ByteOS Network

Vulnerability Details :

CVE-2024-39876

Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77

Published At-09 Jul, 2024 | 12:05

Updated At-27 Aug, 2025 | 20:42

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:siemens

Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77

Published At:09 Jul, 2024 | 12:05

Updated At:27 Aug, 2025 | 20:42

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Siemens AG

Product

SINEMA Remote Connect Server

Default Status

unknown

Versions

Affected

From 0 before V3.2 SP1 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-770	CWE-770: Allocation of Resources Without Limits or Throttling

Type: CWE

CWE ID: CWE-770

Description: CWE-770: Allocation of Resources Without Limits or Throttling

Metrics

Version	Base score	Base severity	Vector
3.1	4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4.0	5.3	MEDIUM	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Version: 3.1

Base score: 4.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

Hyperlink	Resource
https://cert-portal.siemens.com/productcert/html/ssa-381581.html	N/A

Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://cert-portal.siemens.com/productcert/html/ssa-381581.html	x_transferred

Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:productcert@siemens.com

Published At:09 Jul, 2024 | 12:15

Updated At:09 Jul, 2024 | 18:19

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 4.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weaknesses

CWE ID	Type	Source
CWE-770	Primary	productcert@siemens.com

CWE ID: CWE-770

Type: Primary

Source: productcert@siemens.com

References

Hyperlink	Source	Resource
https://cert-portal.siemens.com/productcert/html/ssa-381581.html	productcert@siemens.com	N/A

Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Source: productcert@siemens.com

Resource: N/A

Similar CVEs

20Records found

CVE-2025-40576

Matching Score-8

Assigner-Siemens

View Details

Matching Score-8

Assigner-Siemens

CVSS Score-5.3||MEDIUM

EPSS-0.04% / 11.07%

7 Day CHG~0.00%

Published-13 May, 2025 | 09:39

Updated-08 Jul, 2025 | 11:15

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted malicious packet, which leads to a crash of the dcpd process.

Vendor-Siemens AG

Product-scalance_lpe9403 scalance_lpe9403_firmware SCALANCE LPE9403

CWE ID-CWE-476

NULL Pointer Dereference

CVE-2025-40575

Matching Score-8

Assigner-Siemens

View Details

Matching Score-8

Assigner-Siemens

CVSS Score-5.3||MEDIUM

EPSS-0.10% / 27.79%

7 Day CHG~0.00%

Published-13 May, 2025 | 09:38

Updated-08 Jul, 2025 | 11:15

Vendor-Siemens AG

Product-scalance_lpe9403 scalance_lpe9403_firmware SCALANCE LPE9403

CWE ID-CWE-457

Use of Uninitialized Variable

CVE-2025-40577

Matching Score-8

Assigner-Siemens

View Details

Matching Score-8

Assigner-Siemens

CVSS Score-5.3||MEDIUM

EPSS-0.05% / 13.71%

7 Day CHG~0.00%

Published-13 May, 2025 | 09:39

Updated-08 Jul, 2025 | 11:15

Vendor-Siemens AG

Product-scalance_lpe9403 scalance_lpe9403_firmware SCALANCE LPE9403

CWE ID-CWE-125

Out-of-bounds Read

CVE-2025-40578

Matching Score-8

Assigner-Siemens

View Details

Matching Score-8

Assigner-Siemens

CVSS Score-5.3||MEDIUM

EPSS-0.05% / 13.71%

7 Day CHG~0.00%

Published-13 May, 2025 | 09:39

Updated-04 Jun, 2025 | 16:33

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly handle multiple incoming Profinet packets received in rapid succession. An unauthenticated remote attacker can exploit this flaw by sending multiple packets in a very short time frame, which leads to a crash of the dcpd process.

Vendor-Siemens AG

Product-scalance_lpe9403 scalance_lpe9403_firmware SCALANCE LPE9403

CWE ID-CWE-125

Out-of-bounds Read

CVE-2023-38532

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-4.8||MEDIUM

EPSS-0.05% / 13.58%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 09:20

Updated-25 Nov, 2024 | 21:18

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

Vendor-Siemens AG

Product-parasolid teamcenter_visualization Parasolid V35.1 Parasolid V35.0 Teamcenter Visualization V14.1 Teamcenter Visualization V14.2 Parasolid V34.1 Teamcenter Visualization V14.3

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2021-41546

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-7.5||HIGH

EPSS-0.55% / 67.01%

7 Day CHG~0.00%

Published-12 Oct, 2021 | 09:49

Updated-04 Aug, 2024 | 03:15

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.

CWE ID-CWE-400

Uncontrolled Resource Consumption

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2021-27383

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-7.5||HIGH

EPSS-0.44% / 62.12%

7 Day CHG~0.00%

Published-12 May, 2021 | 13:18

Updated-03 Aug, 2024 | 20:48

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.

Vendor-Siemens AG

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2024-33495

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-7.1||HIGH

EPSS-0.49% / 64.66%

7 Day CHG~0.00%

Published-14 May, 2024 | 10:02

Updated-02 Aug, 2024 | 02:36

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment.

Vendor-Siemens AG

Product-SIMATIC RTLS Locating Manager simatic_rtls_locating_manager

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2021-25671

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-4.3||MEDIUM

EPSS-0.10% / 28.96%

7 Day CHG~0.00%

Published-13 Jul, 2021 | 11:02

Updated-03 Aug, 2024 | 20:11

A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). Sending specially crafted ARP packets to an affected device could cause a partial denial-of-service, preventing the device to operate normally. A restart is needed to restore normal operations.

Vendor-Siemens AG

Product-rwg1.m12_firmware rwg1.m8 rwg1.m12d_firmware rwg1.m12d rwg1.m8_firmware rwg1.m12 RWG1.M8 RWG1.M12 RWG1.M12D

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2024-26276

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-4.8||MEDIUM

EPSS-0.07% / 21.60%

7 Day CHG~0.00%

Published-09 Apr, 2024 | 08:34

Updated-13 Aug, 2024 | 07:54

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.

Vendor-Siemens AG

Product-Parasolid V36.1 Teamcenter Visualization V2312 Parasolid V35.1 Parasolid V36.0 JT2Go Teamcenter Visualization V14.2 Teamcenter Visualization V14.3 parasolid

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2021-25666

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-4.3||MEDIUM

EPSS-0.09% / 26.65%

7 Day CHG~0.00%

Published-09 Feb, 2021 | 15:38

Updated-03 Aug, 2024 | 20:11

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time.

Vendor-Siemens AG

Product-scalance_w780_firmware scalance_w740_firmware scalance_w780 scalance_w740 SCALANCE W780 and W740 (IEEE 802.11n) family

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2025-40570

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-2.4||LOW

EPSS-0.01% / 1.22%

7 Day CHG~0.00%

Published-12 Aug, 2025 | 11:17

Updated-12 Aug, 2025 | 20:08

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.

Vendor-Siemens AG

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2020-28400

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-8.7||HIGH

EPSS-0.90% / 74.75%

7 Day CHG~0.00%

Published-13 Jul, 2021 | 11:02

Updated-10 Dec, 2024 | 14:15

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Vendor-Siemens AG

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2023-39269

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-7.5||HIGH

EPSS-0.22% / 45.02%

7 Day CHG~0.00%

Published-08 Aug, 2023 | 09:20

Updated-12 Aug, 2025 | 12:15

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over.

Vendor-Siemens AG

Product-ruggedcom_rsg2488nc ruggedcom_rs969 ruggedcom_rsg2100_\(32m\)ruggedcom_rsg2100 ruggedcom_rsg2300p ruggedcom_rsg910c ruggedcom_rs416 ruggedcom_rs900_\(32m\)ruggedcom_i802nc ruggedcom_m969f ruggedcom_ros ruggedcom_m2100 ruggedcom_rs910lnc ruggedcom_rsg2300f ruggedcom_rs900mnc-stnd-xx ruggedcom_rs930w ruggedcom_rmc8388 ruggedcom_rsg2200 ruggedcom_rsg2300nc ruggedcom_rs969nc ruggedcom_rsl910nc ruggedcom_m2200f ruggedcom_rs1600 ruggedcom_rs910l ruggedcom_rsg2288nc ruggedcom_rs900m-stnd-c01 ruggedcom_m969 ruggedcom_rs900g_\(32m\)ruggedcom_rsg2200nc ruggedcom_rs900m-stnd-xx ruggedcom_rsg2100nc\(32m\)ruggedcom_m969nc ruggedcom_i801nc ruggedcom_rs900nc\(32m\)ruggedcom_rsg2300pf ruggedcom_m2100f ruggedcom_rsg2488f ruggedcom_rsl910 ruggedcom_rs900l ruggedcom_rs401nc ruggedcom_rs900lnc ruggedcom_rs900m-gets-c01 ruggedcom_rs900nc ruggedcom_rs900mnc-gets-c01 ruggedcom_rs920w ruggedcom_rs8000a ruggedcom_rs416v2 ruggedcom_rst916c ruggedcom_rsg2300 ruggedcom_rs8000anc ruggedcom_rst2228p ruggedcom_rs8000nc ruggedcom_rsg908c ruggedcom_i803 ruggedcom_rmc30nc ruggedcom_rs930lnc ruggedcom_rsg2488 ruggedcom_rs900g ruggedcom_rs416pnc_v2 ruggedcom_rs8000tnc ruggedcom_rsg2288 ruggedcom_rs900gf ruggedcom_rs940g ruggedcom_rsg920pnc ruggedcom_rsg2100f ruggedcom_rmc8388nc ruggedcom_rs910 ruggedcom_rs930l ruggedcom_rsg907r ruggedcom_rs1600tnc ruggedcom_rs900gpnc ruggedcom_rs8000hnc ruggedcom_rs900w ruggedcom_rp110nc ruggedcom_rs900gnc ruggedcom_rsg2100pnc ruggedcom_i801 ruggedcom_rs940gnc ruggedcom_rs416pnc ruggedcom_rsg2100pf ruggedcom_rs416nc ruggedcom_i800 ruggedcom_rs900mnc-gets-xx ruggedcom_rs940gf ruggedcom_rst2228 ruggedcom_i800nc ruggedcom_rsg909r ruggedcom_rs1600t ruggedcom_rs401 ruggedcom_rs900 ruggedcom_rs8000t ruggedcom_rs416pv2 ruggedcom_rs416f ruggedcom_rp110 ruggedcom_rs920lnc ruggedcom_i803nc ruggedcom_i802 ruggedcom_rs910w ruggedcom_m2200nc ruggedcom_rsg2100p ruggedcom_rs900gpf ruggedcom_rs8000 ruggedcom_rst916p ruggedcom_rs900f ruggedcom_rsg2200f ruggedcom_rs1600nc ruggedcom_rsg2100nc ruggedcom_rs900gp ruggedcom_rs900mnc-stnd-xx-c01 ruggedcom_rsg920p ruggedcom_rs416p ruggedcom_rs900m-gets-xx ruggedcom_m2100nc ruggedcom_rs1600f ruggedcom_m2200 ruggedcom_rs416nc_v2 ruggedcom_rs400 ruggedcom_rs8000h ruggedcom_rs1600fnc ruggedcom_rs416pf ruggedcom_rs400f ruggedcom_rsg2300pnc ruggedcom_rs920l ruggedcom_rs910nc ruggedcom_rs900gnc\(32m\)ruggedcom_rs400nc ruggedcom_rmc30 RUGGEDCOM RS8000 RUGGEDCOM RS900L RUGGEDCOM RSG2300 V4.X RUGGEDCOM RS900MNC-STND-XX-C01 RUGGEDCOM RSG920P V4.X RUGGEDCOM RS401NC RUGGEDCOM RSG2100PNC (32M) V4.X RUGGEDCOM RS920LNC RUGGEDCOM RS910L RUGGEDCOM RS930W RUGGEDCOM RSG2100NC(32M) V5.X RUGGEDCOM RSG2100 (32M) V5.X RUGGEDCOM RSG2288NC V5.X RUGGEDCOM RS416Pv2 V4.X RUGGEDCOM RS1600 RUGGEDCOM i801NC RUGGEDCOM RS940G RUGGEDCOM RSG2100NC(32M) V4.X RUGGEDCOM i800NC RUGGEDCOM RS910 RUGGEDCOM RSG908C RUGGEDCOM RS8000NC RUGGEDCOM RS400F RUGGEDCOM RS900NC(32M) V4.X RUGGEDCOM RS920L RUGGEDCOM RMC8388 V4.X RUGGEDCOM RS8000H RUGGEDCOM RS900LNC RUGGEDCOM RS8000T RUGGEDCOM RS910NC RUGGEDCOM RS416PF RUGGEDCOM RS900G RUGGEDCOM M2100F RUGGEDCOM RS900M-STND-XX RUGGEDCOM RS900W RUGGEDCOM RMC8388 V5.X RUGGEDCOM RS900MNC-STND-XX RUGGEDCOM RSG2100PNC (32M) V5.X RUGGEDCOM RSG910C RUGGEDCOM RSG2300PF RUGGEDCOM RSG2288 V4.X RUGGEDCOM RS1600NC RUGGEDCOM RS969 RUGGEDCOM RS900 (32M) V4.X RUGGEDCOM RSG909R RUGGEDCOM RS416F RUGGEDCOM RS900GPF RUGGEDCOM RSG2100P RUGGEDCOM RS930LNC RUGGEDCOM RS416P RUGGEDCOM RSG920P V5.X RUGGEDCOM RSG2200NC RUGGEDCOM RS8000HNC RUGGEDCOM RSG2300PNC V5.X RUGGEDCOM RSG2288 V5.X RUGGEDCOM RS1600F RUGGEDCOM RS416NC RUGGEDCOM RS930L RUGGEDCOM RSG907R RUGGEDCOM RSG2300P V5.X RUGGEDCOM RS910W RUGGEDCOM RSG2300 V5.X RUGGEDCOM RS940GNC RUGGEDCOM RS900GNC RUGGEDCOM RSG2100P (32M) V4.X RUGGEDCOM RMC8388NC V5.X RUGGEDCOM RS940GF RUGGEDCOM RS910LNC RUGGEDCOM RSG2288NC V4.X RUGGEDCOM RSG2488 V5.X RUGGEDCOM RMC30 RUGGEDCOM RS900GF RUGGEDCOM RS8000ANC RUGGEDCOM RMC8388NC V4.X RUGGEDCOM RS1600T RUGGEDCOM M969F RUGGEDCOM RS900G (32M) V5.X RUGGEDCOM RS400NC RUGGEDCOM RS900MNC-GETS-C01 RUGGEDCOM RS900M-GETS-C01 RUGGEDCOM RSG2488NC V4.X RUGGEDCOM M2200F RUGGEDCOM RP110 RUGGEDCOM i801 RUGGEDCOM RS416v2 V4.X RUGGEDCOM RS416NCv2 V4.X RUGGEDCOM RS8000TNC RUGGEDCOM RSG2300P V4.X RUGGEDCOM RS416v2 V5.X RUGGEDCOM RS920W RUGGEDCOM RS900F RUGGEDCOM M2200 RUGGEDCOM RS900MNC-GETS-XX RUGGEDCOM RSG2300NC V5.X RUGGEDCOM RS900GNC(32M) V4.X RUGGEDCOM RS900 RUGGEDCOM RSG2100 RUGGEDCOM M969NC RUGGEDCOM RS416PNC RUGGEDCOM RS1600FNC RUGGEDCOM RS400 RUGGEDCOM RS900NC(32M) V5.X RUGGEDCOM RS1600TNC RUGGEDCOM RS900G (32M) V4.X RUGGEDCOM M969 RUGGEDCOM RS416PNCv2 V4.X RUGGEDCOM M2200NC RUGGEDCOM RS8000A RUGGEDCOM i803 RUGGEDCOM RSG2100PNC RUGGEDCOM RSG920PNC V5.X RUGGEDCOM RSG2100NC RUGGEDCOM RSG2488F RUGGEDCOM RP110NC RUGGEDCOM RSG2200 RUGGEDCOM RSG2488NC V5.X RUGGEDCOM RSL910NC RUGGEDCOM RS969NC RUGGEDCOM RS416 RUGGEDCOM RST2228P RUGGEDCOM i800 RUGGEDCOM RS900M-STND-C01 RUGGEDCOM RS900M-GETS-XX RUGGEDCOM RST916P RUGGEDCOM RS416PNCv2 V5.X RUGGEDCOM RS416NCv2 V5.X RUGGEDCOM RSG2100 (32M) V4.X RUGGEDCOM RSL910 RUGGEDCOM RSG2100PF RUGGEDCOM RS900GP RUGGEDCOM RST916C RUGGEDCOM RS900GPNC RUGGEDCOM RSG2100F RUGGEDCOM RSG2488 V4.X RUGGEDCOM i802 RUGGEDCOM RS900GNC(32M) V5.X RUGGEDCOM RST2228 RUGGEDCOM RS401 RUGGEDCOM RSG2300NC V4.X RUGGEDCOM RSG920PNC V4.X RUGGEDCOM i802NC RUGGEDCOM i803NC RUGGEDCOM M2100 RUGGEDCOM RSG2300F RUGGEDCOM RSG2300PNC V4.X RUGGEDCOM RS900NC RUGGEDCOM RS416Pv2 V5.X RUGGEDCOM RMC30NC RUGGEDCOM RS900 (32M) V5.X RUGGEDCOM RSG2200F RUGGEDCOM M2100NC RUGGEDCOM RSG2100P (32M) V5.X

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2023-36521

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-8.6||HIGH

EPSS-0.22% / 44.39%

7 Day CHG~0.00%

Published-11 Jul, 2023 | 09:07

Updated-21 Nov, 2024 | 14:09

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2022-43768

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-7.5||HIGH

EPSS-0.32% / 54.03%

7 Day CHG~0.00%

Published-11 Apr, 2023 | 09:02

Updated-07 Feb, 2025 | 16:51

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Vendor-Siemens AG

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2022-41288

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-3.3||LOW

EPSS-0.05% / 13.58%

7 Day CHG~0.00%

Published-13 Dec, 2022 | 00:00

Updated-21 Apr, 2025 | 13:44

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.

Vendor-Siemens AG

Product-jt2go teamcenter_visualization Teamcenter Visualization V13.3 Teamcenter Visualization V13.2 JT2Go Teamcenter Visualization V14.1 Teamcenter Visualization V14.0

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2022-36324

Matching Score-6

Assigner-Siemens

View Details

Matching Score-6

Assigner-Siemens

CVSS Score-7.5||HIGH

EPSS-1.26% / 78.56%

7 Day CHG~0.00%

Published-10 Aug, 2022 | 11:18

Updated-21 Apr, 2025 | 13:51

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

Vendor-Siemens AG

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2025-7070

Matching Score-4

Assigner-VulDB

View Details

Matching Score-4

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.02% / 3.58%

7 Day CHG~0.00%

Published-04 Jul, 2025 | 21:32

Updated-08 Jul, 2025 | 16:18

IROAD Dashcam Q9 MFA Pairing Request allocation of resources

A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local network. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-IROAD

Product-Dashcam Q9

CWE ID-CWE-400

Uncontrolled Resource Consumption

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2024-58114

Matching Score-4

Assigner-Huawei Technologies

View Details

Matching Score-4

Assigner-Huawei Technologies

CVSS Score-4||MEDIUM

EPSS-0.01% / 0.66%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 06:42

Updated-11 Jul, 2025 | 14:33

Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Vendor-Huawei Technologies Co., Ltd.

Product-harmonyos HarmonyOS

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling

CVE-2024-39876

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs