Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-46353

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-13 Dec, 2022 | 00:00
Updated At-22 Apr, 2025 | 02:55
Rejected At-
Credits

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:13 Dec, 2022 | 00:00
Updated At:22 Apr, 2025 | 02:55
Rejected At:
â–¼CVE Numbering Authority (CNA)

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

Affected Products
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA (HSR)
Versions
Affected
  • All versions < V3.2.7
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA (PRP)
Versions
Affected
  • All versions < V3.2.7
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA EEC (HSR)
Versions
Affected
  • All versions < V3.2.7
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA EEC (PRP)
Versions
Affected
  • All versions < V3.2.7
Vendor
Siemens AGSiemens
Product
SCALANCE X204RNA EEC (PRP/HSR)
Versions
Affected
  • All versions < V3.2.7
Problem Types
TypeCWE IDDescription
CWECWE-330CWE-330: Use of Insufficiently Random Values
Type: CWE
CWE ID: CWE-330
Description: CWE-330: Use of Insufficiently Random Values
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:13 Dec, 2022 | 16:15
Updated At:22 Apr, 2025 | 03:15

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Siemens AG
siemens
>>6gk5204-0ba00-2mb2_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0ba00-2mb2_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0ba00-2mb2>>-
cpe:2.3:h:siemens:6gk5204-0ba00-2mb2:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0ba00-2kb2_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0ba00-2kb2_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0ba00-2kb2>>-
cpe:2.3:h:siemens:6gk5204-0ba00-2kb2:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-2na3_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0bs00-2na3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-2na3>>-
cpe:2.3:h:siemens:6gk5204-0bs00-2na3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-3la3_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0bs00-3la3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-3la3>>-
cpe:2.3:h:siemens:6gk5204-0bs00-3la3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-3pa3_firmware>>Versions before 3.2.7(exclusive)
cpe:2.3:o:siemens:6gk5204-0bs00-3pa3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>6gk5204-0bs00-3pa3>>-
cpe:2.3:h:siemens:6gk5204-0bs00-3pa3:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-330Secondaryproductcert@siemens.com
CWE-330Primarynvd@nist.gov
CWE ID: CWE-330
Type: Secondary
Source: productcert@siemens.com
CWE ID: CWE-330
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdfproductcert@siemens.com
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdfaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
Source: productcert@siemens.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

253Records found
CVE-2022-37890
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-3.02% / 86.89%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwareinstantscalance_w1750dAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-36361
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 68.39%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 Nov, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_bm_fs-05logo\!8_bm_fs-05_firmwarelogo\!8_bmlogo\!_8_bm_firmwareLOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoSIPLUS LOGO! 12/24RCEoLOGO! 24CEoSIPLUS LOGO! 24RCEoLOGO! 24RCESIPLUS LOGO! 24CELOGO! 12/24RCEoLOGO! 230RCESIPLUS LOGO! 230RCEoLOGO! 24CESIPLUS LOGO! 24RCESIPLUS LOGO! 12/24RCESIPLUS LOGO! 230RCE
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-34820
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.4||HIGH
EPSS-0.58% / 69.38%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:07
Updated-21 Apr, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Siemens AG
Product-siplus_s7-1200_cp_1243-1_railsimatic_cp_1543sp-1siplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_cp_1243-8_irc_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_cp_1243-1_firmwaresimatic_cp_1243-7_lte_eu_firmwaresimatic_cp_1243-7_lte_eusiplus_s7-1200_cp_1243-1simatic_cp_1542sp-1_ircsimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isecsimatic_cp_1543-1simatic_cp_1243-7_lte_us_firmwaresimatic_cp_1242-7_v2simatic_cp_1542sp-1_irc_firmwaresimatic_cp_1543-1_firmwaresimatic_cp_1543sp-1_firmwaresiplus_net_cp_1543-1_firmwaresiplus_s7-1200_cp_1243-1_rail_firmwaresimatic_cp_1242-7_v2_firmwaresimatic_cp_1243-8_ircsiplus_et_200sp_cp_1543sp-1_isec_tx_railsiplus_s7-1200_cp_1243-1_firmwaresiplus_et_200sp_cp_1543sp-1_isec_firmwaresiplus_net_cp_1543-1siplus_net_cp_1242-7_v2_firmwaresiplus_net_cp_1242-7_v2simatic_cp_1243-7_lte_usSIPLUS ET 200SP CP 1543SP-1 ISECSIMATIC CP 1542SP-1 IRCSIMATIC CP 1243-1SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSIPLUS S7-1200 CP 1243-1 RAILSIPLUS ET 200SP CP 1542SP-1 IRC TX RAILSIPLUS NET CP 1242-7 V2SIMATIC CP 1243-7 LTE EUSIMATIC CP 1243-8 IRCSIPLUS NET CP 1543-1SIMATIC CP 1543-1SIMATIC CP 1242-7 V2SIPLUS S7-1200 CP 1243-1SIMATIC CP 1543SP-1SIMATIC CP 1243-7 LTE US
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2022-34835
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 65.18%
||
7 Day CHG+0.04%
Published-29 Jun, 2022 | 23:48
Updated-12 May, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.

Action-Not Available
Vendor-denxn/aSiemens AG
Product-u-bootn/aRUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34660
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.86% / 75.38%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 11:18
Updated-08 Sep, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-teamcenterTeamcenter V13.0Teamcenter V13.1Teamcenter V13.3Teamcenter V14.0Teamcenter V12.4Teamcenter V13.2
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-34821
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.98% / 77.16%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 00:00
Updated-21 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Siemens AG
Product-siplus_net_cp_1242-7_v2simatic_cp_1543-1_firmwaresimatic_cp_1243-7_lte_ussiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_cp_1243-8_irc_firmwaresimatic_cp_1542sp-1_ircsimatic_cp_1543sp-1_firmwaresiplus_net_cp_1242-7_v2_firmwaresimatic_cp_1242-7_v2_firmwaresimatic_cp_1543-1simatic_cp_1543sp-1simatic_cp_1243-7_lte_eusiplus_s7-1200_cp_1243-1_firmwaresimatic_cp_1243-1_firmwaresiplus_s7-1200_cp_1243-1_rail_firmwaresiplus_et_200sp_cp_1543sp-1_isecsimatic_cp_1242-7_v2siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isec_tx_railsiplus_et_200sp_cp_1543sp-1_isec_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_cp_1542sp-1_irc_firmwaresiplus_s7-1200_cp_1243-1_railsimatic_cp_1243-7_lte_eu_firmwaresimatic_cp_1243-8_ircsiplus_net_cp_1543-1_firmwaresiplus_net_cp_1543-1simatic_cp_1243-7_lte_us_firmwaresiplus_s7-1200_cp_1243-1SCALANCE M876-3 (ROK)SCALANCE M876-4 (NAM)SCALANCE MUM856-1 (EU)SIPLUS NET CP 1242-7 V2SCALANCE M876-4SCALANCE SC646-2CSCALANCE WAM766-1 (US)SCALANCE M826-2 SHDSL-RouterSCALANCE SC632-2CSIMATIC CP 1543-1SIMATIC CP 1242-7 V2RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE WAM763-1 (ME)SCALANCE SC636-2CSCALANCE WUM766-1SCALANCE WAM766-1 (ME)SCALANCE M876-3SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSCALANCE WAM763-1 (US)SIPLUS S7-1200 CP 1243-1 RAILSCALANCE S615 LAN-RouterSCALANCE MUM856-1 (RoW)SCALANCE WAM766-1 EEC (ME)SIMATIC CP 1543SP-1SIPLUS ET 200SP CP 1542SP-1 IRC TX RAILSCALANCE M874-3SCALANCE WUB762-1 iFeaturesSCALANCE WUM766-1 (ME)SCALANCE WAM763-1SCALANCE M874-2SIMATIC CP 1243-7 LTE USSCALANCE WUB762-1SIMATIC CP 1243-1RUGGEDCOM RM1224 LTE(4G) EUSIMATIC CP 1243-7 LTE EUSIMATIC CP 1243-8 IRCSCALANCE SC642-2CSCALANCE S615 EEC LAN-RouterSCALANCE MUM853-1 (EU)SCALANCE WAM766-1SCALANCE WAB762-1SCALANCE WUM763-1SCALANCE M812-1 ADSL-RouterSIPLUS ET 200SP CP 1543SP-1 ISECSIMATIC CP 1542SP-1 IRCSCALANCE M876-4 (EU)SCALANCE WUM763-1 (US)SCALANCE WAM766-1 EEC (US)SCALANCE WAM766-1 EECSCALANCE M816-1 ADSL-RouterSCALANCE M804PBSIPLUS NET CP 1543-1SIPLUS S7-1200 CP 1243-1SCALANCE SC622-2CSCALANCE SC626-2CSCALANCE WUM766-1 (USA)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-33139
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.68%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.

Action-Not Available
Vendor-Siemens AG
Product-cerberus_dmsdesigo_ccdesigo_cc_compactwincc_open_architectureSIMATIC WinCC OA V3.17Desigo CC CompactSIMATIC WinCC OA V3.16SIMATIC WinCC OA V3.18Cerberus DMSDesigo CC
CWE ID-CWE-603
Use of Client-Side Authentication
CWE ID-CWE-287
Improper Authentication
CVE-2024-56336
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.5||CRITICAL
EPSS-0.24% / 46.50%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware. The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.

Action-Not Available
Vendor-Siemens AG
Product-SINAMICS S200
CWE ID-CWE-287
Improper Authentication
CVE-2022-32262
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:22
Updated-21 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-32260
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.03%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:22
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-286
Incorrect User Management
CVE-2022-30230
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.69% / 72.20%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:21
Updated-12 Nov, 2025 | 08:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.

Action-Not Available
Vendor-Siemens AG
Product-sicam_gridedge_essentialSICAM GridEdge (Classic)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-29875
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.83% / 86.48%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 09:50
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.

Action-Not Available
Vendor-Siemens AG
Product-somatom_x.citesomatom_go.nowsymbia_intevosymbia_e_firmwaresymbia_evo_firmwaresomatom_go.allmammomat_revelation_firmwaresomatom_x.cite_firmwaresomatom_x.creedsymbia_tsyngo.viasymbia_s_firmwaresomatom_go.upsymbia_ssomatom_go.open_pro_firmwaresomatom_go.simsomatom_go.all_firmwaremagnetom_numaris_xmammomat_revelationsymbia_t_firmwaresomatom_go.up_firmwaresomatom_x.creed_firmwaresomatom_go.sim_firmwaresomatom_go.now_firmwaresymbia_intevo_firmwaresymbia_evonaeotom_alphabiograph_horizon_pet\/ct_systems_firmwaresymbia_enaeotom_alpha_firmwaresomatom_go.open_promagnetom_numaris_x_firmwarebiograph_horizon_pet\/ct_systemssymbia.netSymbia Intevosyngo.via VB30SOMATOM go.UpBiograph Horizon PET/CT SystemsMAMMOMAT RevelationSymbia.netSOMATOM go.AllMAGNETOM FamilySOMATOM X.creedsyngo.via VB40Symbia E/SSOMATOM go.SimSOMATOM go.Topsyngo.via VB50Symbia EvoSOMATOM go.NowSOMATOM X.citeSOMATOM go.Open Prosyngo.via VB20syngo.via VB10NAEOTOM Alphasyngo.via VB60Symbia T
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-54092
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.90% / 76.04%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 08:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions < V2.1), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC IPC227E Industrial Edge DeviceSIMATIC IPC847E Industrial Edge DeviceIndustrial Edge Device Kit - arm64 V1.17Industrial Edge Device Kit - arm64 V1.19Industrial Edge Device Kit - arm64 V1.18Industrial Edge Device Kit - x86-64 V1.17SIMATIC IPC427E Industrial Edge DeviceIndustrial Edge Device Kit - x86-64 V1.21SIMATIC IPC BX-39A Industrial Edge DeviceIndustrial Edge Device Kit - x86-64 V1.19Industrial Edge Device Kit - x86-64 V1.18Industrial Edge Own Device (IEOD)Industrial Edge Device Kit - x86-64 V1.20SIMATIC IPC127E Industrial Edge DeviceIndustrial Edge Device Kit - arm64 V1.21SCALANCE LPE9413SIMATIC IPC BX-59A Industrial Edge DeviceIndustrial Edge Virtual DeviceIndustrial Edge Device Kit - arm64 V1.20
CWE ID-CWE-1390
Weak Authentication
CVE-2022-2068
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-20.22% / 95.64%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:45
Updated-30 Dec, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The c_rehash script allows command injection

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Action-Not Available
Vendor-NetApp, Inc.Broadcom Inc.OpenSSLFedora ProjectDebian GNU/LinuxSiemens AG
Product-h610sh610s_firmwareelement_softwarefas_8300aff_8700_firmwaresolidfireaff_8700aff_a400_firmwaresmi-s_providerontap_antivirus_connectorfas_a400debian_linuxfas_8700fas_a400_firmwaresantricity_smi-s_providerh410cbootstrap_osh500s_firmwareh300s_firmwarefas_8700_firmwareaff_8300_firmwarehci_management_nodeh615cfas_8300_firmwareh700saff_8300snapmanagerh610c_firmwareh410s_firmwareh300saff_a400hci_compute_nodesinec_insh500sh410sh700s_firmwareh610ch615c_firmwareontap_select_deploy_administration_utilityopensslsannavfedorah410c_firmwareOpenSSL
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-19317
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 77.21%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 13:53
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationSiemens AG
Product-sinec_infrastructure_network_servicescloud_backupsqliteontap_select_deploy_administration_utilitymysql_workbenchn/a
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2025-6965
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-7.2||HIGH
EPSS-1.69% / 82.60%
||
7 Day CHG+0.07%
Published-15 Jul, 2025 | 13:44
Updated-29 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Truncation on SQLite

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Action-Not Available
Vendor-sqliteSQLiteSiemens AG
Product-sqliteSQLiteRUGGEDCOM CROSSBOW Station Access Controller (SAC)SIDIS Prime
CWE ID-CWE-197
Numeric Truncation Error
CVE-2019-19646
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.46% / 92.98%
||
7 Day CHG~0.00%
Published-09 Dec, 2019 | 18:36
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationTenable, Inc.Siemens AG
Product-sinec_infrastructure_network_servicescloud_backupsqliteontap_select_deploy_administration_utilitytenable.scmysql_workbenchn/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-18327
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18329
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18325
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26313
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 64.05%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 11:31
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

Action-Not Available
Vendor-mendixSiemens AG
Product-forgot_passwordMendix Forgot Password Appstore module
CWE ID-CWE-284
Improper Access Control
CVE-2022-25235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.03% / 93.59%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 00:40
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-debian_linuxzfs_storage_appliance_kitlibexpatsinema_remote_connect_serverhttp_serverfedoran/a
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2019-18339
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.91%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverSiNVR/SiVMS Video Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-17006
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 86.94%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 20:24
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Action-Not Available
Vendor-Mozilla CorporationNetApp, Inc.Siemens AG
Product-ruggedcom_rox_rx1511ruggedcom_rox_rx1512hci_storage_nodenetwork_security_servicesruggedcom_rox_mx5000_firmwareruggedcom_rox_rx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510hci_compute_noderuggedcom_rox_rx1400_firmwaresolidfireruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx5000ruggedcom_rox_rx1501hci_management_noderuggedcom_rox_mx5000ruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx1512_firmwareNSS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2019-18316
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.67% / 86.11%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-18296
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-6.42% / 91.24%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18284
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.39%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18330
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18314
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.25% / 84.92%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2022-25315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.00% / 92.78%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 04:24
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-debian_linuxzfs_storage_appliance_kitlibexpatsinema_remote_connect_serverhttp_serverfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-25236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.96% / 92.23%
||
7 Day CHG-0.20%
Published-16 Feb, 2022 | 00:39
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGDebian GNU/LinuxOracle Corporation
Product-debian_linuxzfs_storage_appliance_kitlibexpatsinema_remote_connect_serverhttp_servern/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2019-18326
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18289
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-6.42% / 91.24%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23450
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-33.34% / 97.02%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.

Action-Not Available
Vendor-Siemens AG
Product-simatic_energy_manager_prosimatic_energy_manager_basicSIMATIC Energy Manager BasicSIMATIC Energy Manager PRO
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-8274
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-4.00% / 88.67%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23852
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 82.19%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 01:06
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGTenable, Inc.Oracle CorporationNetApp, Inc.Debian GNU/Linux
Product-nessusdebian_linuxlibexpatsinema_remote_connect_servercommunications_metasolv_solutionclustered_data_ontaponcommand_workflow_automationn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18293
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-6.42% / 91.24%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18323
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18295
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-6.42% / 91.24%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18324
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18328
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 84.83%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18283
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-9.23% / 92.88%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-22823
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.95%
||
7 Day CHG~0.00%
Published-08 Jan, 2022 | 02:57
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGTenable, Inc.Debian GNU/Linux
Product-nessussinema_remote_connect_serverdebian_linuxlibexpatn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-52335
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-1.17% / 79.03%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 13:14
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.

Action-Not Available
Vendor-Siemens AG
Product-syngo.plaza VB30Esyngo_plaza_vb30e
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-41665
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-3.16% / 87.18%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-7kg8551-0aa12-0aa0_firmware7kg8550-0aa10-2aa07kg8501-0aa31-2aa07kg8500-0aa30-2aa07kg8551-0aa32-2aa07kg8551-0aa01-0aa0_firmware7kg8551-0aa12-2aa0_firmware7kg8550-0aa30-2aa07kg8501-0aa32-0aa07kg8551-0aa02-0aa07kg8501-0aa31-0aa07kg8501-0aa12-0aa0_firmware7kg8500-0aa30-0aa0_firmware7kg8501-0aa01-2aa0_firmware7kg8551-0aa12-0aa07kg8501-0aa02-0aa0_firmware7kg8551-0aa31-2aa0_firmware7kg8551-0aa32-0aa07kg8551-0aa02-2aa0_firmware7kg8501-0aa11-0aa07kg8551-0aa01-2aa07kg8500-0aa00-2aa07kg8551-0aa31-0aa0_firmware7kg8501-0aa01-0aa0_firmware7kg8551-0aa11-2aa0_firmware7kg8500-0aa30-0aa07kg8501-0aa11-0aa0_firmware7kg8500-0aa10-0aa07kg8550-0aa00-0aa07kg8500-0aa00-2aa0_firmware7kg8501-0aa32-2aa07kg8500-0aa00-0aa0_firmware7kg8501-0aa31-2aa0_firmware7kg8550-0aa30-2aa0_firmware7kg8551-0aa02-0aa0_firmware7kg8550-0aa00-2aa0_firmware7kg8501-0aa12-2aa07kg8551-0aa11-0aa07kg8501-0aa12-2aa0_firmware7kg8550-0aa30-0aa07kg8501-0aa11-2aa0_firmware7kg8501-0aa02-0aa07kg8551-0aa31-2aa07kg8551-0aa31-0aa07kg8500-0aa10-0aa0_firmware7kg8551-0aa12-2aa07kg8551-0aa11-2aa07kg8501-0aa11-2aa07kg8501-0aa32-2aa0_firmware7kg8500-0aa00-0aa07kg8551-0aa01-2aa0_firmware7kg8551-0aa32-2aa0_firmware7kg8550-0aa00-2aa07kg8550-0aa30-0aa0_firmware7kg8500-0aa30-2aa0_firmware7kg8551-0aa01-0aa07kg8550-0aa10-0aa07kg8500-0aa10-2aa07kg8501-0aa12-0aa07kg8550-0aa00-0aa0_firmware7kg8500-0aa10-2aa0_firmware7kg8501-0aa02-2aa07kg8551-0aa11-0aa0_firmware7kg8550-0aa10-0aa0_firmware7kg8551-0aa02-2aa07kg8551-0aa32-0aa0_firmware7kg8501-0aa01-2aa07kg8501-0aa02-2aa0_firmware7kg8501-0aa32-0aa0_firmware7kg8501-0aa31-0aa0_firmware7kg8501-0aa01-0aa07kg8550-0aa10-2aa0_firmwareSICAM P850SICAM TSICAM P855
CWE ID-CWE-141
Improper Neutralization of Parameter/Argument Delimiters
CVE-2021-27388
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 83.45%
||
7 Day CHG~0.00%
Published-15 Jun, 2021 | 19:40
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

Action-Not Available
Vendor-n/aSiemens AG
Product-sinamics_sl150sinamics_sm150isinamics_sm150_firmwaresinamics_sl150_firmwaresinamics_sm150i_firmwaresinamics_sm150SINAMICS Medium Voltage Products, Remote Access
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27389
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.56%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.

Action-Not Available
Vendor-Siemens AG
Product-opcenter_qualityqms_automotiveQMS AutomotiveOpcenter Quality
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2021-27384
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 83.76%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.

Action-Not Available
Vendor-Siemens AG
Product-sinamics_sm150i_firmwaresinamics_sl150_firmwaresinamics_sm150simatic_hmi_comfort_panels_4\"sinamics_sh150_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_sm150isimatic_hmi_ktp_mobile_panels_ktp900sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150sinamics_gl150simatic_hmi_ktp_mobile_panels_ktp400fsimatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_gl150_firmwaresimatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp700sinamics_gh150_firmwaresinamics_gm150simatic_wincc_runtime_advancedsinamics_gm150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"_firmwaresinamics_gh150simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900_firmwaresinamics_sm120_firmwareSIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SINAMICS GL150 (with option X30)SINAMICS SL150SIMATIC WinCC Runtime Advanced V15SINAMICS SM150SINAMICS SM120SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants)SINAMICS SM150iSINAMICS GH150SINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants)SINAMICS SH150
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2024-50557
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-1.01% / 77.50%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-20 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_mum856-1_\(eu\)ruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_m874-2_firmwarescalance_m874-3scalance_m874-3_\(cn\)scalance_m876-4_\(eu\)ruggedcom_rm1224_lte\(4g\)_euscalance_m812-1_\(annex_b\)scalance_m812-1_\(annex_a\)scalance_mum856-1_\(b1\)scalance_m876-4_\(nam\)scalance_m804pb_firmwarescalance_s615scalance_m874-3_firmwarescalance_m876-3_firmwarescalance_mum853-1_\(b1\)scalance_mum853-1_\(eu\)ruggedcom_rm1224_lte\(4g\)_namscalance_m876-3_\(rok\)_firmwarescalance_m874-3_\(cn\)_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(cn\)scalance_s615_firmwarescalance_mum856-1_\(a1\)_firmwarescalance_mum856-1_\(a1\)scalance_mum856-1_\(row\)scalance_m876-3_\(rok\)scalance_mum856-1_\(eu\)_firmwarescalance_mum856-1_\(cn\)_firmwarescalance_m876-3scalance_m876-4_\(eu\)_firmwarescalance_m816-1_\(annex_b\)scalance_m876-4scalance_m876-4_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_s615_eec_firmwarescalance_m826-2scalance_m812-1_\(annex_a\)_firmwarescalance_s615_eecscalance_m874-2scalance_m826-2_firmwarescalance_mum856-1_\(row\)_firmwarescalance_m816-1_\(annex_b\)_firmwarescalance_m804pbscalance_m876-4_\(nam\)_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_m816-1_\(annex_a\)_firmwarescalance_mum853-1_\(eu\)_firmwarescalance_mum853-1_\(a1\)ruggedcom_rm1224_lte\(4g\)_eu_firmwarescalance_m816-1_\(annex_a\)SCALANCE M874-3 3G-Router (CN)SCALANCE M874-3SCALANCE MUM856-1 (B1)SCALANCE M816-1 ADSL-RouterSCALANCE M876-3 (ROK)SCALANCE MUM856-1 (A1)SCALANCE M812-1 ADSL-RouterSCALANCE M804PBSCALANCE MUM856-1 (EU)SCALANCE MUM853-1 (B1)SCALANCE MUM853-1 (EU)SCALANCE S615 EEC LAN-RouterSCALANCE M874-2SCALANCE M876-4RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE M876-3SCALANCE M826-2 SHDSL-RouterSCALANCE MUM856-1 (CN)SCALANCE MUM856-1 (RoW)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE M876-4 (EU)SCALANCE MUM853-1 (A1)SCALANCE M876-4 (NAM)SCALANCE S615 LAN-Routerscalance_mum856-1_\(eu\)_firmwarescalance_mum856-1_\(cn\)_firmwareruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_m876-4_firmwarescalance_s615_eec_firmwarescalance_m804pb_firmwarescalance_mum856-1_\(row\)_firmwarescalance_m816-1_\(annex_b\)_firmwarescalance_m874-3_firmwarescalance_m876-3_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_mum853-1_\(eu\)_firmwarescalance_s615_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(a1\)_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27391
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.86% / 86.54%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-23 Apr, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-apogee_pxc_compact_\(p2_ethernet\)apogee_pxc_modular_\(bacnet\)_firmwareapogee_pxc_compact_\(p2_ethernet\)_firmwaretalon_tc_compact_\(bacnet\)apogee_mbc_\(ppc\)_\(p2_ethernet\)_firmwareapogee_pxc_bacnet_automation_controllerapogee_mbc_\(ppc\)_\(p2_ethernet\)apogee_pxc_bacnet_automation_controller_firmwareapogee_mec_\(ppc\)_\(p2_ethernet\)talon_tc_compact_\(bacnet\)_firmwareapogee_pxc_modular_\(p2_ethernet\)talon_tc_modular_\(bacnet\)apogee_pxc_modular_\(p2_ethernet\)_firmwareapogee_pxc_modular_\(bacnet\)apogee_mec_\(ppc\)_\(p2_ethernet\)_firmwaretalon_tc_modular_\(bacnet\)_firmwareAPOGEE PXC Modular (P2 Ethernet)APOGEE PXC Compact (BACnet)APOGEE MEC (PPC) (P2 Ethernet)APOGEE PXC Modular (BACnet)APOGEE MBC (PPC) (P2 Ethernet)TALON TC Modular (BACnet)APOGEE PXC Compact (P2 Ethernet)TALON TC Compact (BACnet)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found