Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0300

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-06 May, 2026 | 18:57
Updated At-12 May, 2026 | 12:08
Rejected At-
Credits

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Palo Alto Networks, Inc.Palo Alto Networks
Product:PAN-OS
Added At:06 May, 2026
Due At:09 May, 2026

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.

Used in Ransomware

:

Unknown

CWE

:
CWE-787

Required Action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required. 5/13/2026: Palo Alto has released a variety of patches. If these are relevant to your environment, please apply the designate

Additional Notes:

https://security.paloaltonetworks.com/CVE-2026-0300 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0300
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:06 May, 2026 | 18:57
Updated At:12 May, 2026 | 12:08
Rejected At:
▼CVE Numbering Authority (CNA)
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cloud NGFW
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
PAN-OS
CPEs
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:12.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.7:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.13:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.12:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.11:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h29:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h25:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h22:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h27:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h25:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.18:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.17:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.16:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.15:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.14:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h31:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h30:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h27:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h26:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h32:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h24:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h10:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h9:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h8:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h7:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h6:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h5:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h4:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h3:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h2:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:-:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 12.1.0 before 12.1.7 (custom)
    • -> unaffectedfrom12.1.7
    • -> unaffectedfrom12.1.4-h5
  • From 11.2.0 before 11.2.12 (custom)
    • -> unaffectedfrom11.2.12
    • -> unaffectedfrom11.2.10-h6
    • -> unaffectedfrom11.2.7-h13
    • -> unaffectedfrom11.2.4-h17
  • From 11.1.0 before 11.1.15 (custom)
    • -> unaffectedfrom11.1.15
    • -> unaffectedfrom11.1.13-h5
    • -> unaffectedfrom11.1.10-h25
    • -> unaffectedfrom11.1.7-h6
    • -> unaffectedfrom11.1.6-h32
    • -> unaffectedfrom11.1.4-h33
  • From 10.2.0 before 10.2.18-h6 (custom)
    • -> unaffectedfrom10.2.18-h6
    • -> unaffectedfrom10.2.16-h7
    • -> unaffectedfrom10.2.13-h21
    • -> unaffectedfrom10.2.10-h36
    • -> unaffectedfrom10.2.7-h34
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Prisma Access
Default Status
unaffected
Versions
Unaffected
  • All (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red
4.08.7HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/AU:Y/R:U/V:C/RE:M/U:Red
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

This issue will be fixed in upcoming releases of PAN-OS as captured in the table above. We strongly recommend that you secure access to your User-ID™ Authentication Portal following the instructions in the workarounds section below.

Configurations

This issue is applicable only to PA-Series and VM-Series firewalls that are configured to use User-ID™ Authentication Portal. Customers are impacted if both of the following conditions are true: * User-ID™ Authentication Portal configured in the User-ID™ Authentication Portal Settings page. You can verify the configuration by going to Device > User Identification > Authentication Portal Settings -> Enable Authentication Portal (applies to both transparent and redirect modes) and * An interface management profile with response pages enabled and associated with an external/internet-accessible interface. You can verify the configuration by going to Network > Interface > Select the interface > Advanced Tab > Create Management Interface Profile.

Workarounds

Customers can mitigate the risk of this issue by taking either of the following actions: * Restrict User-ID™ Authentication Portal access to only trusted zones and in addition, disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users' browsers ingress. Refer to Step 6 of the following Live Community article (https://live.paloaltonetworks.com/t5/general-articles/why-it-s-essential-to-secure-your-management-interface/ta-p/1001286) and Knowledgebase article (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqbiCAC) for steps to restrict access. * Disable User-ID™ Authentication Portal if not required. Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 510019 from Applications and Threats content version 9097-10022. Decoder capabilities necessitate PAN-OS 11.1 or a later version for Threat ID support.

Exploits

Limited exploitation has been observed targeting Palo Alto Networks User-ID™ Authentication Portals that are exposed to untrusted IP addresses and/or the public internet. Customers following standard security best practices, such as restricting sensitive portals to trusted internal networks are at a greatly reduced risk.

Credits
Timeline
EventDate
Updated with Threat Prevention ID and clarified the Required Configuration section.2026-05-06 17:27:00
Initial publication.2026-05-05 23:00:00
Event: Updated with Threat Prevention ID and clarified the Required Configuration section.
Date: 2026-05-06 17:27:00
Event: Initial publication.
Date: 2026-05-05 23:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2026-0300
vendor-advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0300
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2026-05-06
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2026-0300 added to CISA KEV2026-05-06 00:00:00
Event: CVE-2026-0300 added to CISA KEV
Date: 2026-05-06 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300
Resource:
government-resource
2.
Affected Products
Vendor
Siemens AGSiemens
Product
RUGGEDCOM APE1808
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-967325.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-967325.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:06 May, 2026 | 19:16
Updated At:12 May, 2026 | 13:17

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2026-05-062026-05-09Palo Alto Networks PAN-OS Out-of-bounds Write VulnerabilityApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required.
Date Added: 2026-05-06
Due Date: 2026-05-09
Vulnerability Name: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Until the vendor releases an official fix, the following workaround should be implemented: - Restrict User-ID Authentication Portal access to only trusted zones. - Disable User-ID Authentication Portal if not required.
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.0
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.1
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.2
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.3
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.4
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.5
cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.6
cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h24:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h32:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.7
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.8
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.9
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h10:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h12:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h14:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h17:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h18:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h21:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h27:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h30:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h31:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.10
cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.11
cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.12
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h10:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h16:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h18:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h3:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h4:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h5:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.13
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h7:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.14
cpe:2.3:o:paloaltonetworks:pan-os:10.2.14:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>10.2.15
cpe:2.3:o:paloaltonetworks:pan-os:10.2.15:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondarypsirt@paloaltonetworks.com
CWE ID: CWE-787
Type: Secondary
Source: psirt@paloaltonetworks.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2026-0300psirt@paloaltonetworks.com
Mitigation
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-967325.html0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
N/A
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: https://security.paloaltonetworks.com/CVE-2026-0300
Source: psirt@paloaltonetworks.com
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-967325.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
Resource: N/A
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0300
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

2654Records found
CVE-2021-40358
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.9||CRITICAL
EPSS-0.69% / 72.12%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:32
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.

Action-Not Available
Vendor-Siemens AG
Product-simatic_winccsimatic_pcs_7SIMATIC WinCC V15 and earlierSIMATIC WinCC V17SIMATIC PCS 7 V9.1SIMATIC PCS 7 V9.0SIMATIC WinCC V7.4SIMATIC WinCC V7.5SIMATIC WinCC V16SIMATIC PCS 7 V8.2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-5910
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.3||CRITICAL
EPSS-91.03% / 99.65%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 18:39
Updated-04 Nov, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-11-28||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Expedition: Missing Authentication Leads to Admin Account Takeover

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-expeditionExpeditionexpeditionExpedition
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-5914
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-7||HIGH
EPSS-2.42% / 85.30%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:40
Updated-20 Aug, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cortex XSOAR: Command Injection in CommonScripts Pack

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-cortex_xsoar_commonscriptsCortex XSOAR CommonScripts
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-56336
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.5||CRITICAL
EPSS-0.24% / 46.33%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware. The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.

Action-Not Available
Vendor-Siemens AG
Product-SINAMICS S200
CWE ID-CWE-287
Improper Authentication
CVE-2021-44524
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 69.17%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 12:07
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts.

Action-Not Available
Vendor-Siemens AG
Product-sipass_integratedsiveillance_identitySiveillance Identity V1.5SiPass integrated V2.80SiPass integrated V2.85SiPass integrated V2.76Siveillance Identity V1.6
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CWE ID-CWE-287
Improper Authentication
CVE-2024-54092
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.90% / 75.87%
||
7 Day CHG+0.42%
Published-08 Apr, 2025 | 08:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions < V2.1), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC IPC227E Industrial Edge DeviceSIMATIC IPC847E Industrial Edge DeviceIndustrial Edge Device Kit - arm64 V1.17Industrial Edge Device Kit - arm64 V1.19Industrial Edge Device Kit - arm64 V1.18Industrial Edge Device Kit - x86-64 V1.17SIMATIC IPC427E Industrial Edge DeviceIndustrial Edge Device Kit - x86-64 V1.21SIMATIC IPC BX-39A Industrial Edge DeviceIndustrial Edge Device Kit - x86-64 V1.19Industrial Edge Device Kit - x86-64 V1.18Industrial Edge Own Device (IEOD)Industrial Edge Device Kit - x86-64 V1.20SIMATIC IPC127E Industrial Edge DeviceIndustrial Edge Device Kit - arm64 V1.21SCALANCE LPE9413SIMATIC IPC BX-59A Industrial Edge DeviceIndustrial Edge Virtual DeviceIndustrial Edge Device Kit - arm64 V1.20
CWE ID-CWE-1390
Weak Authentication
CVE-2019-18313
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.97%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-17440
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-10||CRITICAL
EPSS-0.45% / 63.84%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 15:22
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pa-7050pan-ospa-7080PAN-OS
CWE ID-CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CVE-2019-18342
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.9||CRITICAL
EPSS-0.57% / 68.75%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.

Action-Not Available
Vendor-Siemens AG
Product-control_center_serverControl Center Server (CCS)
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2019-18339
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.71%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverSiNVR/SiVMS Video Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18284
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 60.19%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18314
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.25% / 84.76%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-18337
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.35%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-15 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverControl Center Server (CCS)
CWE ID-CWE-287
Improper Authentication
CVE-2019-18283
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-9.23% / 92.80%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-18315
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.23%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-1581
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.69% / 86.02%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 17:06
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Remote code execution vulnerability in the PAN-OS SSH device management interface

A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2024-52335
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-1.17% / 78.88%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 13:14
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.

Action-Not Available
Vendor-Siemens AG
Product-syngo.plaza VB30Esyngo_plaza_vb30e
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-31884
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 72.79%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)

Action-Not Available
Vendor-Siemens AG
Product-talon_tc_compactdesigo_pxm20-edesigo_pxc22.1-e.dapogee_pxc_compactdesigo_pxc001-e.d_firmwareapogee_modular_equiment_controller_firmwaredesigo_pxc12-e.dapogee_pxc_compact_firmwaredesigo_pxc200-e.d_firmwareapogee_modular_equiment_controllerdesigo_pxc100-e.dapogee_modular_building_controllerdesigo_pxc001-e.dapogee_pxc_modular_firmwaretalon_tc_modular_firmwaretalon_tc_modulardesigo_pxc22.1-e.d_firmwaredesigo_pxc50-e.dapogee_modular_building_controller_firmwaredesigo_pxc12-e.d_firmwaredesigo_pxc22-e.ddesigo_pxc22-e.d_firmwaredesigo_pxc00-u_firmwarenucleus_readystart_v3desigo_pxc00-e.ddesigo_pxc100-e.d_firmwaredesigo_pxc200-e.ddesigo_pxc00-e.d_firmwaredesigo_pxc50-e.d_firmwarenucleus_netdesigo_pxc64-utalon_tc_compact_firmwaredesigo_pxc36.1-e.d_firmwaredesigo_pxc64-u_firmwaredesigo_pxc128-ucapital_vstardesigo_pxc00-uapogee_pxc_modulardesigo_pxm20-e_firmwaredesigo_pxc36.1-e.ddesigo_pxc128-u_firmwarenucleus_source_codeTALON TC Compact (BACnet)Desigo PXC64-UDesigo PXC00-UNucleus Source CodeAPOGEE PXC Compact (BACnet)APOGEE MEC (PPC) (P2 Ethernet)Nucleus NETDesigo PXC001-E.DDesigo PXC100-E.DDesigo PXC12-E.DAPOGEE MBC (PPC) (BACnet)Desigo PXC22.1-E.DTALON TC Modular (BACnet)Nucleus ReadyStart V3APOGEE MEC (PPC) (BACnet)Desigo PXC00-E.DAPOGEE MBC (PPC) (P2 Ethernet)Desigo PXC50-E.DAPOGEE PXC Compact (P2 Ethernet)Desigo PXC36.1-E.DAPOGEE PXC Modular (P2 Ethernet)Capital VSTARDesigo PXC22-E.DDesigo PXC200-E.DDesigo PXM20-EAPOGEE PXC Modular (BACnet)Desigo PXC128-U
CWE ID-CWE-170
Improper Null Termination
CVE-2021-3033
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.13%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 17:35
Updated-17 Sep, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-prisma_cloudPrisma Cloud Compute
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-27391
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.86% / 86.40%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-23 Apr, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-apogee_pxc_compact_\(p2_ethernet\)apogee_pxc_modular_\(bacnet\)_firmwareapogee_pxc_compact_\(p2_ethernet\)_firmwaretalon_tc_compact_\(bacnet\)apogee_mbc_\(ppc\)_\(p2_ethernet\)_firmwareapogee_pxc_bacnet_automation_controllerapogee_mbc_\(ppc\)_\(p2_ethernet\)apogee_pxc_bacnet_automation_controller_firmwareapogee_mec_\(ppc\)_\(p2_ethernet\)talon_tc_compact_\(bacnet\)_firmwareapogee_pxc_modular_\(p2_ethernet\)talon_tc_modular_\(bacnet\)apogee_pxc_modular_\(p2_ethernet\)_firmwareapogee_pxc_modular_\(bacnet\)apogee_mec_\(ppc\)_\(p2_ethernet\)_firmwaretalon_tc_modular_\(bacnet\)_firmwareAPOGEE PXC Modular (P2 Ethernet)APOGEE PXC Compact (BACnet)APOGEE MEC (PPC) (P2 Ethernet)APOGEE PXC Modular (BACnet)APOGEE MBC (PPC) (P2 Ethernet)TALON TC Modular (BACnet)APOGEE PXC Compact (P2 Ethernet)TALON TC Compact (BACnet)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-27389
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.36%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.

Action-Not Available
Vendor-Siemens AG
Product-opcenter_qualityqms_automotiveQMS AutomotiveOpcenter Quality
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2024-50557
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-1.01% / 77.35%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-20 Nov, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_mum856-1_\(eu\)ruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_m874-2_firmwarescalance_m874-3scalance_m874-3_\(cn\)scalance_m876-4_\(eu\)ruggedcom_rm1224_lte\(4g\)_euscalance_m812-1_\(annex_b\)scalance_m812-1_\(annex_a\)scalance_mum856-1_\(b1\)scalance_m876-4_\(nam\)scalance_m804pb_firmwarescalance_s615scalance_m874-3_firmwarescalance_m876-3_firmwarescalance_mum853-1_\(b1\)scalance_mum853-1_\(eu\)ruggedcom_rm1224_lte\(4g\)_namscalance_m876-3_\(rok\)_firmwarescalance_m874-3_\(cn\)_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(cn\)scalance_s615_firmwarescalance_mum856-1_\(a1\)_firmwarescalance_mum856-1_\(a1\)scalance_mum856-1_\(row\)scalance_m876-3_\(rok\)scalance_mum856-1_\(eu\)_firmwarescalance_mum856-1_\(cn\)_firmwarescalance_m876-3scalance_m876-4_\(eu\)_firmwarescalance_m816-1_\(annex_b\)scalance_m876-4scalance_m876-4_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_s615_eec_firmwarescalance_m826-2scalance_m812-1_\(annex_a\)_firmwarescalance_s615_eecscalance_m874-2scalance_m826-2_firmwarescalance_mum856-1_\(row\)_firmwarescalance_m816-1_\(annex_b\)_firmwarescalance_m804pbscalance_m876-4_\(nam\)_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_m816-1_\(annex_a\)_firmwarescalance_mum853-1_\(eu\)_firmwarescalance_mum853-1_\(a1\)ruggedcom_rm1224_lte\(4g\)_eu_firmwarescalance_m816-1_\(annex_a\)SCALANCE M874-3 3G-Router (CN)SCALANCE M874-3SCALANCE MUM856-1 (B1)SCALANCE M816-1 ADSL-RouterSCALANCE M876-3 (ROK)SCALANCE MUM856-1 (A1)SCALANCE M812-1 ADSL-RouterSCALANCE M804PBSCALANCE MUM856-1 (EU)SCALANCE MUM853-1 (B1)SCALANCE MUM853-1 (EU)SCALANCE S615 EEC LAN-RouterSCALANCE M874-2SCALANCE M876-4RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE M876-3SCALANCE M826-2 SHDSL-RouterSCALANCE MUM856-1 (CN)SCALANCE MUM856-1 (RoW)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE M876-4 (EU)SCALANCE MUM853-1 (A1)SCALANCE M876-4 (NAM)SCALANCE S615 LAN-Routerscalance_mum856-1_\(eu\)_firmwarescalance_mum856-1_\(cn\)_firmwareruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_m876-4_firmwarescalance_s615_eec_firmwarescalance_m804pb_firmwarescalance_mum856-1_\(row\)_firmwarescalance_m816-1_\(annex_b\)_firmwarescalance_m874-3_firmwarescalance_m876-3_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_mum853-1_\(eu\)_firmwarescalance_s615_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(a1\)_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27384
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.94% / 83.61%
||
7 Day CHG+0.50%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsinamics_gm150simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_sm150isinamics_gl150_firmwaresinamics_gl150simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_gm150_firmwaresinamics_sm150simatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_gh150simatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_gh150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsinamics_sh150sinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_comfort_panels_4\"sinamics_sl150_firmwaresinamics_sm150i_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsinamics_sm120_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SINAMICS SM150iSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SINAMICS GH150SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SINAMICS GL150 (with option X30)SINAMICS SH150SIMATIC WinCC Runtime Advanced V15SINAMICS SL150SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SINAMICS SM120SINAMICS SM150
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2024-49775
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-5.52% / 90.33%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:06
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Siemens AG
Product-Opcenter IntelligenceSIMATIC PCS neo V4.0SIMATIC PCS neo V5.0SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V19Totally Integrated Automation Portal (TIA Portal) V16Opcenter Execution FoundationSIMATIC PCS neo V4.1Opcenter QualityTotally Integrated Automation Portal (TIA Portal) V17Opcenter RDnL
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-37184
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 66.91%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.

Action-Not Available
Vendor-Siemens AG
Product-industrial_edge_managementIndustrial Edge Management
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-33719
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 68.37%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_with_cpu_variant_cp300siprotec_5_with_cpu_variant_cp100siprotec_5_with_cpu_variant_cp050SIPROTEC 5 relays with CPU variants CP050SIPROTEC 5 relays with CPU variants CP300SIPROTEC 5 relays with CPU variants CP100
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-47902
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.36% / 58.24%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 14:21
Updated-30 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level.

Action-Not Available
Vendor-Siemens AG
Product-intermesh_7707_fire_subscriberintermesh_7177_hybrid_2.0_subscriberintermesh_7707_fire_subscriber_firmwareInterMesh 7707 Fire SubscriberInterMesh 7177 Hybrid 2.0 Subscriberintermesh_7177_hybrid2.0_subscriberintermesh_7707_fire_subscriber
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-47901
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-2.91% / 86.53%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 14:21
Updated-30 Oct, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-intermesh_7707_fire_subscriberintermesh_7177_hybrid_2.0_subscriberintermesh_7707_fire_subscriber_firmwareInterMesh 7707 Fire SubscriberInterMesh 7177 Hybrid 2.0 Subscriberintermesh_7177_hybrid2.0_subscriberintermesh_7707_fire_subscriber
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-3044
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 58.04%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 17:15
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cortex XSOAR: Unauthorized Usage of the REST API

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-cortex_xsoarCortex XSOAR
CWE ID-CWE-285
Improper Authorization
CVE-2018-4834
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 77.12%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.

Action-Not Available
Vendor-Siemens AG
Product-pxm20-e_firmwarepxc00\/50\/100\/200-e.d_firmwarepxc12\/22\/36-e.dpxm20-epxc001-e.d_firmwarepxc001-e.dpxc00\/50\/100\/200-e.dpxc00\/64\/128-upxc00\/64\/128-u_firmwarepxc12\/22\/36-e.d_firmwareDesigo PXC001-E.D V6.00Desigo PXC22.1-E.D V6.00Desigo PXC22-E.D V6.00Desigo PXC50-E.D V6.00Desigo PXC36.1-E.D V5.00Desigo PXC12-E.D V5.00Desigo PXM20-E V6.00Desigo PXC36.1-E.D V6.00Desigo PXC36.1-E.D V4.10Desigo PXC100-E.D V5.00Desigo PXC50-E.D V4.10Desigo PXM20-E V5.10Desigo PXC00/64/128-U V4.10Desigo PXC00-E.D V5.10Desigo PXC001-E.D V5.00Desigo PXC100-E.D V4.10Desigo PXC12-E.D V6.00Desigo PXC36.1-E.D V5.10Desigo PXC12-E.D V4.10Desigo PXC12-E.D V5.10Desigo PXC00-E.D V5.00Desigo PXC00-E.D V4.10Desigo PXC22-E.D V5.10Desigo PXM20-E V4.10Desigo PXC100-E.D V6.00Desigo PXC200-E.D V4.10Desigo PXC50-E.D V5.00Desigo PXC200-E.D V6.00Desigo PXC00/64/128-U V6.00Desigo PXC50-E.D V5.10Desigo PXC00/64/128-U V5.00Desigo PXC22-E.D V5.00Desigo PXC22.1-E.D V4.10Desigo PXC00-E.D V6.00Desigo PXC200-E.D V5.10Desigo PXC100-E.D V5.10Desigo PXC001-E.D V4.10Desigo PXC00/64/128-U V5.10Desigo PXC22.1-E.D V5.10Desigo PXC22.1-E.D V5.00Desigo PXC001-E.D V5.10Desigo PXM20-E V5.00Desigo PXC22-E.D V4.10Desigo PXC200-E.D V5.00
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32740
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.86% / 75.20%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-20 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100simatic_cn_4100
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-45492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-2.27% / 84.81%
||
7 Day CHG+0.88%
Published-30 Aug, 2024 | 00:00
Updated-12 May, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Action-Not Available
Vendor-libexpat_projectn/alibexpatSiemens AG
Product-libexpatn/aSIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familyexpatSCALANCE XCM-/XRM-/XCH-/XRH-300 family
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-45490
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 70.06%
||
7 Day CHG~0.00%
Published-30 Aug, 2024 | 00:00
Updated-12 May, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

Action-Not Available
Vendor-libexpat_projectn/alibexpat_projectSiemens AG
Product-libexpatn/aSIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPlibexpatSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XCM-/XRM-/XCH-/XRH-300 family
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2024-45491
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-1.14% / 78.65%
||
7 Day CHG+0.55%
Published-30 Aug, 2024 | 00:00
Updated-12 May, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Action-Not Available
Vendor-libexpat_projectn/alibexpatSiemens AG
Product-libexpatn/aSIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familyexpatSCALANCE XCM-/XRM-/XCH-/XRH-300 family
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-40795
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.29% / 52.63%
||
7 Day CHG+0.02%
Published-09 Sep, 2025 | 08:48
Updated-14 Oct, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-user_management_componentsimatic_pcs_neoSIMATIC PCS neo V4.1SIMATIC PCS neo V6.0SIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-40938
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.2||CRITICAL
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-10 Dec, 2025 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-40736
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.48% / 65.28%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-21 Aug, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569).

Action-Not Available
Vendor-Siemens AG
Product-sinec_nmsSINEC NMS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-40594
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 10.30%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 08:47
Updated-10 Mar, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges.

Action-Not Available
Vendor-Siemens AG
Product-sinamics_g220_firmwaresinamics_s200sinamics_s200_firmwaresinamics_s210_firmwaresinamics_s210sinamics_g220SINAMICS S200 V6.4SINAMICS G220 V6.4SINAMICS S210 V6.4
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-40771
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.13% / 32.22%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 09:15
Updated-14 Oct, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data.

Action-Not Available
Vendor-Siemens AG
Product-SIPLUS ET 200SP CP 1542SP-1 IRC TX RAILSIMATIC CP 1543SP-1SIMATIC CP 1542SP-1SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSIPLUS ET 200SP CP 1543SP-1 ISECSIMATIC CP 1542SP-1 IRC
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-1992
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.1||HIGH
EPSS-2.05% / 84.06%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 18:41
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-ospa-7050pa-7080PAN-OS
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2020-25228
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 63.61%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:05
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A service available on port 10005/tcp of the affected devices could allow complete access to all services without authorization. An attacker could gain full control over an affected device, if he has access to this service. The system manual recommends to protect access to this port.

Action-Not Available
Vendor-Siemens AG
Product-logo\!_8_bmlogo\!_8_bm_firmwareLOGO! 8 BM (incl. SIPLUS variants)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-15787
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 62.24%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 18:11
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_united_comfort_panelssimatic_hmi_united_comfort_panels_firmwareSIMATIC HMI Unified Comfort Panels
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-287
Improper Authentication
CVE-2024-41798
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.03% / 7.53%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication.

Action-Not Available
Vendor-Siemens AG
Product-SENTRON 7KM PAC3200sentron_pac3200
CWE ID-CWE-287
Improper Authentication
CVE-2024-41794
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-10||CRITICAL
EPSS-1.38% / 80.51%
||
7 Day CHG+1.08%
Published-08 Apr, 2025 | 08:22
Updated-23 Sep, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they are in possession of these credentials and if the ssh service is enabled (e.g., by exploitation of CVE-2024-41793).

Action-Not Available
Vendor-Siemens AG
Product-7kt_pac1260_data_manager7kt_pac1260_data_manager_firmwareSENTRON 7KT PAC1260 Data Manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-38612
Matching Score-8
Assigner-kernel.org
ShareView Details
Matching Score-8
Assigner-kernel.org
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.42%
||
7 Day CHG+0.02%
Published-19 Jun, 2024 | 13:56
Updated-12 May, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ipv6: sr: fix invalid unregister error path

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.

Action-Not Available
Vendor-Siemens AGLinux Kernel Organization, Inc
Product-linux_kernelLinuxSIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM RST2428PSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XCM-/XRM-/XCH-/XRH-300 familyacrnSIMATIC S7-1500 TM MFP - GNU/Linux subsystemlinux_kernel
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-38879
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-1.31% / 80.02%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 10:36
Updated-03 Nov, 2025 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.

Action-Not Available
Vendor-Siemens AG
Product-omnivise_t3000_application_serverOmnivise T3000 R8.2 SP4Omnivise T3000 R8.2 SP3Omnivise T3000 Application Server R9.2omnivise_t3000_application_serveromnivise_t3000
CWE ID-CWE-20
Improper Input Validation
CVE-2024-37998
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-0.21% / 42.82%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 13:54
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications.

Action-Not Available
Vendor-Siemens AG
Product-CPCI85 Central Processing/CommunicationSICORE Base systemcpci85_firmwaresicore_base_system
CWE ID-CWE-620
Unverified Password Change
CVE-2024-33698
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-3.29% / 87.34%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Siemens AG
Product-SINEMA Remote Connect ClientTotally Integrated Automation Portal (TIA Portal) V16SINEC NMSSIMATIC PCS neo V4.1SIMATIC PCS neo V5.0Opcenter QualityTotally Integrated Automation Portal (TIA Portal) V17SIMATIC PCS neo V4.0Totally Integrated Automation Portal (TIA Portal) V19Opcenter RDnLTotally Integrated Automation Portal (TIA Portal) V18totally_integrated_automation_portalsimatic_information_serversimatic_pcs_neo
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-27939
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 77.66%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-06 Feb, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_crossbowRUGGEDCOM CROSSBOWruggedcom_crossbow
CWE ID-CWE-862
Missing Authorization
CVE-2022-44457
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 64.33%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.

Action-Not Available
Vendor-mendixSiemens AG
Product-samlMendix SAML (Mendix 7 compatible)Mendix SAML (Mendix 9 compatible, New Track)Mendix SAML (Mendix 8 compatible)Mendix SAML (Mendix 9 compatible, Upgrade Track)
CWE ID-CWE-294
Authentication Bypass by Capture-replay
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 53
  • 54
  • Next
Details not found