Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2018-4839 | Unspecified vulnerability in Siemens products A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). | 5.3 |
| 2018-03-08 | CVE-2018-4838 | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). | 7.5 |
| 2018-02-19 | CVE-2018-5381 | Infinite Loop vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. | 7.5 |
| 2018-02-19 | CVE-2018-5380 | Out-of-bounds Read vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | 4.3 |
| 2018-02-19 | CVE-2018-5379 | Double Free vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. | 9.8 |
| 2018-01-25 | CVE-2018-4837 | Unspecified vulnerability in Siemens Telecontrol Server Basic 3.0 A vulnerability has been identified in TeleControl Server Basic < V3.1. | 7.5 |
| 2018-01-25 | CVE-2018-4836 | Unspecified vulnerability in Siemens Telecontrol Server Basic 3.0 A vulnerability has been identified in TeleControl Server Basic < V3.1. | 8.8 |
| 2018-01-25 | CVE-2018-4835 | Information Exposure vulnerability in Siemens Telecontrol Server Basic 3.0 A vulnerability has been identified in TeleControl Server Basic < V3.1. | 5.3 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |
| 2018-01-04 | CVE-2017-5715 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |