Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-33627

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Feb, 2022 | 01:30
Updated At-04 Nov, 2025 | 19:12
Rejected At-
Credits

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Feb, 2022 | 01:30
Updated At:04 Nov, 2025 | 19:12
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.insyde.com/security-pledge
N/A
https://www.insyde.com/security-pledge/SA-2022022
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
N/A
https://security.netapp.com/advisory/ntap-20220222-0002/
N/A
Hyperlink: https://www.insyde.com/security-pledge
Resource: N/A
Hyperlink: https://www.insyde.com/security-pledge/SA-2022022
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20220222-0002/
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.insyde.com/security-pledge
x_transferred
https://www.insyde.com/security-pledge/SA-2022022
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
x_transferred
https://security.netapp.com/advisory/ntap-20220222-0002/
x_transferred
https://www.kb.cert.org/vuls/id/796611
N/A
Hyperlink: https://www.insyde.com/security-pledge
Resource:
x_transferred
Hyperlink: https://www.insyde.com/security-pledge/SA-2022022
Resource:
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20220222-0002/
Resource:
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/796611
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Feb, 2022 | 02:15
Updated At:04 Nov, 2025 | 20:16

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Insyde Software Corp. (ISC)
insyde
>>insydeh2o>>Versions from 5.0(inclusive) to 5.08.29(exclusive)
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Insyde Software Corp. (ISC)
insyde
>>insydeh2o>>Versions from 5.1(inclusive) to 5.16.29(exclusive)
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Insyde Software Corp. (ISC)
insyde
>>insydeh2o>>Versions from 5.2(inclusive) to 5.26.29(exclusive)
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Insyde Software Corp. (ISC)
insyde
>>insydeh2o>>Versions from 5.3(inclusive) to 5.35.29(exclusive)
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_field_pg_m5_firmware>>*
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_field_pg_m5>>-
cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_field_pg_m6_firmware>>*
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_field_pg_m6>>-
cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc127e_firmware>>*
cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc127e>>-
cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc227g_firmware>>*
cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc227g>>-
cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc277g_firmware>>*
cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc277g>>-
cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc327g_firmware>>*
cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc327g>>-
cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc377g_firmware>>*
cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc377g>>-
cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc427e_firmware>>*
cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc427e>>-
cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc477e_firmware>>*
cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc477e>>-
cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc627e_firmware>>*
cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc627e>>-
cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc647e_firmware>>*
cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc647e>>-
cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc677e_firmware>>*
cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc677e>>-
cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc847e_firmware>>*
cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc847e>>-
cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_itp1000_firmware>>*
cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_itp1000>>-
cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfcve@mitre.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220222-0002/cve@mitre.org
Third Party Advisory
https://www.insyde.com/security-pledgecve@mitre.org
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022022cve@mitre.org
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220222-0002/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.insyde.com/security-pledgeaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022022af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.kb.cert.org/vuls/id/796611af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20220222-0002/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.insyde.com/security-pledge
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.insyde.com/security-pledge/SA-2022022
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20220222-0002/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.insyde.com/security-pledge
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.insyde.com/security-pledge/SA-2022022
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.kb.cert.org/vuls/id/796611
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

621Records found
CVE-2021-42059
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.62%
||
7 Day CHG~0.00%
Published-03 Feb, 2022 | 01:13
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.

Action-Not Available
Vendor-n/aSiemens AGInsyde Software Corp. (ISC)
Product-simatic_ipc227gsimatic_ipc377g_firmwaresimatic_ipc427esimatic_ipc847e_firmwaresimatic_ipc847esimatic_ipc647e_firmwaresimatic_ipc647einsydeh2osimatic_field_pg_m6_firmwaresimatic_ipc227g_firmwaresimatic_ipc127e_firmwaresimatic_ipc277gsimatic_ipc477esimatic_ipc327g_firmwaresimatic_ipc277g_firmwaresimatic_ipc627e_firmwaresimatic_ipc427e_firmwaresimatic_ipc377gsimatic_field_pg_m6simatic_field_pg_m5_firmwaresimatic_ipc127esimatic_ipc327gsimatic_ipc627esimatic_ipc677esimatic_itp1000_firmwaresimatic_itp1000simatic_ipc677e_firmwaresimatic_field_pg_m5simatic_ipc477e_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42029
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507ssimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1512sp-1simatic_s7-1500_cpusimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_1512spf-1simatic_s7-1500_cpu_1518-4_pnsimatic_s7-1500_cpu_1513-1simatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1500_cpu_1511-1_pnsimatic_step_7simatic_s7-1500_cpu_1518hf-4simatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512csimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1508s_fsimatic_s7-1200_cpusimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1517-3_dpsimatic_s7-1200_cpu_1214csimatic_s7-1500_cpu_1516tf-3simatic_s7-1500_cpu_1511t-1simatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515tf-2simatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1500_cpu_1507s_fsimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1500_cpu_1518simatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1518tf-4simatic_s7-1500_cpu_1518t-4SIMATIC STEP 7 (TIA Portal) V17SIMATIC STEP 7 (TIA Portal) V16SIMATIC STEP 7 (TIA Portal) V15
CWE ID-CWE-284
Improper Access Control
CVE-2018-11459
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.19%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_828d_v4.7_firmwaresinumerik_808d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8_firmwaresinumerik_828d_v4.7sinumerik_840d_sl_v4.8sinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2018-11460
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.19%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808d_v4.8sinumerik_840d_sl_v4.7sinumerik_828d_v4.7_firmwaresinumerik_808d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8_firmwaresinumerik_828d_v4.7sinumerik_840d_sl_v4.8sinumerik_808d_v4.8_firmwaresinumerik_808d_v4.7SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-43323
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-03 Feb, 2022 | 01:50
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 before 05.43.45, 5.3 before 05.35.45, 5.2 before 05.26.45, 5.1 before 05.16.45, and 5.0 before 05.08.45. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CVE-2021-43615
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-03 Feb, 2022 | 01:09
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 before 05.26.23, 5.3 before 05.35.23, 5.4 before 05.43.22, and 5.5 before 05.51.22. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45969
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 17.64%
||
7 Day CHG~0.00%
Published-05 Jan, 2022 | 23:00
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-41840
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.06% / 17.71%
||
7 Day CHG~0.00%
Published-03 Feb, 2022 | 01:20
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-35893
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:01
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4034
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-87.81% / 99.48%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 00:00
Updated-06 Nov, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-18||Apply updates per vendor instructions.

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Action-Not Available
Vendor-starwindsoftwarepolkit_projectn/aOracle CorporationCanonical Ltd.Red Hat, Inc.Siemens AGSUSE
Product-linux_enterprise_desktopmanager_proxyenterprise_linux_for_power_little_endian_eusenterprise_linuxmanager_serverhttp_serverenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endianenterprise_linux_desktopenterprise_linux_for_ibm_z_systems_euspolkitstarwind_virtual_sanubuntu_linuxenterprise_linux_server_euscommand_centerscalance_lpe9403_firmwarelinux_enterprise_high_performance_computingenterprise_linux_server_ausenterprise_linux_for_power_big_endianenterprise_linux_euslinux_enterprise_serversinumerik_edgescalance_lpe9403enterprise_linux_serverlinux_enterprise_workstation_extensionenterprise_storagezfs_storage_appliance_kitenterprise_linux_for_scientific_computingpolkitPolkit
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-37207
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.72%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:32
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Action-Not Available
Vendor-Siemens AG
Product-sentron_powermanager_3SENTRON powermanager V3
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2013-4943
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.04% / 13.11%
||
7 Day CHG~0.00%
Published-09 Aug, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.

Action-Not Available
Vendor-n/aSiemens AG
Product-comosn/a
CVE-2020-7581
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.74%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 13:18
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.

Action-Not Available
Vendor-Siemens AG
Product-simatic_notifier_serversimatic_step_7opcenter_intelligencesimatic_pcs_neoopcenter_execution_processsoft_starter_esopcenter_qualitysimocode_esopcenter_rd\&lopcenter_execution_discreteopcenter_execution_foundationSIMATIC Notifier Server for WindowsOpcenter Execution DiscreteSoft Starter ES V16Opcenter RD&LSoft Starter ES V15.1Opcenter Execution FoundationSIMATIC STEP 7 (TIA Portal) V16SIMOCODE ES V16Opcenter Execution ProcessSIMOCODE ES V15.1Opcenter QualityOpcenter IntelligenceSIMATIC STEP 7 (TIA Portal) V15SIMATIC PCS neo
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-17006
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 86.69%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 20:24
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Action-Not Available
Vendor-Mozilla CorporationNetApp, Inc.Siemens AG
Product-ruggedcom_rox_rx1511ruggedcom_rox_rx1512hci_storage_nodenetwork_security_servicesruggedcom_rox_mx5000_firmwareruggedcom_rox_rx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510hci_compute_noderuggedcom_rox_rx1400_firmwaresolidfireruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx5000ruggedcom_rox_rx1501hci_management_noderuggedcom_rox_mx5000ruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx1512_firmwareNSS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33737
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.68%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cp_343-1_erpc_firmwaresimatic_cp_343-1_leansimatic_cp343-1_advancedsimatic_cp_443-1simatic_cp_443-1_advanced_firmwaresimatic_cp_343-1_erpcsimatic_cp_443-1_firmwaresimatic_cp_343-1_advanced_firmwaresimatic_cp343-1simatic_cp_343-1_lean_firmwaresimatic_cp_443-1_advancedsimatic_cp_343-1_firmwareSIMATIC CP 343-1 (incl. SIPLUS variants)SIMATIC CP 343-1 ERPCSIMATIC CP 443-1 AdvancedSIPLUS NET CP 443-1 AdvancedSIMATIC CP 343-1 Lean (incl. SIPLUS variants)SIMATIC CP 443-1SIPLUS NET CP 443-1SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-47375
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.01%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:25
Updated-03 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly. This could allow an attacker to create a buffer overflow and create a denial of service condition for the device.

Action-Not Available
Vendor-Siemens AG
Product-6es7414-3em07-0ab06es7416-3fs07-0ab06ag1414-3em07-7ab06ag1416-3es07-7ab0_firmware6ag1416-3es07-7ab0simatic_pc-station_plus_firmware6es7412-2ek07-0ab0_firmwaresimatic_pc-station_plus6es7416-3es07-0ab0_firmware6es7416-3fs07-0ab0_firmware6es7416-3es07-0ab06es7412-2ek07-0ab06es7414-3fm07-0ab0_firmware6es7414-3fm07-0ab0sinamics_s120sinamics_s120_firmware6es7414-3em07-0ab0_firmware6ag1414-3em07-7ab0_firmwareSIMATIC S7-400 CPU 416F-3 PN/DP V7SIMATIC PC-Station PlusSIPLUS S7-400 CPU 414-3 PN/DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-400 CPU 414F-3 PN/DP V7SINAMICS S120 (incl. SIPLUS variants)SIMATIC S7-400 CPU 416-3 PN/DP V7SIMATIC S7-400 CPU 412-2 PN V7SIMATIC S7-400 CPU 414-3 PN/DP V7
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-47935
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.21%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 11:39
Updated-08 Apr, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078)

Action-Not Available
Vendor-Siemens AG
Product-jt_utilitiesjt_open_toolkitsolid_edgeJT UtilitiesSolid EdgeJT Open
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47977
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.21%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 10:36
Updated-20 Mar, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT Open (All versions < V11.2.3.0), JT Utilities (All versions < V13.2.3.0). The affected application contains a memory corruption vulnerability while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt_utilitiesjt_open_toolkitJT UtilitiesJT Open
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47967
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.21%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 11:39
Updated-08 Apr, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-solid_edgeSolid Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25175
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.08%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 09:07
Updated-19 Aug, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2406Simcenter Femap V2401
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-23397
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-23 Sep, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-teamcenter_visualizationtecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-25660
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.95%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsimatic_hmi_ktp_mobile_panels_ktp400fsimatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"simatic_hmi_comfort_panels_4\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsimatic_hmi_ktp_mobile_panels_ktp700_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SIMATIC WinCC Runtime Advanced V15
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-23398
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-23 Sep, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-teamcenter_visualizationtecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-25217
Matching Score-6
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-6
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.4||HIGH
EPSS-0.30% / 53.23%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 22:10
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.Debian GNU/LinuxNetApp, Inc.Siemens AGFedora Project
Product-ruggedcom_rox_rx1511sinec_insruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1512solidfire_\&_hci_management_nodedhcpruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524_firmwareruggedcom_rox_rx5000debian_linuxontap_select_deploy_administration_utilityruggedcom_rox_rx1501fedoraruggedcom_rox_rx1536ruggedcom_rox_mx5000ruggedcom_rox_rx1524ruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx5000_firmwareISC DHCP
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-23400
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.67%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-23 Sep, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-teamcenter_visualizationtecnomatix_plant_simulationTeamcenter Visualization V2406Teamcenter Visualization V2412Teamcenter Visualization V2312Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3Tecnomatix Plant Simulation V2302
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-22649
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.45% / 63.63%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 03:02
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-luxionn/aSiemens AG
Product-solid_edge_se2021solid_edge_se2020_firmwarekeyshotsolid_edge_se2021_firmwaresolid_edge_se2020keyvrkeyshot_network_renderingkeyshot_viewerLuxion KeyShotLuxion KeyVRLuxion KeyShot Network RenderingLuxion KeyShot Viewer
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34290
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.45%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:07
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-055)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34291
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.45%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:07
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-057, FG-VD-22-058, FG-VD-22-060)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34287
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.45%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:07
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-052, FG-VD-22-056)

Action-Not Available
Vendor-Siemens AG
Product-pads_viewerPADS Standard/Plus Viewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8703
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.26% / 49.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:48
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel CorporationSiemens AG
Product-core_i7-7700kcore_i7-8705gcore_i7-8665uz270c627core_i3-8300tcore_i7-7660ucore_i7-8706gcore_i7-1068ng7core_i7-11700fcore_i7-1160g7core_i5-1035g7pentium_gold_g5420core_i7-10850hcore_i7-1185grecore_i7-11375hcore_i5-8400hcore_i7-8700core_i5-10400fc621acore_i5-8400core_i5-7y54core_i3-10300core_i3-7100tcore_i7-7700tcore_i7-10700tcore_i3-1110g4core_i7-8086kceleron_4305ucore_i5-10210usimatic_ipc547g_firmwarecore_i5-8257ucore_i7-8700kcore_i5-10200hpentium_gold_g5400tpentium_gold_g6405tq150core_i5-1035g4core_i3-8145ucore_i5-10400hceleron_4205ucore_i7-11700core_i5-7442eqcore_i3-10100ycore_i3-7020ucore_i5-10400tcore_i3-8109ucore_i7-11370hcore_i5-10310ucore_i7-7600ucore_i9-11900tcore_i9-11900kbcore_i5-10505c246core_i5-1030g7xeon_w-1270core_i3-1000ng4core_i3-7100ecore_i5-11600tcore_i3-7300pentium_gold_4417ucore_i7-11850hcore_i9-11900core_i3-1000g1core_i7-10510ycore_i3-10110ucore_i7-11800hcore_i5_l16g7simatic_field_pg_m6_firmwarec625simatic_ipc477ecore_i5-10400simatic_ipc427e_firmwarexeon_w-1270tecore_i5-8400bcore_i7-7700hqcore_i5-1155g7core_i5-10500tecore_i3-10105fcore_i7-7820hkcore_i3-8100hpentium_gold_4415ypentium_gold_g5620core_i9-11950hxeon_w-1290tcore_i5-11600h110core_i5-10300hpentium_gold_g6505tcore_i5-8350ucore_i9-10980hkcore_i5-7300uq270core_i7-11700tcore_i5-8600xeon_w-11855mcore_i5-8500tcore_i7-10510ucore_i5-7500core_i3-10100ecore_i5-1030ng7core_i3-8100core_i7-1060g7simatic_ipc527gcore_i9-11900hcore_i9-10900h410pentium_gold_g6500txeon_w-10855mcore_i5-7200ucore_i9-11900kcore_i3-10100tsimatic_ipc847e_firmwarecore_i9-8950hksimatic_ipc527g_firmwarecore_i9-10900ecore_i7-7700simatic_field_pg_m5core_i9-10850kcore_i9-10900kcore_i7-7920hqcore_i3-7102eh270core_i5-8600ksimatic_ipc477e_firmwareq470core_i9-10900fpentium_gold_g6400tcore_i5-8400tpentium_gold_g5600tsimatic_field_pg_m6xeon_w-1270pcore_i7-8750hcore_i7-10700simatic_ipc477e_procore_i5-8365ub150core_i3-10100tecore_i9-10910core_i5-7600simatic_ipc647ecore_i3-10105txeon_w-1250ecore_i7-10700fcore_i9-10885hcore_i5-11400tcore_i5-11300hcore_i9-11900kfcore_i3-10325core_i5-1145g7core_i3-1125g4core_i7-10750hq470ecore_i3-7100hcore_i3-8300core_i3-1000g4core_i5-7400tcore_i7-10875hq370core_i3-7100core_i7-8809gcore_i3-8145uecore_i5-7260ucore_i7-8700bcore_i7-8709gsimatic_ipc627ecore_i3-10100pentium_gold_g6505core_i5-7267uxeon_w-1250pcore_i3-1115g4celeron_6305core_i3-8100tcore_i3-8121uh170core_i5-10210yh310core_i5-1140g7core_i7-8557ucore_i5-10500esimatic_ipc547gcore_i7-8700tsimatic_ipc477e_pro_firmwarecore_i5-8300hcore_i5-10600tcore_m3-7y32core_i3-10110ycore_i5-7400core_i5-10600kfcore_i7-8650ucore_i5-11400fc629acore_i7-10700ecore_i5-1145grecore_i3-7320core_i7-1180g7c242pentium_gold_4410ycore_i5-11600kfz370pentium_gold_g5500tcore_i7-11700kfcloud_backupcore_i7-10870hpentium_gold_4415uw480core_i5-1035g1core_i5-1038ng7h420ecore_i5-11500bz170c624mobile_cm246simatic_ipc647e_firmwarex299pentium_gold_6405usimatic_ipc627e_firmwarecore_i5-8500bc627acore_i7-10700kcore_i5-11500tc622core_i7-1185g7core_i7-1165g7core_i7-1195g7core_i5-8269ucore_i5-11600kcore_i7-11390hcore_i5-1030g4core_i7-10700tecore_i5-10500core_i7-11700kcore_i7-10710ucore_i5-7287ucore_i7-10700kfcore_i5-7440eqh370xeon_w-1250texeon_w-1250core_i5-8279uw480exeon_w-1290ecore_i3-7100ucore_i7-8565ucore_i3-7101tecore_i3-7350kcore_i5-11400hcore_i7-11700bcore_i5-7600kcore_i5-8250ucore_i3-10305b365core_i5-7300hqcore_i7-7560uxeon_w-1270epentium_gold_g5420tcore_i7-7820eqcore_i9-11900fcore_i5-8259ucore_i5-7360ucore_i9-11980hkpentium_gold_g5500core_i5-10600kceleron_4305uesimatic_ipc847ecore_i3-8140usimatic_ipc427ecore_m3-8100ycore_i9-10900kfcore_i3-10105core_i3-11100bq170b460simatic_itp1000_firmwarecore_i5-1130g7core_i3-1120g4core_i5-7600tcore_i7-1060ng7core_i7-7500ucore_i7-8550ucore_i5-10310yxeon_w-1290pcore_i5-10500hcore_i5-8260ucore_i5-11320hpentium_gold_4425yb250core_i7-10810upentium_gold_g6500core_i3-1115grecore_i7-8850hcore_i5-11500hcore_i3-7130ucore_i7-10610usimatic_itp1000xeon_w-11955mcore_i3-10100fcore_i3-7167upentium_gold_g6400ecore_i7-8500ycore_i7-7567uc629pentium_gold_7505b360core_i5-10600c621core_i5-11260hsimatic_field_pg_m5_firmwarecore_i3-1115g4epentium_gold_g6400core_i7-7820hqcore_i5-8210ycore_m3-7y30core_i3-7300tcore_i5-8365uecore_i7-8665uexeon_w-1290celeron_6305ecore_i5-1145g7exeon_w-10885mcore_i3-10320core_i9-10900tcore_i5-8200ypentium_gold_g5400simatic_ipc677ecore_i3-10300tcore_i3-7101ecore_i5-8310yxeon_w-1290tecore_i5-1135g7core_i5-11500core_i5-8500c626core_i5-7440hqpentium_gold_g6600core_i7-8569uq250z490core_i5-8265ucore_i5-10500tpentium_gold_g6605core_i7-1185g7econverged_security_and_manageability_enginecore_i3_l13g4pentium_gold_5405ucore_i7-7y75core_i3-1005g1pentium_gold_g6405core_i3-8100bcore_i5-7y57simatic_ipc677e_firmwarecore_i3-10305tcore_i3-8350kcore_i5-11400core_i5-8600tcore_i5-7500tcore_i5-8305gcore_i7-1065g7core_i7-8559ucore_i9-10900tepentium_gold_g6400tez390core_i3-8130uc420h470pentium_gold_6500yc628pentium_gold_g5600Intel(R) CSME versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-30937
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.53% / 67.33%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:21
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-en100_ethernet_module_iec_104_firmwareen100_ethernet_module_profinet_io_firmwareen100_ethernet_module_iec_61850_firmwareen100_ethernet_moduleen100_ethernet_module_modbus_tcp_firmwareen100_ethernet_module_dnp3_firmwareEN100 Ethernet module IEC 104 variantEN100 Ethernet module PROFINET IO variantEN100 Ethernet module DNP3 IP variantEN100 Ethernet module Modbus TCP variantEN100 Ethernet module IEC 61850 variant
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30938
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.83% / 82.95%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition

Action-Not Available
Vendor-Siemens AG
Product-en100_ethernet_module_iec_104_firmwareen100_ethernet_module_profinet_io_firmwareen100_ethernet_module_dnp3_ip_firmwareen100_ethernet_module_iec_61850_firmwareen100_ethernet_moduleen100_ethernet_module_modbus_tcp_firmwareEN100 Ethernet module IEC 104 variantEN100 Ethernet module PROFINET IO variantEN100 Ethernet module DNP3 IP variantEN100 Ethernet module Modbus TCP variantEN100 Ethernet module IEC 61850 variant
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3161
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.89%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 00:17
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-SiemensSiemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V14.1JT2GoTeamcenter Visualization V13.3Teamcenter Visualization V14.0
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46153
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.45% / 63.86%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:17
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2020.2Simcenter Femap V2021.1
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46157
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.54%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:17
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757)

Action-Not Available
Vendor-Siemens AG
Product-simcenter_femapSimcenter Femap V2020.2Simcenter Femap V2021.1
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-44018
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.32% / 55.19%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:17
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)

Action-Not Available
Vendor-Siemens AG
Product-jt2gosolid_edgeteamcenter_visualizationSolid Edge SE2021Teamcenter Visualization V13.2Teamcenter Visualization V13.3JT2GoTeamcenter Visualization V13.1Solid Edge SE2022
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-1449
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.56% / 91.85%
||
7 Day CHG~0.00%
Published-02 Feb, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aSiemens AG
Product-ruggedcom_win5200ruggedcom_win5100ruggedcom_win7200ruggedcom_win7000ruggedcom_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-6458
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-9.35% / 92.78%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.

Action-Not Available
Vendor-ntpn/aApple Inc.Siemens AGHewlett Packard Enterprise (HPE)
Product-mac_os_xhpux-ntpntpsimatic_net_cp_443-1_opc_uasimatic_net_cp_443-1_opc_ua_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-38405
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.54%
||
7 Day CHG~0.00%
Published-21 Nov, 2023 | 18:19
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Siemens Solid Edge, JT2Go, and Teamcenter Visualization Improper Restriction of Operations within the Bounds of a Memory Buffer

The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34306
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.40% / 61.05%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-31882
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 80.57%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-11 Mar, 2025 | 09:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3talon_tc_compactnucleus_nettalon_tc_compact_firmwareapogee_pxc_compactapogee_modular_equiment_controller_firmwareapogee_pxc_compact_firmwareapogee_modular_equiment_controllerapogee_modular_building_controllercapital_vstarapogee_pxc_modular_firmwareapogee_pxc_modulartalon_tc_modular_firmwaretalon_tc_modularapogee_modular_building_controller_firmwarenucleus_source_codeCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5712
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.2||HIGH
EPSS-2.45% / 85.23%
||
7 Day CHG~0.00%
Published-21 Nov, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)Siemens AGIntel Corporation
Product-rog_strix_z270g_gaming_firmwareh110-plus_firmwareh170m-plus\/brsimatic_ipc627dprime_h110m-ptuf_z270_mark_2rog_strix_z270h_gaming\/k1prime_j3355i-cb150i_pro_gaming\/aurasimatic_ipc827ch110m-a\/dp_firmwaresimatic_ipc477d_firmwareq170t_firmwareb250m-f_plush110m-ksh110m-a_d3ex-b150m-v5rog_strix_b250i_gaming_firmwareh170_pro_gamingsimotion_p320-4strooper_b150_d3_firmwareh110s2b150m-dtuf_z370-plus_gaming_firmwareh110m-ts_firmwaresimatic_ipc647d_firmwareb150-asimatic_ipc477db150m-plus_d3_firmwarerog_maximus_viii_hero_firmwarerog_strix_z270f_gamingrog_maximus_viii_ranger_firmwareb150m-v_plus_firmwareprime_q270m-ch110-plush110s2_firmwareh110m-e_firmwareprime_h110m2\/fpt_firmwaresabertooth_z170_mark_1h110m-c\/hdmi_firmwaresinumerik_pcu50.5-p_firmwaretuf_z370-pro_gaming_firmwarerog_maximus_viii_hero_alpha_firmwarerog_maximus_ix_hero_firmwarez170-krog_strix_b250g_gaming_firmwarerog_strix_z370-f_gamingb150m-ah110m-aex-b250m-v5z170-prosimatic_ipc477eb150m-k_d3prime_h110m2_firmwarerog_maximus_viii_formulaprime_b250m-dsimatic_field_pg_m3_firmwarerog_maximus_ix_extremesimatic_ipc677cb150m-k_firmwareq170s1_firmwareex-b150m-v3_firmwareprime_b250m-jb150m-a_d3_firmwarez170m-e_d3z170-k_firmwarepio-b150m_firmwarerog_strix_h270i_gaming_firmwareh170m-plush110m-ks_r1_firmwareex-b250-v7b150m-plusz170-ar_firmwareh110m-plusb150m-v_plush110m-kex-b150-v7_firmwareh110m-a_d3_firmwarerog_strix_b250h_gaming_firmwareh110m-c\/br_firmwarez170m-plus\/brprime_h270-plus_firmwareprime_h110m2\/fptprime_z270m-plus\/br_firmwareh110t-a_firmwareh110i-plus_firmwaresimatic_ipc627d_firmwaresimatic_field_pg_m3prime_z270-kh170i-pro_firmwaresimatic_field_pg_m4simatic_ipc627ch170i-prob150m-plus_d3z170-premium_firmwaresabertooth_z170_mark_1_firmwareb150m-f_plush170m-e_d3z170-eb150-pro_firmwarepio-b150mrog_maximus_ix_codeprime_b250-plus_firmwareh110m-c_firmwarerog_maximus_x_hero_firmwaresimatic_itp1000simatic_ipc427d_firmwareh110m-e\/m.2_firmwareprime_h110m2rog_maximus_x_formularog_maximus_x_formula_firmwareh110m-d\/exper\/sib150_pro_gaming\/aura_firmwaremanageability_engine_firmwarerog_maximus_ix_herorog_strix_z270i_gamingh170-plus_d3_firmwareex-b150m-v_firmwareq170m-cm-brog_strix_z370-g_gamingprime_z270-arb150-pro_d3rog_strix_z270h_gamingh110m-cs\/br_firmwarerog_strix_z370-i_gamingrog_strix_z370-h_gaming_firmwareh110m-d_firmwaresabertooth_z170_sb150_pro_gamingh110m-a\/m.2q270m-cm-asimatic_ipc847c_firmwareh110m-rh170-pro\/usb_3.1_firmwareq170m2_firmwareb150m-kprime_z270m-plus_firmwareh110m-a_firmwareex-h110m-v3_firmwareh110m-k_x_firmwarez170m-e_d3_firmwareh170_pro_gaming_firmwareb150m-k_d3_firmwarerog_strix_z270f_gaming_firmwarerog_strix_b250f_gamingh110m-cs\/brq170s1ex-b250-v7_firmwaresabertooth_z170_s_firmwarerog_strix_b250h_gamingh110m-d\/exper\/si_firmwareex-b150m-v5_firmwareprime_b250m-d_firmwareh110m-p\/dvib150i_pro_gaming\/aura_firmwaresimatic_ipc647db150m-f_plus_firmwareh110m-ks_r1h110m-c\/ps_firmwareb150-proprime_h270-proex-h110m-v_firmwareex-b250m-v3rog_strix_z270g_gamingrog_maximus_ix_formula_firmwarerog_maximus_viii_gene_firmwareprime_z270-p_firmwareex-h110m-v3h110m-c2\/tf_firmwarez170-p_firmwareq270-sactive_management_technology_firmwaresimatic_ipc427e_firmwarez170m-plustrooper_h110_d3z170-deluxe_firmwaresimatic_ipc547d_firmwaresimatic_ipc847cprime_q270m-c_firmwaresimatic_ipc547dh170m-plus_firmwareb250_mining_expert_firmwarerog_strix_h270i_gamingrog_strix_z270h_gaming\/k1_firmwareprime_z370-pz170-e_firmwarerog_maximus_viii_extreme_firmwareb250_mining_expertb150m-a_d3simatic_ipc677dh110m-c2prime_b250m-a_firmwaresimatic_ipc627c_firmwareprime_b250m-plus\/br_firmwarez170-ah110m-k_firmwaretuf_z270_mark_1_firmwareb150_pro_gaming_d3q170m-c_firmwarez170_pro_gaming\/auraex-b250m-vh110m-a\/m.2_firmwareb150m-d_firmwarerog_strix_b250f_gaming_firmwareprime_z370-a_firmwaresinumerik_pcu50.5-crog_maximus_x_code_firmwarerog_maximus_viii_impactsimatic_ipc827d_firmwareprime_b250m-plus_firmwarez170-deluxeb150m-cprime_b250m-plush110m-cs_xb150-pro_d3_firmwareprime_b250-proz170-a_firmwareb150_pro_gaming_d3_firmwareb150-plusprime_z270-a_firmwareprime_z270-k_firmwareh110m-c\/hdmisimatic_itp1000_firmwareprime_b250-a_firmwareprime_b250-arog_maximus_viii_geneh110t-aex-b250m-v5_firmwaresimatic_ipc647c_firmwareb150-a_firmwaresimatic_ipc427drog_maximus_viii_impact_firmwareq170th110m-r_firmwareh110m-crog_maximus_ix_apex_firmwareprime_z270-ar_firmwarez170_pro_gaming\/aura_firmwareh110m-fprime_b250m-k_firmwareprime_b250m-j_firmwarerog_strix_z370-e_gamingprime_b250m-c_firmwarerog_strix_z270i_gaming_firmwareprime_b250m-ah110m-p\/dvi_firmwareb150m-a_firmwareh170-plus_d3h110m-c\/brrog_strix_b250g_gamingb250-srog_maximus_ix_extreme_firmwareprime_z270m-plusb150_pro_gaming_firmwareex-b150-v7prime_j3355i-c_firmwareb150m-c_d3_firmwaresimatic_ipc427eprime_b250-pro_firmwareh110tq170m2\/cdm\/sib150m-a\/m.2z170_pro_gaming_firmwarerog_strix_z270e_gaming_firmwareb150m-c_firmwarerog_strix_z370-e_gaming_firmwareb150_pro_gaming\/auraq170m2prime_b250m-kprime_z370-aex-h110m-vh110m-dq170t_v2b150m-plus_firmwaresimatic_ipc647csinumerik_pcu50.5-c_firmwareb150m-a\/m.2_firmwareprime_h110m-p_firmwarez170-pro_firmwaresimatic_ipc847dh110m-k_d3z170-premiumex-b250m-v_firmwarerog_strix_z370-g_gaming_firmwareh110i-plussimatic_ipc477d_pro_firmwareb250m-f_plus_firmwarerog_maximus_viii_rangerh110m-plus_firmwareh110m-f_firmwareex-b150m-vtrooper_h110_d3_firmwarerog_maximus_x_apex_firmwarez170i_pro_gamingsimatic_field_pg_m5_firmwaretrooper_b150_d3simatic_ipc677d_firmwarerog_maximus_ix_apexh110m-a\/dpb150m-c\/brrog_strix_z370-i_gaming_firmwareh170-pro_firmwareb150i_pro_gaming\/wifi\/aura_firmwareh110m-erog_maximus_x_heroh110m-cs_firmwareh110m-cssimatic_field_pg_m4_firmwareh110m-cs_x_firmwareb150m-c_d3rog_maximus_viii_extremeh110s1_firmwaretuf_z270_mark_1z170m-plus\/br_firmwareex-b150m-v3prime_z270-pb150-plus_firmwareprime_z370-p_firmwareq170m2\/cdm\/si_firmwarerog_maximus_ix_formulatuf_z370-pro_gamingh170m-e_d3_firmwareb250m-c_prorog_strix_b250i_gamingrog_strix_z370-h_gamingprime_z270m-plus\/brh110m-ks_firmwareb250-mr_firmwareq170m-cm-b_firmwaresimatic_ipc477e_firmwarerog_strix_h270f_gamingrog_strix_z370-f_gaming_firmwareh110s1prime_h270m-plusz170-p_d3prime_b250m-cz170i_pro_gaming_firmwarerog_maximus_viii_heroh110m-tssimatic_ipc477d_propio-b250i_firmwareq170t_v2_firmwareprime_h270m-plus_firmwareb150m-c\/br_firmwareq170m-crog_maximus_x_codetuf_z370-plus_gamingb250-mrh170-prosimatic_ipc547erog_maximus_viii_formula_firmwareb250m-c_pro_firmwarerog_strix_h270f_gaming_firmwareh170-pro\/usb_3.1z170-p_d3_firmwarerog_maximus_x_apexpio-b250ib150m_pro_gaming_firmwarez170m-plus_firmwaresimatic_ipc547e_firmwaresimatic_ipc827dh110m-c\/psh110m-k_d3_firmwarerog_maximus_viii_hero_alphasimatic_field_pg_m5b150i_pro_gaming\/wifi\/aurarog_strix_z270h_gaming_firmwarerog_maximus_ix_code_firmwareprime_h270-pro_firmwareb150m_pro_gamingh110m-c2\/tfq270m-cm-a_firmwareh110m-c2_firmwarerog_strix_z270e_gamingtuf_z270_mark_2_firmwaresimatic_ipc677c_firmwareprime_b250m-plus\/brq270-s_firmwareh110t_firmwareex-b250m-v3_firmwarez170-ph110m-e\/m.2z170-arh110m-k_xsinumerik_pcu50.5-pb250-s_firmwareprime_z270-asimotion_p320-4s_firmwareprime_b250-plusprime_h270-plussimatic_ipc847d_firmwareh170m-plus\/br_firmwarez170_pro_gamingsimatic_ipc827c_firmwareActive Management Technology
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-27397
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.54%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTecnomatix Plant Simulation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2003-1464
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.72% / 72.51%
||
7 Day CHG~0.00%
Published-24 Oct, 2007 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name.

Action-Not Available
Vendor-n/aSiemens AG
Product-m45s45n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-47046
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.11% / 29.51%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-15 Oct, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_nastranSimcenter Femap V2401Simcenter Femap V2406Simcenter Femap V2306simcenter_nastran
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0674
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.8||MEDIUM
EPSS-2.71% / 85.92%
||
7 Day CHG~0.00%
Published-21 Mar, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_pcs7winccn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0656
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.8||MEDIUM
EPSS-2.13% / 84.21%
||
7 Day CHG~0.00%
Published-21 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_rf-manager_2008simatic_rf-managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-27738
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 75.18%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3simotics_connect_400_firmwarenucleus_netsimotics_connect_400nucleus_readystart_v4nucleus_source_codeNucleus ReadyStart V4TALON TC Compact (BACnet)APOGEE PXC Compact (P2 Ethernet)Nucleus Source CodeAPOGEE PXC Compact (BACnet)APOGEE PXC Modular (P2 Ethernet)Nucleus NETAPOGEE PXC Modular (BACnet)SIMOTICS CONNECT 400TALON TC Modular (BACnet)Nucleus ReadyStart V3
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-45474
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.13% / 32.14%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-45468
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.13% / 32.14%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-10 Dec, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTeamcenter Visualization V2312Tecnomatix Plant Simulation V2302Teamcenter Visualization V14.2Tecnomatix Plant Simulation V2404Teamcenter Visualization V14.3tecnomatix_plant_simulation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found