Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-36140 Cross-site Scripting vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2).
network
low complexity
siemens CWE-79
5.4
2024-11-12 CVE-2024-44102 Deserialization of Untrusted Data vulnerability in Siemens Telecontrol Server Basic 3.1
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured).
network
low complexity
siemens CWE-502
critical
10.0
2024-11-12 CVE-2024-46888 Path Traversal vulnerability in Siemens Sinec INS 1.0
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
network
low complexity
siemens CWE-22
critical
9.9
2024-11-12 CVE-2024-46889 Use of Hard-coded Cryptographic Key vulnerability in Siemens Sinec INS 1.0
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
network
low complexity
siemens CWE-321
5.3
2024-11-12 CVE-2024-46890 OS Command Injection vulnerability in Siemens Sinec INS 1.0
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
network
low complexity
siemens CWE-78
critical
9.1
2024-11-12 CVE-2024-46891 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
network
low complexity
CWE-400
5.3
2024-11-12 CVE-2024-46892 Insufficient Session Expiration vulnerability in Siemens Sinec INS 1.0
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
network
low complexity
siemens CWE-613
8.1
2024-11-12 CVE-2024-46894 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
network
low complexity
6.3
2024-11-12 CVE-2024-47783 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Siport
A vulnerability has been identified in SIPORT (All versions < V3.4.0).
local
low complexity
siemens CWE-732
7.8
2024-11-12 CVE-2024-47808 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinec NMS
A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1).
local
low complexity
siemens CWE-732
6.5