Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-46352

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-13 Dec, 2022 | 00:00
Updated At-22 Apr, 2025 | 02:57
Rejected At-
Credits

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:13 Dec, 2022 | 00:00
Updated At:22 Apr, 2025 | 02:57
Rejected At:
â–¼CVE Numbering Authority (CNA)

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products.

Affected Products
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA (HSR)
Versions
Affected
  • All versions < V3.2.7
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA (PRP)
Versions
Affected
  • All versions < V3.2.7
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA EEC (HSR)
Versions
Affected
  • All versions < V3.2.7
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA EEC (PRP)
Versions
Affected
  • All versions < V3.2.7
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA EEC (PRP/HSR)
Versions
Affected
  • All versions < V3.2.7
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400: Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400: Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:13 Dec, 2022 | 16:15
Updated At:22 Apr, 2025 | 03:15

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). Specially crafted PROFINET DCP packets could cause a denial of service condition of affected products.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Siemens AG
siemens
>>6gk5204-0ba00-2mb2_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0ba00-2mb2>>-
cpe:2.3:h:siemens:6gk5204-0ba00-2mb2:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0ba00-2kb2_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0ba00-2kb2>>-
cpe:2.3:h:siemens:6gk5204-0ba00-2kb2:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-2na3_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-2na3>>-
cpe:2.3:h:siemens:6gk5204-0bs00-2na3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-3la3_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-3la3>>-
cpe:2.3:h:siemens:6gk5204-0bs00-3la3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-3pa3_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-3pa3>>-
cpe:2.3:h:siemens:6gk5204-0bs00-3pa3:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Secondaryproductcert@siemens.com
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: productcert@siemens.com
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdfproductcert@siemens.com
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdfaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
Source: productcert@siemens.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1487Records found
CVE-2022-26334
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.87% / 83.47%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-18299
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.63%
||
7 Day CHG-0.23%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17007
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.96%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 20:28
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

Action-Not Available
Vendor-Mozilla CorporationSiemens AG
Product-ruggedcom_rox_rx1511ruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1512network_security_servicesruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1501ruggedcom_rox_rx1500ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx5000ruggedcom_rox_mx5000ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx5000_firmwareNSS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-18298
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.63%
||
7 Day CHG-0.23%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.71%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 04:25
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-debian_linuxzfs_storage_appliance_kitlibexpatsinema_remote_connect_serverhttp_serverfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18294
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.59%
||
7 Day CHG-0.31%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24290
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.67% / 71.79%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:46
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash.

Action-Not Available
Vendor-Siemens AG
Product-teamcenterTeamcenter V12.4Teamcenter V13.0Teamcenter V14.0Teamcenter V13.3Teamcenter V13.1Teamcenter V13.2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18311
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.88%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-952
Not Available
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18305
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.92%
||
7 Day CHG-0.18%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18319
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.73%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2022-23990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.70% / 88.20%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 18:02
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Action-Not Available
Vendor-libexpat_projectn/aTenable, Inc.Siemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-nessusdebian_linuxlibexpatsinema_remote_connect_servercommunications_metasolv_solutionfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18310
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.92% / 76.37%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18302
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.63%
||
7 Day CHG-0.23%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18291
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.59%
||
7 Day CHG-0.31%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-52504
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.40% / 60.89%
||
7 Day CHG+0.24%
Published-12 Aug, 2025 | 11:16
Updated-12 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 4 Compact 7RW80SIPROTEC 4 Compact 7SD80SIPROTEC 4 7VU683SIPROTEC 4 7SA522SIPROTEC 4 6MD63SIPROTEC 4 7SD610SIPROTEC 4 7SA6SIPROTEC 4 7UT612SIPROTEC 4 7UT613SIPROTEC 4 Compact 7SJ80SIPROTEC 4 6MD66SIPROTEC 4 7VK61SIPROTEC 4 Compact 7SK80SIPROTEC 4 6MD61SIPROTEC 4 Compact 7SK81SIPROTEC 4 7ST6SIPROTEC 4 7VE6SIPROTEC 4 7SJ66SIPROTEC 4 6MD665SIPROTEC 4 7SD5SIPROTEC 4 7UT63SIPROTEC 4 7SJ61SIPROTEC 4 7SJ62SIPROTEC 4 7SS52SIPROTEC 4 7SJ63SIPROTEC 4 7UM61SIPROTEC 4 7UM62SIPROTEC 4 Compact 7SJ81SIPROTEC 4 7SJ64
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-18303
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.63%
||
7 Day CHG-0.23%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18306
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.51% / 66.59%
||
7 Day CHG-0.31%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18300
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.63%
||
7 Day CHG-0.23%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18292
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.40% / 61.40%
||
7 Day CHG-0.25%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4832
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.43% / 63.08%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serveropenpcs_7simatic_winccsimatic_pcs_7simatic_route_controlsimatic_net_pc_softwaresimatic_net_pcsimatic_wincc_runtime_professionalsimatic_batchSIMATIC NET PC Software V14SIMATIC BATCH V7.1 and earlierSIMATIC NET PC Software V15SIMATIC BATCH V8.1SIMATIC WinCC V7.3SIMATIC PCS 7 V9.0SIMATIC Route Control V8.0OpenPCS 7 V9.0OpenPCS 7 V8.2SIMATIC WinCC V7.4OpenPCS 7 V8.1SIMATIC BATCH V8.2SIMATIC WinCC Runtime Professional V14SPPA-T3000 Application ServerSIMATIC WinCC V7.2 and earlierSIMATIC Route Control V8.2SIMATIC WinCC Runtime Professional V13SIMATIC PCS 7 V8.0SIMATIC PCS 7 V7.1 and earlierSIMATIC PCS 7 V8.2SIMATIC Route Control V8.1OpenPCS 7 V7.1 and earlierSIMATIC Route Control V9.0SIMATIC BATCH V9.0SIMATIC PCS 7 V8.1OpenPCS 7 V8.0SIMATIC Route Control V7.1 and earlierSIMATIC BATCH V8.0
CWE ID-CWE-20
Improper Input Validation
CVE-2025-6052
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.42% / 62.15%
||
7 Day CHG+0.13%
Published-13 Jun, 2025 | 15:40
Updated-02 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Action-Not Available
Vendor-Siemens AGRed Hat, Inc.The GNOME Project
Product-glibRed Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9SIMATIC CN 4100RUGGEDCOM RST2428P
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-27386
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.59% / 69.67%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-sinamics_sm150i_firmwaresinamics_sl150_firmwaresinamics_sm150simatic_hmi_comfort_panels_4\"sinamics_sh150_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_sm150isimatic_hmi_ktp_mobile_panels_ktp900sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150sinamics_gl150simatic_hmi_ktp_mobile_panels_ktp400fsimatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_gl150_firmwaresimatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700sinamics_gh150_firmwaresinamics_gm150simatic_wincc_runtime_advancedsinamics_gm150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"_firmwaresinamics_gh150simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900_firmwaresinamics_sm120_firmwareSIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SINAMICS GL150 (with option X30)SINAMICS SL150SIMATIC WinCC Runtime Advanced V15SINAMICS SM150SINAMICS SM120SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants)SINAMICS SM150iSINAMICS GH150SINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants)SINAMICS SH150
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-27290
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.46% / 85.54%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 21:47
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Action-Not Available
Vendor-ssri_projectn/aOracle CorporationSiemens AG
Product-sinec_infrastructure_network_servicesssrigraalvmn/a
CVE-2022-40227
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.30%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panelssiplus_hmi_ktp1200_basic_firmwaresiplus_hmi_ktp400_basicsimatic_hmi_comfort_panels_firmwaresimatic_hmi_ktp1200_basic_firmwaresimatic_hmi_comfort_panelssiplus_hmi_ktp700_basicsimatic_hmi_ktp_mobile_panels_firmwaresimatic_hmi_ktp900_basic_firmwaresiplus_hmi_ktp700_basic_firmwaresimatic_hmi_ktp400_basic_firmwaresiplus_hmi_ktp1200_basicsimatic_hmi_ktp700_basicsiplus_hmi_ktp400_basic_firmwaresimatic_hmi_ktp900_basicsimatic_hmi_ktp1200_basicsimatic_hmi_ktp400_basicsiplus_hmi_ktp900_basicsiplus_hmi_ktp900_basic_firmwaresimatic_hmi_ktp700_basic_firmwareSIPLUS HMI KTP1200 BASICSIMATIC HMI Comfort Panels (incl. SIPLUS variants)SIPLUS HMI KTP400 BASICSIMATIC HMI KTP900 BasicSIPLUS HMI KTP900 BASICSIMATIC HMI KTP1200 BasicSIMATIC HMI KTP700 BasicSIPLUS HMI KTP700 BASICSIMATIC HMI KTP Mobile PanelsSIMATIC HMI KTP400 Basic
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27383
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.59% / 69.67%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-sinamics_sm150i_firmwaresinamics_sl150_firmwaresinamics_sm150simatic_hmi_comfort_panels_4\"sinamics_sh150_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_sm150isimatic_hmi_ktp_mobile_panels_ktp900sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150sinamics_gl150simatic_hmi_ktp_mobile_panels_ktp400fsimatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_gl150_firmwaresimatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700sinamics_gh150_firmwaresinamics_gm150simatic_wincc_runtime_advancedsinamics_gm150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"_firmwaresinamics_gh150simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900_firmwaresinamics_sm120_firmwareSIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SINAMICS GL150 (with option X30)SINAMICS SL150SIMATIC WinCC Runtime Advanced V15SINAMICS SM150SINAMICS SM120SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants)SINAMICS SM150iSINAMICS GH150SINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants)SINAMICS SH150
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-25676
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.34%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 17:03
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.

Action-Not Available
Vendor-Siemens AG
Product-scalance_s615scalance_m-800_firmwarescalance_sc-600scalance_sc-600_firmwareruggedcom_rm1224_firmwarescalance_m-800scalance_s615_firmwareruggedcom_rm1224SCALANCE M-800RUGGEDCOM RM1224SCALANCE S615SCALANCE SC-600
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-25661
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.23%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"simatic_hmi_comfort_panels_4\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_ktp_mobile_panels_ktp900fsimatic_wincc_runtime_advancedsimatic_hmi_comfort_panels_22\"_firmwaresimatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fSIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC WinCC Runtime Advanced V15SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants)SIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants)
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2021-25663
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.71% / 72.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-11 Mar, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.

Action-Not Available
Vendor-Siemens AG
Product-nucleus_netcapital_vstarnucleus_readystartnucleus_source_codeNucleus Source CodeNucleus NETCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11Nucleus ReadyStart V4Nucleus ReadyStart V3
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-13942
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.34% / 57.33%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-en100_ethernet_module_with_firmware_variant_profinet_ioen100_ethernet_module_with_firmware_variant_modbus_tcpen100_ethernet_module_with_firmware_variant_iec_61850en100_ethernet_module_with_firmware_variant_dnp3_tcpen100_ethernet_module_with_firmware_variant_iec104en100_ethernet_moduleEN100 Ethernet module PROFINET IO variantEN100 Ethernet module DNP3 variantEN100 Ethernet module IEC104 variantEN100 Ethernet module Modbus TCP variantEN100 Ethernet module IEC 61850 variant
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-59375
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 00:00
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Action-Not Available
Vendor-libexpat_projectlibexpat projectSiemens AG
Product-libexpatlibexpatSCALANCE XRM334 (2x230 V AC, 12xFO)SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSCALANCE XRM334 (230 V AC, 12xFO)SCALANCE XRH334 (24 V DC, 8xFO, CC)SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XRM334 (2x230 V AC, 8xFO)SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (24 V DC, 8xFO)SCALANCE XCM332SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (230 V AC, 8xFO)SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XCH328RUGGEDCOM RST2428PSCALANCE XCM324SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)SIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XRM334 (24 V DC, 12xFO)SCALANCE XCM328
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-25664
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.71% / 72.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-11 Mar, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3nucleus_readystart_v4capital_vstarnucleus_netnucleus_source_codeNucleus Source CodeNucleus NETCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11Nucleus ReadyStart V4Nucleus ReadyStart V3
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-25662
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.74% / 73.33%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"simatic_hmi_comfort_panels_4\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_ktp_mobile_panels_ktp900fsimatic_wincc_runtime_advancedsimatic_hmi_comfort_panels_22\"_firmwaresimatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fSIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC WinCC Runtime Advanced V15SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants)SIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants)
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-25660
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.46% / 64.29%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"simatic_hmi_comfort_panels_4\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_ktp_mobile_panels_ktp900fsimatic_wincc_runtime_advancedsimatic_hmi_comfort_panels_22\"_firmwaresimatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fSIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC WinCC Runtime Advanced V15SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants)SIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2022-38767
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.93%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-14 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.

Action-Not Available
Vendor-windrivern/aSiemens AG
Product-vxworksn/aSIPROTEC 5 7UM85 (CP300)SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 Communication Module ETH-BD-2FOSIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7SX85 (CP300)
CVE-2019-12258
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.90% / 90.78%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 20:00
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

Action-Not Available
Vendor-beldenwindrivern/aNetApp, Inc.Siemens AGSonicWall Inc.
Product-power_meter_9810_firmwarehirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018power_meter_9410_firmwarehirschmann_grs1042siprotec_5_firmwareruggedcom_win7000ruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwaree-series_santricity_os_controllervxworkshirschmann_msp40hirschmann_octopus_os3hirschmann_rsp30hirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25power_meter_9410power_meter_9810ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-384
Session Fixation
CVE-2021-25143
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.66% / 71.58%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 19:03
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-scalance_w1750d_firmwareinstantscalance_w1750dAruba Instant Access Points
CVE-2021-25215
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-2.25% / 84.92%
||
7 Day CHG+0.76%
Published-29 Apr, 2021 | 00:55
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.Debian GNU/LinuxNetApp, Inc.Oracle CorporationSiemens AGFedora Project
Product-h300e500f_firmwarea250_firmwareh500scloud_backuptekelec_platform_distributionh300s_firmwareactive_iq_unified_managerh410sh300sh300e_firmwaresinec_infrastructure_network_services500fdebian_linuxh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwarea250h700ebindh700e_firmwareh700sBIND9
CWE ID-CWE-617
Reachable Assertion
CVE-2021-22926
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.66% / 71.45%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 00:00
Updated-28 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Siemens AGCURLSplunk LLC (Cisco Systems, Inc.)
Product-h300s_firmwareh500emysql_serverhci_management_nodeoncommand_workflow_automationh700esolidfireh410s_firmwareh700e_firmwareh700sh500e_firmwareh300e_firmwareh700s_firmwareh500s_firmwaresinec_infrastructure_network_servicesh500scurlpeoplesoft_enterprise_peopletoolsh300eh300sh410sclustered_data_ontapsnapcenteroncommand_insightuniversal_forwarderactive_iq_unified_managerhttps://github.com/curl/curl
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-10937
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.77% / 73.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 16:38
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-simatic_tdc_cp51m1_firmwaresimatic_tdc_cp51m1SIMATIC TDC CP51M1
CWE ID-CWE-20
Improper Input Validation
CVE-2019-18318
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.73%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2024-45490
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 70.27%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 00:00
Updated-12 May, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

Action-Not Available
Vendor-libexpat_projectn/alibexpat_projectSiemens AG
Product-libexpatn/aSIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPlibexpatSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XCM-/XRM-/XCH-/XRH-300 family
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2022-36324
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.54% / 81.71%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 11:18
Updated-14 Apr, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xp208_\(eip\)_firmwarescalance_xr528-6m_l3scalance_xc208g_eec_firmwarescalance_m-800_firmwarescalance_xm416-4c_l3scalance_xr-300eecscalance_xc206-2sfp_g_firmwarescalance_xr324wg_firmwarescalance_w700_ieee_802.11ac_firmwarescalance_xc-200scalance_xb208_firmwarescalance_xb213-3ld_firmwarescalance_xc208g_poe_firmwarescalance_xm408-4c_firmwarescalance_xm416-4cscalance_xr528-6m_firmwarescalance_xc206-2scalance_xr528-6m_2hr2_l3scalance_xp208eecscalance_xr552-12m_2hr2_l3scalance_xp-200scalance_xc206-2sfp_eecscalance_xc216_firmwarescalance_xp216_firmwarescalance_xr528-6mscalance_xr526-8c_firmwarescalance_xb216scalance_xr328-4c_wg_firmwarescalance_xr526_firmwarescalance_xr552scalance_xp208eec_firmwarescalance_xf204-2ba_irt_firmwarescalance_xr-300wgscalance_xp208scalance_xc206-2g_poe__firmwarescalance_xr526scalance_xc224_scalance_xr552-12m_firmwarescalance_xr324-4m_poe_firmwarescalance_xm408-4c_l3scalance_xr552-12m_2hr2scalance_xr552-12scalance_xb213-3_firmwarescalance_xf204-2ba_dnascalance_xp208poe_eec_firmwarescalance_xc224-4c_g_eec_firmwarescalance_xr326-2c_poe_wg_firmwarescalance_xp216eec_firmwarescalance_xc208g_\(e\/ip\)scalance_xc224-4c_g_scalance_xm416-4c_l3_firmwarescalance_xr524_firmwarescalance_xr524-8cscalance_xc216scalance_xc224-4c_g_\(e\/ip\)scalance_xc216-4c_g_\(e\/ip\)scalance_xc216-4c_g_\(e\/ip\)_firmwarescalance_xb208scalance_xp216eecscalance_xc208eec_firmwarescalance_xc208gscalance_xr524-8c_l3scalance_xr552-12_firmwarescalance_xr324-4m_eec_firmwarescalance_xc216eec_firmwarescalance_xm408-4cscalance_xr-300eec_firmwarescalance_xr500scalance_xc216-4c_firmwarescalance_xb-200scalance_xb-200_firmwarescalance_xc216eecscalance_w700_ieee_802.11nscalance_xr324-4m_eecscalance_xc216-4c_gscalance_xr324-4m_poe_tsscalance_xc208_firmwarescalance_xp216poe_eec_firmwarescalance_xr528-6m_l3_firmwarescalance_xc224-4c_g_\(e\/ip\)_firmwarescalance_xp208_\(eip\)scalance_xr528scalance_xb205-3ldscalance_xr326-2c_poe_wgscalance_xc216-4c_g_eec_firmwarescalance_xr528-6m_2hr2scalance_xf-200ba_firmwarescalance_xm408-8c_l3scalance_xb205-3ld_firmwarescalance_xc206-2g_poe_scalance_xm408-4c_l3_firmwarescalance_xr552-12mscalance_xm400scalance_xc208eecscalance_xb213-3ldscalance_xr524-8c_firmwarescalance_xr-300poe_firmwarescalance_xr324-12m_firmwarescalance_xr528_firmwarescalance_xr-300_firmwarescalance_xc-200_firmwarescalance_xc224-4c_g_eecscalance_xb205-3scalance_xc206-2sfp_gscalance_xr526-8c_l3_firmwarescalance_xm416-4c_firmwarescalance_xc216-4cscalance_xr324-4m_poescalance_xr528-6m_2hr2_firmwarescalance_xc224-4c_g__firmwarescalance_xr328-4c_wgscalance_xb216_firmwarescalance_xr526-8c_l3scalance_xc208g_firmwarescalance_xr324wgscalance_xc208scalance_xr324-12m_tsscalance_xp216_\(eip\)scalance_xb213-3scalance_xc208g_poescalance_xr500_firmwarescalance_xm408-8c_firmwarescalance_xr-300poescalance_w700_ieee_802.11acscalance_xc206-2sfp_g_\(e\/ip\)_firmwarescalance_xr-300wg_firmwarescalance_xm408-8cscalance_w700_ieee_802.11ax_firmwarescalance_xc206-2sfp_g_eecscalance_xp216scalance_m-800scalance_xr-300scalance_xp208_firmwarescalance_xp208poe_eecscalance_xm408-8c_l3_firmwarescalance_xf-200bascalance_xc208g_\(e\/ip\)_firmwarescalance_xm400_firmwarescalance_xc206-2sfp_g_\(e\/ip\)scalance_xc206-2sfp_eec_firmwarescalance_w700_ieee_802.11axscalance_xf204-2ba_dna_firmwarescalance_w700_ieee_802.11n_firmwarescalance_xc216-4c_g_firmwarescalance_xc208g_eecscalance_xc206-2_firmwarescalance_xp216poe_eecscalance_xr524-8c_l3_firmwarescalance_xr526-8cscalance_xr528-6m_2hr2_l3_firmwarescalance_xp-200_firmwarescalance_s615scalance_xr324-4m_poe_ts_firmwarescalance_xr552-12m_2hr2_l3_firmwarescalance_xc206-2g_poe_eecscalance_xb205-3_firmwarescalance_xr324-12m_ts_firmwarescalance_xr552_firmwarescalance_s615_firmwarescalance_xr524scalance_xp216_\(eip\)_firmwarescalance_xc206-2g_poe_eec_firmwarescalance_xf204-2ba_irtscalance_xr324-12mscalance_xc224__firmwarescalance_xr552-12m_2hr2_firmwarescalance_xc216-4c_g_eecscalance_xc206-2sfp_g_eec_firmwareSCALANCE M876-4 (EU)SCALANCE WAM763-1SCALANCE W1748-1 M12SCALANCE XC224-4C G (EIP Def.)SCALANCE W734-1 RJ45 (USA)SCALANCE XC206-2SFP GSCALANCE XR524-8C, 24VSCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE XC216-4CSCALANCE SC646-2CSCALANCE XC206-2G PoE (54 V DC)SCALANCE XR328-4C WG (28xGE, DC 24V)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE M826-2 SHDSL-RouterSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W1788-2 M12SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE W774-1 M12 EECSCALANCE WUM766-1 (USA)SCALANCE XP216SCALANCE W778-1 M12 EECSCALANCE XP216POE EECSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE SC642-2CSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XC208GSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE SC632-2CSCALANCE XC224SCALANCE XM408-4C (L3 int.)SCALANCE XB213-3 (SC, PN)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XC208G PoE (54 V DC)SCALANCE WAM766-1 EEC (US)SCALANCE W778-1 M12 EEC (USA)SCALANCE W786-2IA RJ45SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE XC208SCALANCE XB208 (E/IP)SCALANCE XR552-12MSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE M876-3 (ROK)SCALANCE MUM853-1 (EU)SCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE WAM766-1 EECSCALANCE XR526-8C, 2x230VSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSCALANCE XR526-8C, 1x230VSCALANCE XR524-8C, 24V (L3 int.)SCALANCE M874-3SCALANCE XM408-8CSCALANCE M876-4 (NAM)SCALANCE W786-2 SFPSCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE XM416-4CSCALANCE XC216-3G PoESCALANCE XR524-8C, 2x230VSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XB205-3LD (SC, E/IP)SCALANCE XC216-4C G EECSCALANCE WUM766-1SCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE MUM856-1 (EU)SCALANCE XC206-2SFP G EECSCALANCE M874-2SCALANCE W734-1 RJ45SCALANCE W748-1 M12SCALANCE XF204-2BA DNASCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE SC626-2CSCALANCE XP208EECSCALANCE XF204 DNASCALANCE XR528-6MSCALANCE WAM766-1SCALANCE W788-1 RJ45SCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE W786-2 RJ45SCALANCE XP208 (Ethernet/IP)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE XB205-3 (ST, PN)SCALANCE XB216 (E/IP)SCALANCE XC208G PoESCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE WAM766-1 (US)SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE M804PBSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE XC206-2SFPSCALANCE SC636-2CSCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE W788-2 M12 EECSCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204SIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SCALANCE SC622-2CSCALANCE WUM763-1SCALANCE MUM856-1 (RoW)SIPLUS NET SCALANCE XC206-2SFPSCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-36362
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.81% / 74.60%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-08 Oct, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_bm_fs-05logo\!8_bm_fs-05_firmwarelogo\!_8_bm_firmwarelogo\!8_bmLOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoSIPLUS LOGO! 12/24RCEoLOGO! 24CEoSIPLUS LOGO! 24RCEoLOGO! 24RCESIPLUS LOGO! 24CELOGO! 12/24RCEoLOGO! 230RCESIPLUS LOGO! 230RCEoLOGO! 24CESIPLUS LOGO! 24RCESIPLUS LOGO! 12/24RCESIPLUS LOGO! 230RCE
CWE ID-CWE-20
Improper Input Validation
CVE-2021-20094
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-6.77% / 91.49%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 11:09
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.

Action-Not Available
Vendor-wibun/aSiemens AG
Product-sicam_230pss_capesicam_230_firmwarecodemeterWibu-Systems CodeMeter
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-40820
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.93%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-300 CPU 315F-2 PN/DPSIMATIC S7-1500 CPU 1515F-2 PNSIPLUS S7-1200 CPU 1215 DC/DC/DCSIPLUS S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-1200 CPU 1212C DC/DC/DCSIMATIC S7-200 SMART CPU SR30SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-LSIMATIC PN/MF CouplerSIPLUS S7-1200 CPU 1215 DC/DC/RLYSIPLUS S7-1200 CPU 1212C AC/DC/RLYSIMATIC S7-200 SMART CPU ST20SIMATIC ET 200SP IM 155-6 PN/3 HFSIPLUS S7-300 CPU 315-2 PN/DPSIMATIC ET 200pro IM 154-8 PN/DP CPUSIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-300 CPU 319-3 PN/DPSIPLUS S7-300 CPU 314C-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC ET 200clean, CM 8x IO-LinkSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-400 CPU 414F-3 PN/DP V7SIPLUS S7-1200 CPU 1215C DC/DC/DCSIMATIC PN/PN CouplerSIMATIC S7-1200 CPU 1217C DC/DC/DCSIPLUS NET PN/PN CouplerSIMATIC ET 200eco PN, DI 16x24VDC, M12-LSIDOOR ATE530S COATEDSIMATIC ET 200eco PN, AI 8xRTD/TC, M12-LSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC S7-1200 CPU 1211C DC/DC/DCSIMATIC ET 200eco PN, DI 8x24VDC, M12-LSINUMERIK 840D slSIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1212C DC/DC/RlySIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SIMATIC CFU PASIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-1200 CPU 1212FC DC/DC/DCSIMATIC ET 200S IM 151-8F PN/DP CPUSIWAREX WP522 STSIMATIC TDC CP51M1SIMATIC Power Line Booster PLB, Modem Module STSIMATIC S7-200 SMART CPU CR60SIMATIC S7-1200 CPU 1214FC DC/DC/RlySIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SIMATIC S7-1200 CPU 1215C AC/DC/RlySIPLUS HCS4300 CIM4310SIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-400 CPU 412-2 PN V7SIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC ET 200MP IM 155-5 PN HFSIWAREX WP521 STSIMATIC S7-200 SMART CPU SR60SIMATIC ET 200SP IM 155-6 MF HFSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC ET 200AL IM 157-1 PNSIMATIC ET 200SP IM 155-6 PN HFSIPLUS S7-1200 CPU 1214 DC/DC/RLYSIMATIC S7-200 SMART CPU CR40SIPLUS S7-1200 CPU 1214FC DC/DC/DCSIMATIC ET 200SP IM 155-6 PN/2 HFSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)SIPLUS ET 200S IM 151-8F PN/DP CPUSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC S7-1200 CPU 1212C AC/DC/RlySIMATIC S7-300 CPU 315-2 PN/DPSIMATIC S7-400 CPU 416F-3 PN/DP V7SIMATIC S7-1200 CPU 1214C AC/DC/RlySIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-LSIMATIC ET 200eco PN, CM 8x IO-Link, M12-LSIMATIC TDC CPU555SIMOCODE pro V PROFINETSIWAREX WP231SIPLUS HCS4200 CIM4210SIPLUS S7-1200 CPU 1214 AC/DC/RLYSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1515-2 PNSIMATIC ET 200clean, DI 16x24VDCSIMATIC S7-1200 CPU 1215C DC/DC/DCSIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC Power Line Booster PLB, Base ModuleSIPLUS HCS4200 CIM4210CSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC ET 200pro IM 154-8FX PN/DP CPUSIMATIC ET 200eco PN, CM 4x IO-Link, M12-LSIMATIC S7-400 CPU 416-3 PN/DP V7SIWAREX WP241SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSIMATIC S7-1200 CPU 1214C DC/DC/DCSIPLUS ET 200SP IM 155-6 PN HFSIPLUS ET 200MP IM 155-5 PN HFSIWAREX WP251SIMATIC S7-1200 CPU 1212C DC/DC/DCSIDOOR ATD430WSIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)SIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1200 CPU 1211C AC/DC/RlySIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC S7-1200 CPU 1212FC DC/DC/RlySIMATIC S7-200 SMART CPU SR20SIMATIC S7-1200 CPU 1214C DC/DC/RlySIMATIC CFU DIQSIMATIC ET 200clean, DIQ 16x24VDC/0,5ASIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-200 SMART CPU SR40SIPLUS ET 200S IM 151-8 PN/DP CPUSIMATIC S7-1200 CPU 1215FC DC/DC/DCSIMATIC S7-1200 CPU 1215FC DC/DC/RlySIMATIC S7-1500 CPU 1511F-1 PNSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIPLUS S7-1200 CPU 1214C AC/DC/RLYSIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-1200 CPU 1214C DC/DC/DCSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC S7-1200 CPU 1215C DC/DC/RlySIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSIMATIC S7-200 SMART CPU ST30SIMATIC S7-200 SMART CPU ST60SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC S7-1200 CPU 1211C DC/DC/RlySIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIMATIC ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1200 CPU 1212 AC/DC/RLYSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC ET 200S IM 151-8 PN/DP CPUSIMATIC S7-200 SMART CPU ST40SIPLUS S7-1500 CPU 1511F-1 PNSIDOOR ATE530G COATEDSIMATIC ET 200pro IM 154-8F PN/DP CPUSIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-LSIMATIC S7-300 CPU 317TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
CVE-2022-33736
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.91%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.

Action-Not Available
Vendor-Siemens AG
Product-opcenter_qualityOpcenter Quality V13.1Opcenter Quality V13.2
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2020-9327
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 76.77%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 21:25
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationCanonical Ltd.Siemens AG
Product-sinec_infrastructure_network_servicesubuntu_linuxcommunications_messaging_servercloud_backupsqlitecommunications_network_charging_and_controlzfs_storage_appliance_kitoutside_in_technologyhyperion_infrastructure_technologyenterprise_manager_ops_centermysql_workbenchn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-8285
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.74% / 73.38%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 19:39
Updated-16 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

Action-Not Available
Vendor-n/aOracle CorporationApple Inc.Debian GNU/LinuxSplunk LLC (Cisco Systems, Inc.)Fujitsu LimitedNetApp, Inc.Fedora ProjectSiemens AGCURL
Product-hci_bootstrap_oshci_management_nodem10-1_firmwareessbasesolidfirem10-4s_firmwareclustered_data_ontapm12-2_firmwarem10-4hci_storage_node_firmwarem10-4sm12-1_firmwaredebian_linuxmac_os_xpeoplesoft_enterprise_peopletoolsm10-1universal_forwarderm12-2s_firmwaresinec_infrastructure_network_servicescommunications_cloud_native_core_policyhci_storage_nodem12-1communications_billing_and_revenue_managementm10-4_firmwarelibcurlhci_compute_nodemacosm12-2sfedoram12-2https://github.com/curl/curl
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.29%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 22:54
Updated-03 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linuxlibxml2 (XMLSoft)Siemens AG
Product-ubuntu_linuxh500s_firmwareh410c_firmwaresteelstore_cloud_integrated_storagemysql_workbenchsinema_remote_connect_serverreal_user_experience_insighth410cpeoplesoft_enterprise_peopletoolssnapdriveh700s_firmwareclustered_data_ontapfedorah700e_firmwaresymantec_netbackuph300e_firmwareh500e_firmwarelibxml2h700sh410sh300eenterprise_manager_ops_centerh500edebian_linuxsmi-s_providerh300s_firmwareenterprise_manager_base_platformh300sh700eh500sh410s_firmwarecommunications_cloud_native_core_network_function_cloud_native_environmentn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-7793
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-2.64% / 86.03%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 13:25
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS)

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

Action-Not Available
Vendor-ua-parser-js_projectn/aSiemens AG
Product-sinec_insua-parser-jsua-parser-js
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 29
  • 30
  • Next
Details not found