Filtered by vendor Siemens
Subscribe
Total
1529 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32255 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. | |||||
| CVE-2022-32260 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. | |||||
| CVE-2022-30229 | 1 Siemens | 1 Sicam Gridedge Essential | 2022-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known. | |||||
| CVE-2022-29034 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. | |||||
| CVE-2022-32261 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. | |||||
| CVE-2022-26476 | 1 Siemens | 3 Spectrum Power 4, Spectrum Power 7, Spectrum Power Microgrid Management System | 2022-06-22 | 5.4 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges. | |||||
| CVE-2022-32258 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. | |||||
| CVE-2022-32259 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. | |||||
| CVE-2022-31465 | 1 Siemens | 1 Xpedition Designer | 2022-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2022-30937 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more | 2022-06-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition. | |||||
| CVE-2022-32262 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. | |||||
| CVE-2022-32253 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. | |||||
| CVE-2022-32145 | 1 Siemens | 1 Teamcenter Active Workspace | 2022-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | |||||
| CVE-2022-32251 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user. | |||||
| CVE-2022-30230 | 1 Siemens | 1 Sicam Gridedge Essential | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions. | |||||
| CVE-2022-30231 | 1 Siemens | 1 Sicam Gridedge Essential | 2022-06-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash. | |||||
| CVE-2022-27221 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack. | |||||
| CVE-2020-8177 | 4 Debian, Fujitsu, Haxx and 1 more | 15 Debian Linux, M10-1, M10-1 Firmware and 12 more | 2022-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||||
| CVE-2019-12264 | 3 Belden, Siemens, Windriver | 42 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 39 more | 2022-06-16 | 4.8 MEDIUM | 7.1 HIGH |
| Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. | |||||
| CVE-2019-12262 | 3 Belden, Siemens, Windriver | 42 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 39 more | 2022-06-16 | 7.5 HIGH | 9.8 CRITICAL |
| Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). | |||||