Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-37730

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-12 Oct, 2021 | 14:07
Updated At-04 Aug, 2024 | 01:30
Rejected At-
Credits

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:12 Oct, 2021 | 14:07
Updated At:04 Aug, 2024 | 01:30
Rejected At:
▼CVE Numbering Authority (CNA)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

Affected Products
Vendor
n/a
Product
HPE Aruba Instant (IAP)
Versions
Affected
  • Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below
  • Aruba Instant 6.5.x.x: 6.5.4.20 and below
  • Aruba Instant 8.5.x.x: 8.5.0.12 and below
  • Aruba Instant 8.6.x.x: 8.6.0.11 and below
  • Aruba Instant 8.7.x.x: 8.7.1.3 and below
Problem Types
TypeCWE IDDescription
textN/Aremote arbitrary command execution
Type: text
CWE ID: N/A
Description: remote arbitrary command execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf
x_refsource_CONFIRM
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt
Resource:
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt
x_refsource_MISC
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:12 Oct, 2021 | 15:15
Updated At:24 Nov, 2021 | 21:38

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Aruba Networks
arubanetworks
>>aruba_instant>>Versions from 6.4.0.2-4.1.0.0(inclusive) to 6.4.4.8-4.2.4.19(exclusive)
cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>aruba_instant>>Versions from 6.5.4.0(inclusive) to 6.5.4.20(exclusive)
cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>aruba_instant>>Versions from 8.5.0.0(inclusive) to 8.5.0.12(exclusive)
cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>aruba_instant>>Versions from 8.6.0.0(inclusive) to 8.6.0.11(exclusive)
cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*
Aruba Networks
arubanetworks
>>aruba_instant>>Versions from 8.7.0.0(inclusive) to 8.7.1.3(exclusive)
cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_w1750d_firmware>>Versions from 8.7.1.3(inclusive)
cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_w1750d>>-
cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdfsecurity-alert@hpe.com
Patch
Third Party Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txtsecurity-alert@hpe.com
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf
Source: security-alert@hpe.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-017.txt
Source: security-alert@hpe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1200Records found
CVE-2022-37903
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:11
Updated-02 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-700872207240xm721070057205arubaos7280702470107030sd-wanAruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37923
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.50% / 64.96%
||
7 Day CHG+0.10%
Published-30 Nov, 2022 | 19:16
Updated-24 Apr, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-edgeconnect_enterpriseAruba EdgeConnect Enterprise Software
CVE-2022-36323
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.1||CRITICAL
EPSS-0.31% / 53.93%
||
7 Day CHG+0.04%
Published-10 Aug, 2022 | 11:18
Updated-20 May, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xc208scalance_xb205-3scalance_xc216eec_firmwarescalance_xr552_firmwarescalance_xr324-4m_eecscalance_sc-600_firmwarescalance_xp-200scalance_xp208scalance_xc206-2sfp_g_\(e\/ip\)scalance_xc224-4c_g_eec_firmwarescalance_xr324-4m_eec_firmwarescalance_xr-300eec_firmwarescalance_xf-200bascalance_xc206-2sfp_g_eec_firmwarescalance_xp216scalance_xb213-3_firmwarescalance_xr528-6m_2hr2_firmwarescalance_xr-300_firmwarescalance_xb205-3ldscalance_xc208g_eecscalance_sc622-2c_firmwarescalance_s615_firmwarescalance_xr528-6m_2hr2scalance_xc206-2sfp_g_firmwarescalance_xr326-2c_poe_wg_firmwarescalance_xr528-6m_firmwarescalance_xr552-12m_2hr2_l3scalance_m-800_firmwarescalance_xb205-3_firmwarescalance_xc216-4c_g_\(e\/ip\)_firmwarescalance_xp216poe_eec_firmwarescalance_xb216_firmwarescalance_w700_ieee_802.11ax_firmwarescalance_xb213-3ldscalance_xc-200_firmwarescalance_xf204-2ba_irtscalance_xr324-12m_tsscalance_xc206-2g_poe__firmwarescalance_xr-300wg_firmwarescalance_xc208g_eec_firmwarescalance_sc642-2c_firmwarescalance_xr-300scalance_xm408-8c_l3_firmwarescalance_sc642-2cscalance_sc-600scalance_xr324-4m_poe_ts_firmwarescalance_xr524scalance_xc208eec_firmwarescalance_xm400scalance_xc208g_poescalance_xc224-4c_g_\(e\/ip\)_firmwarescalance_xm408-8cscalance_xf-200ba_firmwarescalance_xb213-3ld_firmwarescalance_xf204-2ba_irt_firmwarescalance_w700_ieee_802.11acscalance_xc216scalance_xr324-12m_ts_firmwarescalance_xc206-2sfp_g_eecscalance_s615scalance_sc646-2cscalance_xr526-8c_l3scalance_xc206-2sfp_g_\(e\/ip\)_firmwarescalance_xp216eec_firmwarescalance_xm408-8c_l3scalance_xc208g_\(e\/ip\)_firmwarescalance_xp208eecscalance_xr526-8c_l3_firmwarescalance_xm408-8c_firmwarescalance_xb208scalance_xr-300poe_firmwarescalance_xr324-4m_poescalance_xc206-2g_poe_eecscalance_xc216-4c_g_firmwarescalance_xc206-2g_poe_scalance_xr524-8c_firmwarescalance_w700_ieee_802.11axscalance_xc224__firmwarescalance_xb-200_firmwarescalance_xc-200scalance_xr324-4m_poe_tsscalance_xc206-2sfp_gscalance_m-800scalance_xm408-4c_l3scalance_xp208poe_eecscalance_sc636-2c_firmwarescalance_w700_ieee_802.11ac_firmwarescalance_xr526scalance_xf204-2ba_dnascalance_xr552-12m_2hr2_firmwarescalance_xr324-12mscalance_xc206-2_firmwarescalance_xb213-3scalance_xr552scalance_xr528-6mscalance_xc224-4c_g_scalance_xc216-4c_firmwarescalance_xp216poe_eecscalance_xr-300wgscalance_xc216-4c_g_\(e\/ip\)scalance_xm400_firmwarescalance_xb205-3ld_firmwarescalance_xr524_firmwarescalance_xc224-4c_g_eecscalance_w700_ieee_802.11n_firmwarescalance_xc224_scalance_xp216_\(eip\)_firmwarescalance_xm416-4c_firmwarescalance_xc216eecscalance_xr524-8cscalance_xr528-6m_2hr2_l3scalance_xp208_\(eip\)scalance_xr328-4c_wgscalance_xc208gscalance_xb216scalance_xr324wgscalance_xr552-12m_firmwarescalance_xm408-4cscalance_xr552-12mscalance_xc206-2g_poe_eec_firmwarescalance_xc216_firmwarescalance_xc208eecscalance_xc206-2sfp_eec_firmwarescalance_xr328-4c_wg_firmwarescalance_xr526_firmwarescalance_xc216-4cscalance_xr524-8c_l3scalance_xr500_firmwarescalance_xr552-12m_2hr2scalance_xc208g_firmwarescalance_sc632-2cscalance_xc208_firmwarescalance_xp216_\(eip\)scalance_xp208_\(eip\)_firmwarescalance_xp208eec_firmwarescalance_sc646-2c_firmwarescalance_xr524-8c_l3_firmwarescalance_xr324-4m_poe_firmwarescalance_xm408-4c_firmwarescalance_xm416-4cscalance_xr528_firmwarescalance_xr528scalance_xr552-12m_2hr2_l3_firmwarescalance_xr326-2c_poe_wgscalance_sc622-2cscalance_xm408-4c_l3_firmwarescalance_xc208g_\(e\/ip\)scalance_xr324wg_firmwarescalance_xb208_firmwarescalance_xc224-4c_g__firmwarescalance_sc632-2c_firmwarescalance_w700_ieee_802.11nscalance_xc206-2scalance_xc208g_poe_firmwarescalance_xr528-6m_2hr2_l3_firmwarescalance_xr528-6m_l3scalance_xr324-12m_firmwarescalance_xr-300poescalance_xm416-4c_l3scalance_xf204-2ba_dna_firmwarescalance_xp-200_firmwarescalance_xc224-4c_g_\(e\/ip\)scalance_xb-200scalance_sc636-2cscalance_xc216-4c_g_eec_firmwarescalance_xr500scalance_xr552-12scalance_xp216_firmwarescalance_xm416-4c_l3_firmwarescalance_xp208_firmwarescalance_xp208poe_eec_firmwarescalance_xr526-8c_firmwarescalance_xp216eecscalance_xr552-12_firmwarescalance_xc216-4c_g_eecscalance_xc206-2sfp_eecscalance_xc216-4c_gscalance_xr-300eecscalance_xr526-8cscalance_xr528-6m_l3_firmwareSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XC206-2 (SC)SCALANCE XF204-2BA DNASCALANCE XP216EECSCALANCE M876-3 (ROK)SIPLUS NET SCALANCE XC206-2SCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE XR524-8C, 1x230V (L3 int.)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE W788-2 RJ45SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XM416-4C (L3 int.)RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE W748-1 M12SCALANCE WUM766-1 (US)SCALANCE XR524-8C, 24V (L3 int.)SCALANCE XC208G (EIP def.)SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE XC206-2SFP G (EIP DEF.)SIPLUS NET SCALANCE XC216-4CSCALANCE W738-1 M12SCALANCE XP216 (Ethernet/IP)SCALANCE SC622-2CSCALANCE XC208EECSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XR326-2C PoE WG (without UL)SCALANCE W786-2 RJ45SCALANCE XR528-6M (L3 int.)SCALANCE XB205-3 (ST, PN)SCALANCE W778-1 M12 EECSCALANCE XR528-6MSCALANCE XC216-4C GSCALANCE XC216-4C G (EIP Def.)SCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XC216EECSCALANCE SC626-2CSCALANCE WAM766-1 (EU)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE XF204-2BASCALANCE WAM766-1 EEC (US)SCALANCE XC216-4C G EECSCALANCE M876-4 (NAM)SCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE M874-3SCALANCE XM408-4CSCALANCE XR552-12M (2HR2, L3 int.)SCALANCE W1748-1 M12SCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE XC224-4C G EECSCALANCE XC224-4C G (EIP Def.)SCALANCE M876-4 (EU)SCALANCE XM408-8C (L3 int.)SCALANCE M876-3 (EVDO)SCALANCE XB208 (E/IP)SCALANCE W774-1 RJ45SCALANCE W788-1 M12SCALANCE XB205-3LD (SC, E/IP)SCALANCE XC208SCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE SC636-2CSCALANCE XC224SCALANCE XP216SCALANCE XR526-8C, 1x230VSCALANCE XB216 (E/IP)SCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE XR552-12MSCALANCE WAM766-1 EEC (EU)SCALANCE W722-1 RJ45SCALANCE WUM766-1 (EU)SCALANCE M874-2SCALANCE XB205-3 (SC, PN)SCALANCE XB208 (PN)SCALANCE XP208 (Ethernet/IP)SCALANCE M816-1 ADSL-Router (Annex B)SCALANCE XF204SCALANCE XR526-8C, 2x230VSCALANCE W1788-2 EEC M12SCALANCE XB213-3LD (SC, PN)SCALANCE WAM766-1 (US)SCALANCE XP216POE EECSCALANCE XC216-3G PoE (54 V DC)SCALANCE XC206-2 (ST/BFOC)SCALANCE XC208G PoE (54 V DC)SCALANCE XR528-6M (2HR2)SCALANCE XB213-3 (SC, E/IP)SCALANCE MUM856-1 (EU)SCALANCE XC206-2SFPSCALANCE XR552-12M (2HR2)SCALANCE XB213-3 (ST, E/IP)SCALANCE W786-2IA RJ45SCALANCE XR524-8C, 2x230VSCALANCE W734-1 RJ45 (USA)SCALANCE XC208GSCALANCE SC642-2CSCALANCE XC216-4CSCALANCE XC216-3G PoESCALANCE W788-2 M12 EECSCALANCE XR326-2C PoE WGSIPLUS NET SCALANCE XC206-2SFPSCALANCE WAM763-1SCALANCE W761-1 RJ45SCALANCE XF204 DNASCALANCE XC216SCALANCE W788-2 M12SCALANCE W774-1 RJ45 (USA)SCALANCE XB213-3 (ST, PN)SCALANCE XR524-8C, 24VSCALANCE SC646-2CSCALANCE MUM856-1 (RoW)SCALANCE W1788-2IA M12SCALANCE XC208G EECSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE W788-1 RJ45SCALANCE XM408-4C (L3 int.)SCALANCE M812-1 ADSL-Router (Annex A)SCALANCE XR526-8C, 24VSCALANCE W1788-2 M12SCALANCE XC206-2SFP G EECSCALANCE XB205-3 (ST, E/IP)SCALANCE XB213-3 (SC, PN)SCALANCE XC206-2G PoESCALANCE XM416-4CSCALANCE W786-2 SFPSCALANCE XR524-8C, 1x230VSCALANCE W1788-1 M12SCALANCE W774-1 M12 EECSCALANCE XC206-2SFP EECSCALANCE XM408-8CSCALANCE M826-2 SHDSL-RouterSCALANCE M812-1 ADSL-Router (Annex B)SCALANCE XC206-2G PoE (54 V DC)SCALANCE XC206-2SFP GSCALANCE XB216 (PN)SCALANCE XP208PoE EECSCALANCE MUM853-1 (EU)SCALANCE XB213-3LD (SC, E/IP)SCALANCE WUM763-1SIPLUS NET SCALANCE XC208SCALANCE SC632-2CSCALANCE XP208EECSCALANCE W734-1 RJ45SCALANCE W748-1 RJ45SCALANCE M804PBSCALANCE W778-1 M12SCALANCE W721-1 RJ45SCALANCE XC224-4C GSCALANCE XB205-3LD (SC, PN)SCALANCE M816-1 ADSL-Router (Annex A)SCALANCE XP208SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE W778-1 M12 EEC (USA)SCALANCE S615SCALANCE W786-1 RJ45SCALANCE XC208G PoE
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-1356
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.13% / 33.10%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 20:14
Updated-01 Aug, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-ArubaOS Wi-Fi Controllers and Campus/Remote Access Pointsarubaossd-wan
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-44165
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.27% / 83.99%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 12:06
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-7kg9501-0aa01-2aa17kg9501-0aa01-2aa1_firmware7kg9501-0aa31-0aa1_firmware7kg9501-0aa01-0aa17kg9501-0aa31-0aa17kg9501-0aa31-2aa17kg9501-0aa01-0aa1_firmware7kg9501-0aa31-2aa1_firmwarePOWER METER SICAM Q100
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-40986
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.52% / 84.81%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:35
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-41547
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-0.82% / 73.48%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 12:06
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.

Action-Not Available
Vendor-Siemens AG
Product-teamcenter_active_workspaceTeamcenter Active Workspace V4.3Teamcenter Active Workspace V5.0Teamcenter Active Workspace V5.2Teamcenter Active Workspace V5.1
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-40992
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.62% / 69.24%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:36
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-40988
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-5.48% / 89.83%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:42
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-40999
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.28% / 78.74%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 11:25
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-40998
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.52% / 84.81%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 14:12
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-40987
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.52% / 84.81%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:33
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-40746
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.4||CRITICAL
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:17
Updated-20 Aug, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rtls_locating_managerSIMATIC RTLS Locating Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37717
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.55% / 87.23%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 12:05
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaossd-wanscalance_w1750d_firmwarescalance_w1750dAruba SD-WAN Software and Gateways; Aruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37718
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.55% / 87.23%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 12:32
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaossd-wanscalance_w1750d_firmwarescalance_w1750dAruba SD-WAN Software and Gateways; Aruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2015-4649
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.91% / 74.81%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-37722
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.55% / 87.23%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 12:09
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaossd-wanscalance_w1750d_firmwarescalance_w1750dAruba SD-WAN Software and Gateways; Aruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2015-3653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.65% / 69.84%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3654
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.91% / 74.81%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-37723
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.07% / 83.20%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 12:10
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwarescalance_w1750dAruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-37720
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-3.55% / 87.23%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 12:08
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaossd-wanscalance_w1750d_firmwarescalance_w1750dAruba SD-WAN Software and Gateways; Aruba Operating System Software
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-33732
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-1.25% / 78.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33734
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.59%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33730
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.59%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33736
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-1.06% / 76.78%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-1550
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.76% / 72.31%
||
7 Day CHG~0.00%
Published-28 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-37173
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-1.55% / 80.69%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_rx1511ruggedcom_rox_rx1512ruggedcom_rox_mx5000_firmwareruggedcom_rox_rx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524_firmwareruggedcom_rox_rx5000ruggedcom_rox_rx1501ruggedcom_rox_rx1536ruggedcom_rox_mx5000ruggedcom_rox_rx1524ruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx1512_firmwareRUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1512
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-33731
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-2.15% / 83.59%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-7114
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.32%
||
7 Day CHG~0.00%
Published-06 Sep, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful.

Action-Not Available
Vendor-n/aSiemens AG
Product-en100_ethernet_module_firmwareen100_ethernet_modulen/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-25152
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.98% / 75.84%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 19:18
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwaveAruba AirWave Management Platform
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2014-6627
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.89% / 74.58%
||
7 Day CHG~0.00%
Published-19 Nov, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-23337
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-7.2||HIGH
EPSS-0.55% / 66.98%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 12:15
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Action-Not Available
Vendor-lodashn/aNetApp, Inc.Oracle CorporationSiemens AG
Product-peoplesoft_enterprise_peopletoolsprimavera_unifiersinec_insfinancial_services_crime_and_compliance_management_studioprimavera_gatewaylodashactive_iq_unified_managerhealth_sciences_data_management_workbenchcommunications_cloud_native_core_policysystem_managercloud_managerbanking_trade_finance_process_managementbanking_supply_chain_financecommunications_design_studiobanking_credit_facilities_process_managementcommunications_cloud_native_core_binding_support_functionbanking_corporate_lending_process_managementbanking_extensibility_workbenchcommunications_session_border_controllercommunications_services_gatekeeperenterprise_communications_brokerjd_edwards_enterpriseone_toolsretail_customer_management_and_segmentation_foundationLodash
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-45626
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.29%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:58
Updated-29 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-863
Incorrect Authorization
CVE-2014-6625
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.42% / 61.16%
||
7 Day CHG~0.00%
Published-19 Nov, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassn/a
CWE ID-CWE-284
Improper Access Control
CVE-2014-6628
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.70% / 71.08%
||
7 Day CHG~0.00%
Published-28 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managern/a
CVE-2023-45625
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.07% / 22.58%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:57
Updated-02 Aug, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-43507
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.41% / 60.73%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 18:10
Updated-11 Sep, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.

Action-Not Available
Vendor-Aruba NetworksHewlett Packard Enterprise (HPE)
Product-clearpass_policy_managerAruba ClearPass Policy Manageraruba_clear_pass_policy_manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-2593
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-0.68% / 70.58%
||
7 Day CHG~0.00%
Published-29 Aug, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managern/a
CVE-2023-44317
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.14% / 35.22%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 11:03
Updated-14 Jan, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xp216_firmwarescalance_xc224-4c_g_firmwarescalance_xr328-4c_wg_\(24xfe\,_4xge\,dc24v\)scalance_xb213-3_\(st\,_pn\)_firmwarescalance_xb213-3_\(sc\,_e\/ip\)_firmwarescalance_xb213-3_\(st\,_e\/ip\)_firmwarescalance_xr326-2c_poe_wgscalance_xb216_\(pn\)scalance_xb213-3ld_\(sc\,_pn\)scalance_xp216eec_firmwarescalance_xb205-3_\(st\,_pn\)scalance_xr324wg_\(24_x_fe\,_ac_230v\)_firmwarescalance_xb205-3_\(sc\,_pn\)_firmwarescalance_xc216-4c_g_\(eip_def.\)scalance_xc206-2sfp_eecscalance_xc224-4c_g_eecscalance_xp208eecscalance_xb213-3ld_\(sc\,_e\/ip\)scalance_xc208g_\(eip_def.\)scalance_xc208g_poe_\(54_v_dc\)_firmwarescalance_xb208_\(e\/ip\)scalance_xc206-2sfp_g_firmwarescalance_xc216eec_firmwarescalance_xb208_\(pn\)_firmwarescalance_xc224_firmwarescalance_xp216_\(ethernet\/ip\)_firmwarescalance_xr326-2c_poe_wg_\(without_ul\)_firmwarescalance_xc206-2sfp_gscalance_xc208eec_firmwarescalance_xp216siplus_net_scalance_xc208scalance_xb205-3_\(st\,_e\/ip\)scalance_xb205-3_\(st\,_pn\)_firmwarescalance_xb205-3ld_\(sc\,_e\/ip\)_firmwarescalance_xr324wg_\(24_x_fe\,_dc_24v\)_firmwarescalance_xr328-4c_wg_\(28xge\,_ac_230v\)scalance_xc208g_poe_firmwarescalance_xf204_dna_firmwarescalance_xr328-4c_wg_\(28xge\,_dc_24v\)scalance_xp216poe_eec_firmwarescalance_xc206-2sfp_g_\(eip_def.\)scalance_xc216-4c_gscalance_xc206-2g_poe_\(54_v_dc\)_firmwarescalance_xc206-2g_poescalance_xc216-4c_firmwarescalance_xc216-4c_g_firmwarescalance_xp208poe_eecscalance_xc208g_poe_\(54_v_dc\)scalance_xb213-3_\(sc\,_pn\)siplus_net_scalance_xc206-2sfpscalance_xb205-3_\(st\,_e\/ip\)_firmwarescalance_xb216_\(e\/ip\)scalance_xc216-3g_poe_firmwarescalance_xr328-4c_wg_\(28xge\,_dc_24v\)_firmwarescalance_xc208g_\(eip_def.\)_firmwarescalance_xf204-2ba_dna_firmwarescalance_xc224-4c_g_eec_firmwarescalance_xb205-3ld_\(sc\,_e\/ip\)scalance_xb213-3_\(sc\,_e\/ip\)scalance_xb213-3_\(sc\,_pn\)_firmwarescalance_xb213-3_\(st\,_e\/ip\)scalance_xf204siplus_net_scalance_xc206-2_firmwarescalance_xc206-2sfp_g_eecscalance_xc206-2sfp_g_\(eip_def.\)_firmwarescalance_xc208eecscalance_xc206-2_\(sc\)_firmwarescalance_xr328-4c_wg_\(24xfe\,4xge\,ac230v\)siplus_net_scalance_xc216-4cscalance_xc208_firmwarescalance_xb213-3ld_\(sc\,_pn\)_firmwarescalance_xr328-4c_wg_\(24xfe\,_4xge\,_24v\)scalance_xc224scalance_xc224-4c_gscalance_xb216_\(e\/ip\)_firmwarescalance_xc216-4c_g_eecscalance_xr328-4c_wg_\(24xfe\,4xge\,ac230v\)_firmwarescalance_xc206-2sfp_g_eec_firmwaresiplus_net_scalance_xc206-2scalance_xc216-3g_poe_\(54_v_dc\)scalance_xp216poe_eecscalance_xc206-2g_poe_eec_\(54_v_dc\)scalance_xc206-2sfp_firmwarescalance_xc206-2_\(st\/bfoc\)scalance_xr328-4c_wg_\(24xfe\,_4xge\,_24v\)_firmwarescalance_xp208poe_eec_firmwarescalance_xb205-3ld_\(sc\,_pn\)scalance_xr328-4c_wg_\(28xge\,_ac_230v\)_firmwarescalance_xr326-2c_poe_wg_firmwaresiplus_net_scalance_xc206-2sfp_firmwarescalance_xc216-4csiplus_net_scalance_xc208_firmwarescalance_xf204-2ba_firmwarescalance_xr324wg_\(24_x_fe\,_ac_230v\)scalance_xb205-3ld_\(sc\,_pn\)_firmwarescalance_xc208g_eec_firmwarescalance_xc206-2sfpscalance_xc206-2g_poe_firmwarescalance_xb208_\(pn\)scalance_xr326-2c_poe_wg_\(without_ul\)scalance_xc208g_poescalance_xp216_\(ethernet\/ip\)siplus_net_scalance_xc216-4c_firmwarescalance_xc224-4c_g_\(eip_def.\)scalance_xc206-2_\(sc\)scalance_xr324wg_\(24_x_fe\,_dc_24v\)scalance_xp208_firmwarescalance_xc216-4c_g_eec_firmwarescalance_xc216scalance_xb205-3_\(sc\,_pn\)scalance_xp208scalance_xf204-2bascalance_xc206-2_\(st\/bfoc\)_firmwarescalance_xb213-3_\(st\,_pn\)scalance_xc206-2sfp_eec_firmwarescalance_xb208_\(e\/ip\)_firmwarescalance_xc224-4c_g_\(eip_def.\)_firmwarescalance_xp208eec_firmwarescalance_xp216eecscalance_xc208g_eecscalance_xf204_dnascalance_xr328-4c_wg_\(24xfe\,_4xge\,dc24v\)_firmwarescalance_xc206-2g_poe_\(54_v_dc\)scalance_xc216-4c_g_\(eip_def.\)_firmwarescalance_xb216_\(pn\)_firmwarescalance_xc216_firmwarescalance_xc208gscalance_xc216-3g_poe_\(54_v_dc\)_firmwarescalance_xf204-2ba_dnascalance_xb213-3ld_\(sc\,_e\/ip\)_firmwarescalance_xc208g_firmwarescalance_xc206-2g_poe_eec_\(54_v_dc\)_firmwarescalance_xp208_\(ethernet\/ip\)scalance_xf204_firmwarescalance_xc216-3g_poescalance_xc216eecscalance_xp208_\(ethernet\/ip\)_firmwarescalance_xc208SCALANCE S615 LAN-RouterSCALANCE WAM766-1 (ME)SCALANCE WAM766-1SCALANCE M876-3SCALANCE WUB762-1 iFeaturesSCALANCE WUM766-1SCALANCE M812-1 ADSL-RouterSCALANCE WUM766-1 (ME)SCALANCE M816-1 ADSL-RouterSCALANCE M876-4 (EU)SCALANCE WUB762-1RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE M874-2SCALANCE WAM763-1SCALANCE M804PBSCALANCE WAM766-1 EEC (ME)SCALANCE WAM766-1 EECSCALANCE WUM763-1 (US)SCALANCE WAM766-1 EEC (US)SCALANCE WUM763-1SCALANCE WUM766-1 (USA)SCALANCE WAM763-1 (US)SCALANCE MUM853-1 (EU)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE M826-2 SHDSL-RouterSCALANCE MUM856-1 (RoW)SCALANCE M876-4SCALANCE WAB762-1SCALANCE M876-3 (ROK)SCALANCE WAM763-1 (ME)SCALANCE MUM856-1 (EU)SCALANCE WAM766-1 (US)SCALANCE M874-3SCALANCE S615 EEC LAN-RouterSCALANCE M876-4 (NAM)
CWE ID-CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CVE-2020-9273
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-46.79% / 97.59%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 15:22
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.

Action-Not Available
Vendor-proftpdn/aDebian GNU/LinuxSiemens AGopenSUSEFedora Project
Product-simatic_net_cp_1543-1debian_linuxsimatic_net_cp_1543-1_firmwaresimatic_net_cp_1545-1fedoraproftpdsimatic_net_cp_1545-1_firmwarebackports_sleleapn/a
CWE ID-CWE-416
Use After Free
CVE-2023-42797
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.6||MEDIUM
EPSS-0.29% / 52.24%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 09:59
Updated-03 Jun, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.

Action-Not Available
Vendor-Siemens AG
Product-sicam_a8000_cp-8031sicam_a8000_cp-8050sicam_a8000_cp-8031_firmwaresicam_a8000_cp-8050_firmwareCP-8050 MASTER MODULECP-8031 MASTER MODULE
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-7117
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.94% / 82.69%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 12:49
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerClearPass Policy Manager
CVE-2020-7111
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.79% / 85.53%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 16:14
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpassClearPass Policy Manager
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2025-27395
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.11% / 30.33%
||
7 Day CHG-0.07%
Published-11 Mar, 2025 | 09:48
Updated-22 Aug, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files.

Action-Not Available
Vendor-Siemens AG
Product-scalance_lpe9403scalance_lpe9403_firmwareSCALANCE LPE9403
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-28832
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.2||HIGH
EPSS-0.79% / 72.99%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 11:51
Updated-28 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-6gk1411-1ac00_firmware6gk1411-5ac00_firmware6gk1411-1ac006gk1411-5ac00SIMATIC Cloud Connect 7 CC716SIMATIC Cloud Connect 7 CC712
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-27494
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.4||CRITICAL
EPSS-0.18% / 39.36%
||
7 Day CHG+0.05%
Published-11 Mar, 2025 | 09:48
Updated-22 Aug, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-sipass_integrated_ac5102_\(acc-g2\)_firmwaresipass_integrated_acc-ap_firmwaresipass_integrated_acc-apsipass_integrated_ac5102_\(acc-g2\)SiPass integrated ACC-APSiPass integrated AC5102 (ACC-G2)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5326
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-2.54% / 84.88%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 16:23
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwaveAirWave Management Platform
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-5323
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-1.12% / 77.31%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 16:20
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.

Action-Not Available
Vendor-n/aAruba Networks
Product-airwaveAirWave Management Platform
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-37883
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.63%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 19:51
Updated-29 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities.

Action-Not Available
Vendor-n/aAruba Networks
Product-clearpass_policy_managerAruba ClearPass Policy Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-6570
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:40
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 23
  • 24
  • Next
Details not found