Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-08 | CVE-2017-9940 | Improper Privilege Management vulnerability in Siemens Sipass Integrated 2.65 A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. | 8.1 |
| 2017-08-08 | CVE-2017-9939 | Improper Authentication vulnerability in Siemens Sipass Integrated 2.65 A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations. | 9.8 |
| 2017-08-08 | CVE-2017-9938 | Improper Input Validation vulnerability in Siemens Simatic Logon 1.5 A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. | 7.5 |
| 2017-08-08 | CVE-2017-6873 | Unspecified vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp. | 7.4 |
| 2017-08-08 | CVE-2017-6872 | Exposure of Resource to Wrong Sphere vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. | 6.5 |
| 2017-08-08 | CVE-2017-6871 | Improper Authentication vulnerability in Siemens products A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). | 5.4 |
| 2017-08-08 | CVE-2017-6870 | Unspecified vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0/1.0.2.1 A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). | 7.4 |
| 2017-08-08 | CVE-2017-6869 | Unspecified vulnerability in Siemens Viewport for web Office Portal A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. | 9.8 |
| 2017-08-07 | CVE-2017-6866 | Unspecified vulnerability in Siemens XHQ Server 4.7.1.2/5.0.0.1 A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. | 6.5 |
| 2017-08-07 | CVE-2015-7855 | Improper Input Validation vulnerability in multiple products The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. | 6.5 |