Vulnerabilities > Siemens

DATE CVE VULNERABILITY TITLE RISK
2017-02-27 CVE-2017-2683 Cross-site Scripting vulnerability in Siemens Ruggedcom Network Management Software 2.0.2
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.
network
low complexity
siemens CWE-79
8.2
2017-02-27 CVE-2017-2682 Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom Network Management Software 2.0.2
The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.
network
low complexity
siemens CWE-352
8.8
2017-02-22 CVE-2017-2684 Unspecified vulnerability in Siemens Simatic Logon 1.5
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.
network
high complexity
siemens
critical
9.0
2017-02-13 CVE-2016-8567 Use of Hard-coded Credentials vulnerability in Siemens Sicam Pas/Pqs 7.0
An issue was discovered in Siemens SICAM PAS before 8.00.
network
low complexity
siemens CWE-798
critical
9.8
2017-02-13 CVE-2016-8566 Credentials Management vulnerability in Siemens Sicam Pas/Pqs 7.0
An issue was discovered in Siemens SICAM PAS before 8.00.
local
low complexity
siemens CWE-255
7.8
2017-02-13 CVE-2016-7987 Data Processing Errors vulnerability in Siemens Eta2 Firmware and Eta4 Firmware
An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3.
network
low complexity
siemens CWE-19
7.5
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3
2017-01-30 CVE-2015-7977 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
5.9
2017-01-30 CVE-2015-7973 7PK - Security Features vulnerability in multiple products
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
network
high complexity
ntp siemens freebsd netapp canonical CWE-254
6.5
2016-12-23 CVE-2016-9154 Insufficient Entropy in PRNG vulnerability in Siemens products
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key.
network
low complexity
siemens CWE-332
7.5