Filtered by vendor Siemens
Subscribe
Total
1529 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-4685 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 4.6 MEDIUM | N/A |
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. | |||||
CVE-2014-4684 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 6.0 MEDIUM | N/A |
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||||
CVE-2014-4683 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 4.9 MEDIUM | N/A |
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. | |||||
CVE-2014-4682 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2014-07-25 | 5.0 MEDIUM | N/A |
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. | |||||
CVE-2014-2733 | 1 Siemens | 1 Sinema Server | 2014-04-21 | 5.0 MEDIUM | N/A |
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80. | |||||
CVE-2014-2731 | 1 Siemens | 1 Sinema Server | 2014-04-21 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. | |||||
CVE-2014-2249 | 1 Siemens | 1 Simatic S7-1500 Cpu Firmware | 2014-03-25 | 5.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2013-6840 | 1 Siemens | 1 Comos | 2013-12-12 | 6.9 MEDIUM | N/A |
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. | |||||
CVE-2013-4778 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-21 | 7.8 HIGH | N/A |
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors. | |||||
CVE-2013-4779 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-4780 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-21 | 7.8 HIGH | N/A |
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2013-4781 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-21 | 10.0 HIGH | N/A |
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2013-4943 | 1 Siemens | 1 Comos | 2013-08-13 | 7.2 HIGH | N/A |
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. | |||||
CVE-2013-4652 | 1 Siemens | 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more | 2013-08-01 | 10.0 HIGH | N/A |
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection. | |||||
CVE-2013-4651 | 1 Siemens | 17 Scalance W700 Series Firmware, Scalance W744-1, Scalance W744-1pro and 14 more | 2013-08-01 | 6.6 MEDIUM | N/A |
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship. | |||||
CVE-2013-3927 | 1 Siemens | 1 Comos | 2013-06-18 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access. | |||||
CVE-2013-3959 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2013-06-16 | 4.0 MEDIUM | N/A |
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters. | |||||
CVE-2013-3958 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2013-06-16 | 7.5 HIGH | N/A |
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. | |||||
CVE-2013-3957 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2013-06-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2011-4515 | 1 Siemens | 1 Wincc Tia Portal | 2013-05-30 | 4.6 MEDIUM | N/A |
Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. |