Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-01 | CVE-2017-2685 | Information Exposure vulnerability in Siemens products Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. | 7.4 |
| 2017-02-27 | CVE-2017-2683 | Cross-site Scripting vulnerability in Siemens Ruggedcom Network Management Software 2.0.2 A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. | 8.2 |
| 2017-02-27 | CVE-2017-2682 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom Network Management Software 2.0.2 The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. | 8.8 |
| 2017-02-22 | CVE-2017-2684 | Unspecified vulnerability in Siemens Simatic Logon 1.5 Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. | 9.0 |
| 2017-02-13 | CVE-2016-8567 | Use of Hard-coded Credentials vulnerability in Siemens Sicam Pas/Pqs 7.0 An issue was discovered in Siemens SICAM PAS before 8.00. | 9.8 |
| 2017-02-13 | CVE-2016-8566 | Credentials Management vulnerability in Siemens Sicam Pas/Pqs 7.0 An issue was discovered in Siemens SICAM PAS before 8.00. | 7.8 |
| 2017-02-13 | CVE-2016-7987 | Data Processing Errors vulnerability in Siemens Eta2 Firmware and Eta4 Firmware An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. | 7.5 |
| 2017-01-30 | CVE-2016-2518 | Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | 5.3 |
| 2017-01-30 | CVE-2015-7977 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | 5.9 |
| 2017-01-30 | CVE-2015-7973 | 7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | 6.5 |