Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Siemens Subscribe
Total 1529 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-5232 2 Apple, Siemens 2 Iphone Os, Simatic Wincc Sm\@rtclient 2015-11-13 1.9 LOW N/A
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.
CVE-2015-5717 1 Siemens 1 Compas 2015-11-04 5.8 MEDIUM N/A
The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2732 1 Siemens 1 Sinema Server 2015-10-08 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.
CVE-2015-5386 1 Siemens 2 Sicam Mic, Sicam Mic Firmware 2015-07-17 9.3 HIGH N/A
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests.
CVE-2015-1595 1 Siemens 1 Spcanywhere 2015-07-15 4.3 MEDIUM N/A
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.
CVE-2015-3610 1 Siemens 1 Homecontrol For Room Automation 2015-05-07 5.4 MEDIUM N/A
The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate.
CVE-2015-1602 1 Siemens 1 Simatic Step 7 2015-04-22 2.1 LOW N/A
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.
CVE-2015-1599 1 Siemens 1 Spcanywhere 2015-03-09 2.1 LOW N/A
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.
CVE-2015-1596 1 Siemens 1 Spcanywhere 2015-03-09 5.8 MEDIUM N/A
The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-1598 1 Siemens 1 Spcanywhere 2015-03-09 2.1 LOW N/A
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.
CVE-2015-1597 1 Siemens 1 Spcanywhere 2015-03-09 6.8 MEDIUM N/A
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.
CVE-2014-9369 1 Siemens 6 Spc4000, Spc4000 Firmware, Spc5000 and 3 more 2015-03-09 7.8 HIGH N/A
Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets.
CVE-2015-1356 1 Siemens 1 Simatic Step 7 2015-02-18 4.4 MEDIUM N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file.
CVE-2015-1355 1 Siemens 1 Simatic Step 7 2015-02-18 2.1 LOW N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.
CVE-2015-1448 1 Siemens 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more 2015-02-03 10.0 HIGH N/A
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.
CVE-2015-1449 1 Siemens 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more 2015-02-03 10.0 HIGH N/A
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-1357 1 Siemens 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more 2015-02-03 5.0 MEDIUM N/A
Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs.
CVE-2014-8552 1 Siemens 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more 2014-11-26 5.0 MEDIUM N/A
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.
CVE-2014-8551 1 Siemens 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more 2014-11-26 10.0 HIGH N/A
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.
CVE-2014-4686 1 Siemens 2 Simatic Pcs7, Wincc 2014-07-25 6.8 MEDIUM N/A
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.