Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-08 | CVE-2016-6486 | Permissions, Privileges, and Access Controls vulnerability in Siemens Sinema Server Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-07-22 | CVE-2016-6204 | Cross-site Scripting vulnerability in Siemens Sinema Remote Connect Server 1.0/1.1 Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-07-22 | CVE-2016-5874 | Improper Input Validation vulnerability in Siemens Simatic NET Pc-Software 13 Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. | 7.5 |
| 2016-07-22 | CVE-2016-5744 | Information Exposure vulnerability in Siemens Simatic Wincc 7.0/7.2 Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. | 7.5 |
| 2016-07-22 | CVE-2016-5743 | Improper Input Validation vulnerability in Siemens Simatic Batch and Simatic Wincc Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. | 9.8 |
| 2016-07-05 | CVE-2016-4956 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. | 5.3 |
| 2016-07-05 | CVE-2016-4955 | Race Condition vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. | 5.9 |
| 2016-07-05 | CVE-2016-4954 | Race Condition vulnerability in multiple products The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | 7.5 |
| 2016-07-05 | CVE-2016-4953 | Improper Authentication vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | 7.5 |
| 2016-07-04 | CVE-2016-5849 | Information Exposure vulnerability in Siemens Sicam Pas/Pqs Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. | 2.5 |