SIMATIC Route Control V10.0SIMATIC Management ConsoleSIMATIC PCS 7 TeleControlSIMATIC eaSie PCS 7 Skill PackageSINEC NMSAutomation License Manager V6.0SIMATIC S7-Fail-safe Configuration Tool (S7-FCT)SIMATIC PCS 7 Advanced Process Functions V2.1Create MyConfig (CMC)SIMATIC eaSie Workflow SkillsSIMATIC MTP Integrator V1.xSIMATIC PCS 7 Advanced Process Graphics V10.0OpenPCS 7 V10.0SIMATIC PCS 7 Advanced Process Library incl. Faceplates V10.0WinCC Panel Image SetupSIMATIC ODK 1500SSIMATIC ProSave V17SIMATIC MTP CREATOR V2.xSIMATIC STEP 7 V5.7FM Configuration PackageSIMATIC STEP 7 CFC V20TIA Portal Test Suite V17SIMATIC eaSie Core PackageCP PtP Param configuring interfaceSIMATIC PCS 7 V9.1MultiFieldbus Configuration Tool (MFCT)SIMATIC Logon V2.0SIMATIC Process Historian 2020TIA Portal Cloud ConnectorTIA AdministratorSIMATIC NET PC Software V16SIMATIC WinCC Unified SequenceSIMATIC BATCH V10.0SIMATIC Route Control V9.1SIMATIC TargetSIMATIC WinCC V7.5SINAMICS Startdrive V18SIMATIC PCS neo V5.0SIMATIC WinCC V8.1SIMATIC Control Function Library (CFL) V4.0SIMATIC Control Function Library (CFL) V2.0SIMATIC S7-PLCSIM V19SIMATIC Automation Tool SDK WindowsSINAMICS Startdrive V20SIMATIC PCS 7 Basis Library V9.1SIMATIC PCS 7 MPC ConfiguratorSIMATIC S7 F Systems V6.3Energy Support Library (EnSL)SINAMICS Startdrive V17SIMATIC Control Function Library (CFL) V3.0SIMATIC MTP Integrator V2.xSIMATIC PCS 7 Advanced Process Graphics V9.1SIMATIC PDM V9.3SIMATIC ProSave V18SIMATIC Energy Suite V18SIMATIC Control Function Library (CFL) V1.0.0SIMATIC WinCC Unified PC Runtime V20SIMATIC WinCC V8.0TIA Portal Test Suite V18SIMATIC BATCH V9.1SIMATIC Energy Suite V17SIMATIC PCS 7 Advanced Process Faceplates V9.1TIA Project-ServerCEMAT V10.0SIMATIC PCS 7 Industry Library V10.0SIMATIC PCS 7 Advanced Process Library V9.1SIMATIC PCS 7 Standard Chemical Library V10.0SIMATIC PCS 7 Industry Library V9.0SIMATIC WinCC Runtime ProfessionalTIA Project-Server V17SIMATIC S7-PLCSIM V17SIMATIC S7 F Systems V6.4SIMATIC PCS 7 Logic Matrix V9.1Siemens Network Planner (SINETPLAN)SIMATIC WinCC Runtime AdvancedSIMATIC PDM Maintenance Station V5.0SITRANSSIMATIC PCS 7 Basis Library V10.0SIMATIC PCS 7 Logic Matrix V10.0SIMATIC Process Historian 2022SIMATIC Energy Suite V19
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-39185
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge SE2023
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38527
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-27 Feb, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-parasolidteamcenter_visualizationTeamcenter Visualization V14.2Teamcenter Visualization V14.1Parasolid V34.1Teamcenter Visualization V2312Parasolid V35.0Teamcenter Visualization V14.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38529
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-27 Feb, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-parasolidteamcenter_visualizationParasolid V35.1Teamcenter Visualization V14.2Teamcenter Visualization V14.1Parasolid V34.1Teamcenter Visualization V2312Parasolid V35.0Teamcenter Visualization V14.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38524
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-2||LOW
EPSS-0.05% / 15.38%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-27 Feb, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-parasolidteamcenter_visualizationParasolid V35.1Teamcenter Visualization V14.2Teamcenter Visualization V14.1Parasolid V34.1Parasolid V35.0Teamcenter Visualization V14.3
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38531
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-13 Aug, 2024 | 07:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-parasolidteamcenter_visualizationTeamcenter Visualization V2312Parasolid V35.1Parasolid V35.0Teamcenter Visualization V14.1Teamcenter Visualization V14.2Parasolid V34.1Teamcenter Visualization V14.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38526
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-27 Feb, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-parasolidteamcenter_visualizationParasolid V35.1Teamcenter Visualization V14.2Teamcenter Visualization V14.1Parasolid V34.1Parasolid V35.0Teamcenter Visualization V14.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-38074
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)

Action-Not Available
Vendor-Siemens AG
Product-jt2gotecnomatix_plant_simulationteamcenter_visualizationTecnomatix Plant Simulation V2201Teamcenter Visualization V14.1Teamcenter Visualization V14.0Teamcenter Visualization V13.3JT2GoTecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Teamcenter Visualization V14.3
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-38075
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.16%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)

Action-Not Available
Vendor-Siemens AG
Product-jt2gotecnomatix_plant_simulationteamcenter_visualizationTecnomatix Plant Simulation V2201Teamcenter Visualization V14.1Teamcenter Visualization V14.0Teamcenter Visualization V13.3JT2GoTecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Teamcenter Visualization V14.3
CWE ID-CWE-416
Use After Free
CVE-2023-37376
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.30%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-07 Nov, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatixTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-30900
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.35%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 10:21
Updated-27 Feb, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-xpedition_layout_browserXpedition Layout Browser
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2017-2688
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.52%
||
7 Day CHG~0.00%
Published-29 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.

Action-Not Available
Vendor-n/aSiemens AG
Product-ruggedcom_rox_iRUGGEDCOM ROX I All versions
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-30795
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.95%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt_openparasolidjt_utilitiesParasolid V34.0Parasolid V35.1JT UtilitiesParasolid V35.0JT OpenParasolid V34.1
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-30796
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.32%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:20
Updated-11 Oct, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt_utilitiesjt_open_toolkitJT OpenJT Utilities
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-2682
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.10%
||
7 Day CHG~0.00%
Published-27 Feb, 2017 | 11:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.

Action-Not Available
Vendor-n/aSiemens AG
Product-ruggedcom_network_management_softwareRUGGEDCOM NMS All versions < V2.1 (Windows and Linux)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-29053
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.32%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 09:03
Updated-26 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt_open_toolkitjt_utilitiesJT OpenJT Utilities
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-8673
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.09%
||
7 Day CHG~0.00%
Published-23 Nov, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_cp_443-1_firmwaresimatic_cp_443-1simatic_s7_300_cpusimatic_cp_343-1_firmwaresimatic_cp_343-1simatic_s7_400_cpu_firmwaresimatic_s7_400_cpusimatic_s7_300_cpu_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-27405
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 09:32
Updated-27 Feb, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20432)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTecnomatix Plant Simulation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-27402
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 09:32
Updated-27 Feb, 2025 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20334)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTecnomatix Plant Simulation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-46349
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.39%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19384)

Action-Not Available
Vendor-Siemens AG
Product-parasolidSolid Edge SE2022Parasolid V34.1Parasolid V35.0Parasolid V34.0Solid Edge SE2023Parasolid V33.1
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-45147
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.05% / 16.69%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 12:04
Updated-27 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC STEP 7 V17SIMATIC STEP 7 V18SIMATIC STEP 7 V16SIMATIC PCS neo V4.0simatic_pcs_neosimatic_step_7
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-54095
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:54
Updated-04 Mar, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2024Solid Edge SE2024
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2024-54093
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:54
Updated-10 Dec, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edge SE2024
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-53041
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.85%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:54
Updated-10 Dec, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-53242
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 6.52%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:54
Updated-10 Dec, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)

Action-Not Available
Vendor-Siemens AG
Product-Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-45484
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-3.3||LOW
EPSS-0.05% / 13.48%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.9), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.5), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CCITT_G4Decode.dll contains an out of bounds read vulnerability when parsing a RAS file. An attacker can leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19056)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V13.3Teamcenter Visualization V13.2JT2GoTeamcenter Visualization V14.1Teamcenter Visualization V14.0
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-52567
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.15%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:39
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-52574
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.15%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:39
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-52568
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.04% / 11.05%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:39
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-416
Use After Free
CVE-2024-34773
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:03
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edgesolid_edge
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-49849
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.4||HIGH
EPSS-0.10% / 28.47%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:53
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC WinCC V17SIMATIC WinCC Unified V19SIMATIC STEP 7 Safety V17SIMATIC STEP 7 V17TIA Portal Cloud V17SINAMICS Startdrive V17SIRIUS Safety ES V18 (TIA Portal)SIMATIC WinCC Unified V17SIMATIC WinCC Unified V18SIMOTION SCOUT TIA V5.5SIMOTION SCOUT TIA V5.6SIMATIC STEP 7 V18SINAMICS Startdrive V19SIRIUS Soft Starter ES V17 (TIA Portal)SIMATIC WinCC Unified V16SIMATIC STEP 7 V19SIRIUS Safety ES V19 (TIA Portal)SIMATIC WinCC V16SIMOCODE ES V19SIMATIC STEP 7 Safety V18SIMATIC S7-PLCSIM V16SIMATIC STEP 7 Safety V19SIMATIC WinCC V19TIA Portal Cloud V16TIA Portal Cloud V18SIMATIC S7-PLCSIM V17SIMATIC STEP 7 Safety V16SIMATIC STEP 7 V16SINAMICS Startdrive V16SIRIUS Soft Starter ES V19 (TIA Portal)TIA Portal Cloud V19SIRIUS Safety ES V17 (TIA Portal)SIMATIC WinCC V18SIRIUS Soft Starter ES V18 (TIA Portal)SIMOCODE ES V16SIMOTION SCOUT TIA V5.4SINAMICS Startdrive V18SIMOCODE ES V17SIMOCODE ES V18
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-47940
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-13 Nov, 2024 | 23:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edge_se2024Solid Edge SE2024solid_edge_se2024
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47046
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.22%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Simcenter Femap V2401Simcenter Femap V2406Simcenter Femap V2306simcenter_nastran
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-45467
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 76
  • 77
  • Next
Details not found