Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32740

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-14 May, 2024 | 10:02
Updated At-02 Aug, 2024 | 02:20
Rejected At-
Credits

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:14 May, 2024 | 10:02
Updated At:02 Aug, 2024 | 02:20
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.

Affected Products
Vendor
Siemens AGSiemens
Product
SIMATIC CN 4100
Default Status
unknown
Versions
Affected
  • From 0 before V3.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798: Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798: Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-273900.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-273900.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Siemens AGsiemens
Product
simatic_cn_4100
CPEs
  • cpe:2.3:a:siemens:simatic_cn_4100:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 3.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-273900.html
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-273900.html
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:14 May, 2024 | 16:17
Updated At:20 Aug, 2025 | 18:09

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Siemens AG
siemens
>>simatic_cn_4100_firmware>>Versions before 3.0(exclusive)
cpe:2.3:o:siemens:simatic_cn_4100_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cn_4100>>-
cpe:2.3:h:siemens:simatic_cn_4100:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Secondaryproductcert@siemens.com
CWE ID: CWE-798
Type: Secondary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/html/ssa-273900.htmlproductcert@siemens.com
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-273900.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-273900.html
Source: productcert@siemens.com
Resource:
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-273900.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

695Records found
CVE-2018-7084
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.06%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 17:14
Updated-05 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-aruba_instantscalance_w1750d_firmwarescalance_w1750dAruba Instant (IAP)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-4834
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 80.42%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.

Action-Not Available
Vendor-Siemens AG
Product-pxm20-e_firmwarepxc00\/50\/100\/200-e.d_firmwarepxc12\/22\/36-e.dpxm20-epxc001-e.d_firmwarepxc001-e.dpxc00\/50\/100\/200-e.dpxc00\/64\/128-upxc00\/64\/128-u_firmwarepxc12\/22\/36-e.d_firmwareDesigo PXC001-E.D V6.00Desigo PXC22.1-E.D V6.00Desigo PXC22-E.D V6.00Desigo PXC50-E.D V6.00Desigo PXC36.1-E.D V5.00Desigo PXC12-E.D V5.00Desigo PXM20-E V6.00Desigo PXC36.1-E.D V6.00Desigo PXC36.1-E.D V4.10Desigo PXC100-E.D V5.00Desigo PXC50-E.D V4.10Desigo PXM20-E V5.10Desigo PXC00/64/128-U V4.10Desigo PXC00-E.D V5.10Desigo PXC001-E.D V5.00Desigo PXC100-E.D V4.10Desigo PXC12-E.D V6.00Desigo PXC36.1-E.D V5.10Desigo PXC12-E.D V4.10Desigo PXC12-E.D V5.10Desigo PXC00-E.D V5.00Desigo PXC00-E.D V4.10Desigo PXC22-E.D V5.10Desigo PXM20-E V4.10Desigo PXC100-E.D V6.00Desigo PXC200-E.D V4.10Desigo PXC50-E.D V5.00Desigo PXC200-E.D V6.00Desigo PXC00/64/128-U V6.00Desigo PXC50-E.D V5.10Desigo PXC00/64/128-U V5.00Desigo PXC22-E.D V5.00Desigo PXC22.1-E.D V4.10Desigo PXC00-E.D V6.00Desigo PXC200-E.D V5.10Desigo PXC100-E.D V5.10Desigo PXC001-E.D V4.10Desigo PXC00/64/128-U V5.10Desigo PXC22.1-E.D V5.10Desigo PXC22.1-E.D V5.00Desigo PXC001-E.D V5.10Desigo PXM20-E V5.00Desigo PXC22-E.D V4.10Desigo PXC200-E.D V5.00
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-4841
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-3.00% / 86.06%
||
7 Day CHG~0.00%
Published-29 Mar, 2018 | 13:00
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.

Action-Not Available
Vendor-Siemens AG
Product-tim_1531_irc_firmwaretim_1531_ircTIM 1531 IRC
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2024-23810
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.76% / 72.34%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-09 May, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-23813
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.14% / 35.28%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-09 May, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.

Action-Not Available
Vendor-Siemens AG
Product-polarion_almPolarion ALM
CWE ID-CWE-287
Improper Authentication
CVE-2024-22039
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-8.46% / 92.00%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 10:21
Updated-01 Aug, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-cerberus_pro_en_fire_panel_fc72xsinteso_mobilecerberus_pro_en_engineering_toolcerberus_pro_en_x300_cloud_distributionsinteso_fs20_en_x300_cloud_distributionsinteso_fs20_en_fire_panel_fc20sinteso_fs20_en_engineering_toolsinteso_fs20_en_x200_cloud_distributioncerberus_pro_en_x200_cloud_distributionCerberus PRO EN Fire Panel FC72x IP7Sinteso FS20 EN X300 Cloud Distribution MP7Sinteso MobileCerberus PRO UL X300 Cloud DistributionSinteso FS20 EN Engineering ToolDesigo Fire Safety UL Compact Panel FC2025/2050Desigo Fire Safety UL Engineering ToolSinteso FS20 EN X200 Cloud Distribution MP8Cerberus PRO UL Engineering ToolSinteso FS20 EN X300 Cloud Distribution MP8Cerberus PRO UL Compact Panel FC922/924Sinteso FS20 EN Fire Panel FC20 MP7Cerberus PRO EN X300 Cloud Distribution IP7Desigo Fire Safety UL X300 Cloud DistributionCerberus PRO EN Engineering ToolSinteso FS20 EN X200 Cloud Distribution MP7Cerberus PRO EN Fire Panel FC72x IP6Cerberus PRO EN X200 Cloud Distribution IP7Sinteso FS20 EN Fire Panel FC20 MP6Cerberus PRO EN X200 Cloud Distribution IP8Cerberus PRO EN X300 Cloud Distribution IP8cerberus_pro_ul_engineering_toolcerberus_pro_ul_compact_panelcerberus_pro_en_fire_panel_fc72xcerberus_pro_en_engineering_toolcerberus_pro_en_x300_cloud_distributioncerberus_pro_ul_x300_cloudsinteso_fs20_en_x300_cloud_distributiondesigo_fire_safety_ul_engineering_tooldesigo_fire_safety_ul_compact_panelsinteso_fs20_en_fire_panel_fc20sinteso_mobilesinteso_fs20_en_x200_cloud_distributioncerberus_pro_en_x200_cloud_distribution
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-37886
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 78.92%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwareinstantscalance_w1750dAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-37885
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 78.92%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwareinstantscalance_w1750dAruba Access Points; 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-37891
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.48%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwareinstantscalance_w1750dAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-37889
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 78.92%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwareinstantscalance_w1750dAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-37887
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 78.92%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwareinstantscalance_w1750dAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-36361
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.71%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 Nov, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_bm_fs-05logo\!8_bm_fs-05_firmwarelogo\!8_bmlogo\!_8_bm_firmwareLOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoSIPLUS LOGO! 12/24RCEoLOGO! 24CEoSIPLUS LOGO! 24RCEoLOGO! 24RCESIPLUS LOGO! 24CELOGO! 12/24RCEoLOGO! 230RCESIPLUS LOGO! 230RCEoLOGO! 24CESIPLUS LOGO! 24RCESIPLUS LOGO! 12/24RCESIPLUS LOGO! 230RCE
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-37890
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.48%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address these security vulnerabilities.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-arubaosscalance_w1750d_firmwareinstantscalance_w1750dAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-37011
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-13 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.

Action-Not Available
Vendor-mendixSiemens AG
Product-samlMendix SAML (Mendix 9 compatible, New Track)Mendix SAML (Mendix 7 compatible)Mendix SAML (Mendix 9 compatible, Upgrade Track)Mendix SAML (Mendix 8 compatible)
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2024-54092
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.27% / 49.94%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 08:22
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions < V2.1), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC IPC227E Industrial Edge DeviceSIMATIC IPC847E Industrial Edge DeviceIndustrial Edge Device Kit - arm64 V1.17Industrial Edge Device Kit - arm64 V1.19Industrial Edge Device Kit - arm64 V1.18Industrial Edge Device Kit - x86-64 V1.17SIMATIC IPC427E Industrial Edge DeviceIndustrial Edge Device Kit - x86-64 V1.21SIMATIC IPC BX-39A Industrial Edge DeviceIndustrial Edge Device Kit - x86-64 V1.19Industrial Edge Device Kit - x86-64 V1.18Industrial Edge Own Device (IEOD)Industrial Edge Device Kit - x86-64 V1.20SIMATIC IPC127E Industrial Edge DeviceIndustrial Edge Device Kit - arm64 V1.21SCALANCE LPE9413SIMATIC IPC BX-59A Industrial Edge DeviceIndustrial Edge Virtual DeviceIndustrial Edge Device Kit - arm64 V1.20
CWE ID-CWE-1390
Weak Authentication
CVE-2022-34821
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.50% / 64.92%
||
7 Day CHG-0.17%
Published-12 Jul, 2022 | 00:00
Updated-21 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0), SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Siemens AG
Product-siplus_net_cp_1242-7_v2simatic_cp_1543-1_firmwaresimatic_cp_1243-7_lte_ussiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_cp_1243-8_irc_firmwaresimatic_cp_1542sp-1_ircsimatic_cp_1543sp-1_firmwaresiplus_net_cp_1242-7_v2_firmwaresimatic_cp_1242-7_v2_firmwaresimatic_cp_1543-1simatic_cp_1543sp-1simatic_cp_1243-7_lte_eusiplus_s7-1200_cp_1243-1_firmwaresimatic_cp_1243-1_firmwaresiplus_s7-1200_cp_1243-1_rail_firmwaresiplus_et_200sp_cp_1543sp-1_isecsimatic_cp_1242-7_v2siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isec_tx_railsiplus_et_200sp_cp_1543sp-1_isec_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_cp_1542sp-1_irc_firmwaresiplus_s7-1200_cp_1243-1_railsimatic_cp_1243-7_lte_eu_firmwaresimatic_cp_1243-8_ircsiplus_net_cp_1543-1_firmwaresiplus_net_cp_1543-1simatic_cp_1243-7_lte_us_firmwaresiplus_s7-1200_cp_1243-1SCALANCE M876-3 (ROK)SCALANCE M876-4 (NAM)SCALANCE MUM856-1 (EU)SIPLUS NET CP 1242-7 V2SCALANCE M876-4SCALANCE SC646-2CSCALANCE WAM766-1 (US)SCALANCE M826-2 SHDSL-RouterSCALANCE SC632-2CSIMATIC CP 1543-1SIMATIC CP 1242-7 V2RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE WAM763-1 (ME)SCALANCE SC636-2CSCALANCE WUM766-1SCALANCE WAM766-1 (ME)SCALANCE M876-3SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSCALANCE WAM763-1 (US)SIPLUS S7-1200 CP 1243-1 RAILSCALANCE S615 LAN-RouterSCALANCE MUM856-1 (RoW)SCALANCE WAM766-1 EEC (ME)SIMATIC CP 1543SP-1SIPLUS ET 200SP CP 1542SP-1 IRC TX RAILSCALANCE M874-3SCALANCE WUB762-1 iFeaturesSCALANCE WUM766-1 (ME)SCALANCE WAM763-1SCALANCE M874-2SIMATIC CP 1243-7 LTE USSCALANCE WUB762-1SIMATIC CP 1243-1RUGGEDCOM RM1224 LTE(4G) EUSIMATIC CP 1243-7 LTE EUSIMATIC CP 1243-8 IRCSCALANCE SC642-2CSCALANCE S615 EEC LAN-RouterSCALANCE MUM853-1 (EU)SCALANCE WAM766-1SCALANCE WAB762-1SCALANCE WUM763-1SCALANCE M812-1 ADSL-RouterSIPLUS ET 200SP CP 1543SP-1 ISECSIMATIC CP 1542SP-1 IRCSCALANCE M876-4 (EU)SCALANCE WUM763-1 (US)SCALANCE WAM766-1 EEC (US)SCALANCE WAM766-1 EECSCALANCE M816-1 ADSL-RouterSCALANCE M804PBSIPLUS NET CP 1543-1SIPLUS S7-1200 CP 1243-1SCALANCE SC622-2CSCALANCE SC626-2CSCALANCE WUM766-1 (USA)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-34660
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.76% / 85.45%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 11:18
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-teamcenterTeamcenter V12.4Teamcenter V13.0Teamcenter V14.0Teamcenter V13.3Teamcenter V13.1Teamcenter V13.2
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-50557
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.73% / 71.75%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-20 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_mum856-1_\(eu\)ruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_m874-2_firmwarescalance_m874-3scalance_m874-3_\(cn\)scalance_m876-4_\(eu\)ruggedcom_rm1224_lte\(4g\)_euscalance_m812-1_\(annex_b\)scalance_m812-1_\(annex_a\)scalance_mum856-1_\(b1\)scalance_m876-4_\(nam\)scalance_m804pb_firmwarescalance_s615scalance_m874-3_firmwarescalance_m876-3_firmwarescalance_mum853-1_\(b1\)scalance_mum853-1_\(eu\)ruggedcom_rm1224_lte\(4g\)_namscalance_m876-3_\(rok\)_firmwarescalance_m874-3_\(cn\)_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(cn\)scalance_s615_firmwarescalance_mum856-1_\(a1\)_firmwarescalance_mum856-1_\(a1\)scalance_mum856-1_\(row\)scalance_m876-3_\(rok\)scalance_mum856-1_\(eu\)_firmwarescalance_mum856-1_\(cn\)_firmwarescalance_m876-3scalance_m876-4_\(eu\)_firmwarescalance_m816-1_\(annex_b\)scalance_m876-4scalance_m876-4_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_s615_eec_firmwarescalance_m826-2scalance_m812-1_\(annex_a\)_firmwarescalance_s615_eecscalance_m874-2scalance_m826-2_firmwarescalance_mum856-1_\(row\)_firmwarescalance_m816-1_\(annex_b\)_firmwarescalance_m804pbscalance_m876-4_\(nam\)_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_m816-1_\(annex_a\)_firmwarescalance_mum853-1_\(eu\)_firmwarescalance_mum853-1_\(a1\)ruggedcom_rm1224_lte\(4g\)_eu_firmwarescalance_m816-1_\(annex_a\)SCALANCE M874-3 3G-Router (CN)SCALANCE M874-3SCALANCE MUM856-1 (B1)SCALANCE M816-1 ADSL-RouterSCALANCE M876-3 (ROK)SCALANCE MUM856-1 (A1)SCALANCE M812-1 ADSL-RouterSCALANCE M804PBSCALANCE MUM856-1 (EU)SCALANCE MUM853-1 (B1)SCALANCE MUM853-1 (EU)SCALANCE S615 EEC LAN-RouterSCALANCE M874-2SCALANCE M876-4RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE M876-3SCALANCE M826-2 SHDSL-RouterSCALANCE MUM856-1 (CN)SCALANCE MUM856-1 (RoW)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE M876-4 (EU)SCALANCE MUM853-1 (A1)SCALANCE M876-4 (NAM)SCALANCE S615 LAN-Routerscalance_mum856-1_\(eu\)_firmwarescalance_mum856-1_\(cn\)_firmwareruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_m876-4_firmwarescalance_s615_eec_firmwarescalance_m804pb_firmwarescalance_mum856-1_\(row\)_firmwarescalance_m816-1_\(annex_b\)_firmwarescalance_m874-3_firmwarescalance_m876-3_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_mum853-1_\(eu\)_firmwarescalance_s615_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(a1\)_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-49775
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:06
Updated-12 Mar, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Siemens AG
Product-Opcenter RDLTotally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V17Opcenter Execution FoundationTotally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V5.0SINEC NMSSIMATIC PCS neo V4.0Opcenter QualitySIMATIC PCS neo V4.1Opcenter Intelligence
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-29873
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.69% / 85.28%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:47
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-7kg8501-0aa11-2aa0_firmware7kg8551-0aa01-2aa07kg8501-0aa11-0aa07kg8500-0aa10-0aa0_firmware7kg8501-0aa31-2aa0_firmware7kg8551-0aa02-2aa0_firmware7kg8551-0aa02-0aa0_firmware7kg8551-0aa32-2aa0_firmware7kg8550-0aa00-0aa07kg8550-0aa00-0aa0_firmware7kg8501-0aa01-0aa07kg8551-0aa02-0aa07kg8500-0aa30-0aa07kg8551-0aa32-0aa0_firmware7kg8551-0aa02-2aa07kg8550-0aa30-0aa0_firmware7kg8501-0aa32-0aa07kg8500-0aa30-2aa0_firmware7kg8501-0aa01-0aa0_firmware7kg8501-0aa02-0aa07kg8551-0aa12-2aa07kg8500-0aa00-0aa07kg8551-0aa01-0aa0_firmware7kg8501-0aa11-2aa07kg8501-0aa31-0aa07kg8501-0aa12-2aa0_firmware7kg8501-0aa32-2aa07kg8550-0aa00-2aa0_firmware7kg8550-0aa30-2aa07kg8501-0aa31-0aa0_firmware7kg8550-0aa30-0aa07kg8501-0aa12-0aa0_firmware7kg8551-0aa12-0aa07kg8500-0aa30-2aa07kg8501-0aa32-2aa0_firmware7kg8500-0aa10-2aa0_firmware7kg8500-0aa00-2aa0_firmware7kg8501-0aa01-2aa0_firmware7kg8501-0aa02-0aa0_firmware7kg8500-0aa10-0aa07kg8551-0aa12-0aa0_firmware7kg8550-0aa30-2aa0_firmware7kg8551-0aa32-2aa07kg8501-0aa11-0aa0_firmware7kg8550-0aa10-2aa07kg8501-0aa02-2aa0_firmware7kg8551-0aa32-0aa07kg8501-0aa32-0aa0_firmware7kg8551-0aa12-2aa0_firmware7kg8550-0aa10-0aa0_firmware7kg8501-0aa01-2aa07kg8550-0aa00-2aa07kg8551-0aa31-2aa0_firmware7kg8551-0aa11-2aa07kg8501-0aa12-0aa07kg8551-0aa31-0aa0_firmware7kg8551-0aa11-0aa07kg8500-0aa00-2aa07kg8551-0aa01-2aa0_firmware7kg8550-0aa10-2aa0_firmware7kg8550-0aa10-0aa07kg8551-0aa31-0aa07kg8551-0aa11-0aa0_firmware7kg8551-0aa11-2aa0_firmware7kg8500-0aa30-0aa0_firmware7kg8551-0aa01-0aa07kg8501-0aa02-2aa07kg8500-0aa10-2aa07kg8551-0aa31-2aa07kg8501-0aa31-2aa07kg8501-0aa12-2aa07kg8500-0aa00-0aa0_firmwareSICAM P850SICAM P855
CWE ID-CWE-141
Improper Neutralization of Parameter/Argument Delimiters
CVE-2021-31886
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.90% / 85.83%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)

Action-Not Available
Vendor-Siemens AG
Product-talon_tc_compactdesigo_pxm20-edesigo_pxc22.1-e.dapogee_pxc_compactdesigo_pxc001-e.d_firmwareapogee_modular_equiment_controller_firmwaredesigo_pxc12-e.dapogee_pxc_compact_firmwaredesigo_pxc200-e.d_firmwareapogee_modular_equiment_controllerdesigo_pxc100-e.dapogee_modular_building_controllerdesigo_pxc001-e.dapogee_pxc_modular_firmwaretalon_tc_modular_firmwaretalon_tc_modulardesigo_pxc22.1-e.d_firmwaredesigo_pxc50-e.dapogee_modular_building_controller_firmwaredesigo_pxc12-e.d_firmwaredesigo_pxc22-e.ddesigo_pxc22-e.d_firmwaredesigo_pxc00-u_firmwarenucleus_readystart_v3desigo_pxc00-e.ddesigo_pxc100-e.d_firmwaredesigo_pxc200-e.ddesigo_pxc00-e.d_firmwaredesigo_pxc50-e.d_firmwarenucleus_netdesigo_pxc64-utalon_tc_compact_firmwaredesigo_pxc36.1-e.d_firmwaredesigo_pxc64-u_firmwaredesigo_pxc128-udesigo_pxc00-uapogee_pxc_modulardesigo_pxm20-e_firmwaredesigo_pxc36.1-e.ddesigo_pxc128-u_firmwarenucleus_source_codeTALON TC Compact (BACnet)Desigo PXC64-UDesigo PXC00-UNucleus Source CodeAPOGEE PXC Compact (BACnet)APOGEE MEC (PPC) (P2 Ethernet)Nucleus NETDesigo PXC001-E.DDesigo PXC100-E.DDesigo PXC12-E.DAPOGEE MBC (PPC) (BACnet)Desigo PXC22.1-E.DTALON TC Modular (BACnet)Nucleus ReadyStart V3APOGEE MEC (PPC) (BACnet)Desigo PXC00-E.DAPOGEE MBC (PPC) (P2 Ethernet)Desigo PXC50-E.DAPOGEE PXC Compact (P2 Ethernet)Desigo PXC36.1-E.DAPOGEE PXC Modular (P2 Ethernet)Desigo PXC22-E.DDesigo PXC200-E.DDesigo PXM20-EAPOGEE PXC Modular (BACnet)Desigo PXC128-U
CWE ID-CWE-170
Improper Null Termination
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47902
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.14% / 34.90%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 14:21
Updated-30 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.

Action-Not Available
Vendor-Siemens AG
Product-intermesh_7707_fire_subscriberintermesh_7177_hybrid_2.0_subscriberintermesh_7707_fire_subscriber_firmwareInterMesh 7707 Fire SubscriberInterMesh 7177 Hybrid 2.0 Subscriberintermesh_7177_hybrid2.0_subscriberintermesh_7707_fire_subscriber
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-31337
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.15%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 12:24
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. Telnet is disabled by default on the SINAMICS Medium Voltage Products (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).

Action-Not Available
Vendor-n/aSiemens AG
Product-sinamics_sl150sinamics_sm150isinamics_sm150_firmwaresinamics_sl150_firmwaresinamics_sm150i_firmwaresinamics_sm150SINAMICS Medium Voltage Products
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-25668
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.47%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x212-2ldscalance_x201-3p_irtscalance_xf204_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x204_irtscalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x212-2scalance_x202-2_irtscalance_x204-2ts_firmwarescalance_x208proscalance_xf204_firmwarescalance_x216_firmwarescalance_xf204-2ba_irtscalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf202-2p_irt_firmwarescalance_xf208_firmwarescalance_x208_firmwarescalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204_irt_pro_firmwarescalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_x202-2_irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_xf204scalance_x206-1ldscalance_x208pro_firmwarescalance_x224_firmwarescalance_xf204_irt_firmwareSCALANCE XF208SCALANCE X206-1LDSCALANCE X202-2P IRT PROSCALANCE XF204-2BA IRTSCALANCE X201-3P IRTSCALANCE X204-2FMSCALANCE X212-2 (incl. SIPLUS NET variant)SCALANCE X204-2TSSCALANCE X204-2LD TSSCALANCE X206-1SCALANCE XF204SCALANCE XF204-2 (incl. SIPLUS NET variant)SCALANCE X204-2 (incl. SIPLUS NET variant)SCALANCE X204 IRT PROSCALANCE X224SCALANCE X204-2LD (incl. SIPLUS NET variant)SCALANCE X208PROSCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE X200-4P IRTSCALANCE XF206-1SCALANCE XF201-3P IRTSCALANCE XF204 IRTSCALANCE XF202-2P IRTSCALANCE X208 (incl. SIPLUS NET variant)SCALANCE X202-2P IRT (incl. SIPLUS NET variant)SCALANCE X202-2 IRTSCALANCE X204 IRT
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-41798
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.20% / 42.02%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-10 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication.

Action-Not Available
Vendor-Siemens AG
Product-SENTRON 7KM PAC3200sentron_pac3200
CWE ID-CWE-287
Improper Authentication
CVE-2021-25149
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.45%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 23:58
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-scalance_w1750d_firmwareinstantscalance_w1750dAruba Instant Access Points
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-8275
Matching Score-8
Assigner-Kaspersky
ShareView Details
Matching Score-8
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-4.58% / 88.79%
||
7 Day CHG~0.00%
Published-09 Mar, 2019 | 00:00
Updated-17 Sep, 2024 | 03:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

Action-Not Available
Vendor-uvncSiemens AGKaspersky Lab
Product-sinumerik_pcu_base_win10_software\/ipcultravncsinumerik_pcu_base_win7_software\/ipcsinumerik_access_mymachine\/p2pUltraVNC
CWE ID-CWE-170
Improper Null Termination
CVE-2016-9157
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 80.03%
||
7 Day CHG~0.00%
Published-05 Dec, 2016 | 08:09
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.

Action-Not Available
Vendor-n/aSiemens AG
Product-sicam_pas\/pqsSiemens SICAM PAS through V8.08
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
CVE-2022-26476
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.31%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:21
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.

Action-Not Available
Vendor-Siemens AG
Product-spectrum_power_4spectrum_power_microgrid_management_systemspectrum_power_7Spectrum Power 4Spectrum Power 7Spectrum Power MGMS
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-28395
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 38.71%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 00:00
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xr326-2c_poe_wg_firmwarescalance_xr324-12mscalance_xr324-12m_tsscalance_xr324-4m_eecscalance_xr324-4m_poescalance_xr328-4c_wgscalance_xr324-4m_poe_firmwarescalance_xr324wgscalance_xr324-4m_eec_firmwarescalance_xr324-12m_ts_firmwarescalance_xr326-2c_poe_wgscalance_xr324wg_firmwarescalance_xr328-4c_wg_firmwarescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_xr324-12m_firmwareSCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)SCALANCE X-200RNA switch family
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-28391
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 36.31%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 00:00
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xc208scalance_xf206-1_firmwarescalance_xb205-3scalance_xc216eec_firmwarescalance_x320-1fe_firmwarescalance_xp208scalance_xc206-2sfp_g_\(e\/ip\)scalance_xc224-4c_g_eec_firmwarescalance_xc206-2sfp_g_eec_firmwarescalance_xp216scalance_xb213-3_firmwarescalance_x202-2irtscalance_xb205-3ldscalance_xc208g_eecscalance_xf204-2scalance_xc206-2sfp_g_firmwarescalance_xc216-4c_g_\(e\/ip\)_firmwarescalance_xb205-3_firmwarescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xb216_firmwarescalance_xp216poe_eec_firmwarescalance_xb213-3ldscalance_xf204-2ba_irtscalance_xc206-2g_poe__firmwarescalance_xf208_firmwarescalance_xc208g_eec_firmwarescalance_x204irt_firmwarescalance_xf204scalance_x308-2lh\+scalance_x202-2pirtscalance_xc208eec_firmwarescalance_xf204_dnascalance_xc208g_poescalance_x307-3_firmwarescalance_xc224-4c_g_\(e\/ip\)_firmwarescalance_xb213-3ld_firmwarescalance_x310fe_firmwarescalance_xf204-2ba_irt_firmwarescalance_x308-2ldscalance_xc216scalance_x308-2scalance_x200-4pirtscalance_xc206-2sfp_g_eecscalance_x201-3pirtscalance_xc206-2sfp_g_\(e\/ip\)_firmwarescalance_xp216eec_firmwarescalance_xc208g_\(e\/ip\)_firmwarescalance_xp208eecscalance_x202-2pirt_siplus_netscalance_xb208scalance_x308-2m_tsscalance_xc206-2g_poe_eecscalance_xc216-4c_g_firmwarescalance_xc206-2g_poe_scalance_x202-2irt_firmwarescalance_x307-3ldscalance_xc224__firmwarescalance_xf201-3p_irt_firmwarescalance_xc206-2sfp_gscalance_xp208poe_eecscalance_xf204-2ba_dnascalance_xc206-2_firmwarescalance_xb213-3scalance_x310fescalance_xc224-4c_g_scalance_xc216-4c_firmwarescalance_xp216poe_eecscalance_x308-2_firmwarescalance_xc216-4c_g_\(e\/ip\)scalance_x320-3ldfe_firmwarescalance_x307-3ld_firmwarescalance_x308-2lhscalance_x202-2pirt_firmwarescalance_x201-3pirt_firmwarescalance_x310scalance_xb205-3ld_firmwarescalance_xc224-4c_g_eecscalance_xc224_scalance_xp216_\(eip\)_firmwarescalance_xc216eecscalance_xf204_firmwarescalance_x308-2m_firmwarescalance_xp208_\(eip\)scalance_xc208gscalance_xb216scalance_xf204-2_firmwarescalance_xf202-2p_irtscalance_x308-2mscalance_xc206-2g_poe_eec_firmwarescalance_xc216_firmwarescalance_xc208eecscalance_xc206-2sfp_eec_firmwarescalance_xc216-4cscalance_x202-2pirt_siplus_net_firmwarescalance_xf204_dna_firmwarescalance_xc208g_firmwarescalance_xc206-2sfpscalance_xc208_firmwarescalance_x308-2m_ts_firmwarescalance_xp216_\(eip\)scalance_xf201-3p_irtscalance_xf208scalance_xp208_\(eip\)_firmwarescalance_xf204irtscalance_xp208eec_firmwarescalance_x204irtscalance_xc206-2sfp_firmwarescalance_xc208g_\(e\/ip\)scalance_xb208_firmwarescalance_xc224-4c_g__firmwarescalance_x308-2lh_firmwarescalance_xc206-2scalance_x320-3ldfescalance_xc208g_poe_firmwarescalance_xf206-1scalance_x310_firmwarescalance_x200-4pirt_firmwarescalance_xf204-2ba_dna_firmwarescalance_xc224-4c_g_\(e\/ip\)scalance_x320-1fescalance_xc216-4c_g_eec_firmwarescalance_xf202-2p_irt_firmwarescalance_xp216_firmwarescalance_x307-3scalance_xp208_firmwarescalance_xp208poe_eec_firmwarescalance_xp216eecscalance_xf204irt_firmwarescalance_xc216-4c_g_eecscalance_xc206-2sfp_eecscalance_xc216-4c_gSCALANCE X-200RNA switch familySCALANCE X-200 switch family (incl. SIPLUS NET variants)SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-45033
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.25%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 11:27
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.

Action-Not Available
Vendor-Siemens AG
Product-cp-8000_master_module_with_i\/o_-25\/\+70cp-8000_master_module_with_i\/o_-25\/\+70_firmwarecp-8000_master_module_with_i\/o_-40\/\+70_firmwarecp-8022_master_module_with_gprs_firmwarecp-8021_master_modulecp-8022_master_module_with_gprscp-8000_master_module_with_i\/o_-40\/\+70cp-8021_master_module_firmwareCP-8022 MASTER MODULE WITH GPRSCP-8021 MASTER MODULECP-8000 MASTER MODULE WITH I/O -25/+70°CCP-8000 MASTER MODULE WITH I/O -40/+70°C
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-45106
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.46%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:17
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database.

Action-Not Available
Vendor-Siemens AG
Product-sicam_toolbox_iiSICAM TOOLBOX II
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-25229
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:05
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.

Action-Not Available
Vendor-Siemens AG
Product-logo\!_8_bmlogo\!_8_bm_firmwareLOGO! 8 BM (incl. SIPLUS variants)
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-25231
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:05
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.

Action-Not Available
Vendor-Siemens AG
Product-logo\!_soft_comfortlogo\!_8_bmlogo\!_8_bm_firmwareLOGO! 8 BM (incl. SIPLUS variants)LOGO! Soft Comfort
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-33920
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.00%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 08:17
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability.

Action-Not Available
Vendor-Siemens AG
Product-cpci85_firmwarecp-8031_master_modulecp-8050_master_moduleCP-8031 MASTER MODULECP-8050 MASTER MODULE
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-6572
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-9.1||CRITICAL
EPSS-0.90% / 74.79%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 19:54
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_tpsimatic_hmi_ktp_mobile_panels_ktp900fsimatic_hmi_tp_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsimatic_hmi_comfort_outdoor_panelssimatic_hmi_comfort_outdoor_panels_firmwaresimatic_wincc_\(tia_portal\)simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_wincc_runtimesimatic_hmi_op_firmwaresimatic_hmi_mp_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_opsimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_panelssimatic_hmi_comfort_panels_firmwaresimatic_hmi_mpsimatic_hmi_ktp_mobile_panels_ktp700_firmwareSIMATIC WinCC Runtime AdvancedSIMATIC WinCC (TIA Portal)SIMATIC HMI Comfort Outdoor Panels 7" & 15"SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel)SIMATIC WinCC Runtime ProfessionalSIMATIC HMI Comfort Panels 4" - 22"SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27392
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.66%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.

Action-Not Available
Vendor-Siemens AG
Product-siveillance_video_open_network_bridgeSiveillance Video Open Network Bridge
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-31619
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-1.39% / 79.56%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:21
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.

Action-Not Available
Vendor-Siemens AG
Product-teamcenterTeamcenter V12.4Teamcenter V13.0Teamcenter V14.0Teamcenter V13.3Teamcenter V13.1Teamcenter V13.2
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2010-2772
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.89%
||
7 Day CHG~0.00%
Published-22 Jul, 2010 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_winccsimatic_pcs_7n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-10920
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.51%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 19:54
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_bm_firmwarelogo\!8_bmLOGO! 8 BM (incl. SIPLUS variants)
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-41794
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-0.10% / 28.90%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 08:22
Updated-08 Apr, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).

Action-Not Available
Vendor-Siemens AG
Product-SENTRON 7KT PAC1260 Data Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-4846
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.

Action-Not Available
Vendor-Siemens AG
Product-rapidlab_1200_firmwarerapidpoint_500_firmwarerapidpoint_500rapidpoint_400_firmwarerapidlab_1200rapidpoint_400RAPIDLab 1200 systems RAPIDPoint 400 systems RAPIDPoint 500 systems RAPIDLab 1200 Series RAPIDPoint 500 systems RAPIDPoint 500 systems RAPIDPoint 500 systems RAPIDPoint 400 systems
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-37832
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.82%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mutiny 7.2.0-10788 suffers from Hardcoded root password.

Action-Not Available
Vendor-mutinyn/a
Product-mutinyn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-21137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:05
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600d3600_firmwared6000_firmwared6000n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22667
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.39%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 16:01
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-bb-eswgp506-2sfp-t_firmwarebb-eswgp506-2sfp-tBB-ESWGP506-2SFP-T
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22644
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.43%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 14:19
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ovarro TBox Use of Hard-coded Cryptographic Key

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.

Action-Not Available
Vendor-ovarroOvarro
Product-tbox_ms-cpu32_firmwaretbox_ms-cpu32-s2_firmwaretbox_tg2tbox_lt2-530_firmwaretbox_lt2-532_firmwaretbox_lt2-540_firmwaretbox_rm2tbox_ms-cpu32-s2tbox_lt2-540tbox_lt2-532tbox_lt2-530tbox_ms-cpu32twinsofttbox_tg2_firmwaretbox_rm2_firmwareTBox
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-19492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-35.48% / 96.93%
||
7 Day CHG~0.00%
Published-02 Dec, 2019 | 01:13
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

Action-Not Available
Vendor-freeswitchn/a
Product-freeswitchn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 20:59
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

Action-Not Available
Vendor-n/aVeritas Technologies LLC
Product-netbackupn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-22730
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.51%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 10:44
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when accessing to the charging station web server.

Action-Not Available
Vendor-n/a
Product-evlink_city_evc1s22p4evlink_parking_evf2evlink_parking_evf2_firmwareevlink_parking_ev.2_firmwareevlink_parking_evw2evlink_city_evc1s22p4_firmwareevlink_city_evc1s7p4_firmwareevlink_smart_wallbox_evb1a_firmwareevlink_smart_wallbox_evb1aevlink_parking_evw2_firmwareevlink_parking_ev.2evlink_city_evc1s7p4EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 13
  • 14
  • Next
Details not found