Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-04 | CVE-2016-5848 | Information Exposure vulnerability in Siemens Sicam Pas/Pqs Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | 6.7 |
| 2016-06-27 | CVE-2016-3949 | Resource Management Errors vulnerability in Siemens products Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets. | 7.5 |
| 2016-05-31 | CVE-2016-4785 | Information Exposure vulnerability in Siemens Siprotec Firmware 4.26 A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. | 5.3 |
| 2016-05-31 | CVE-2016-4784 | Information Exposure vulnerability in Siemens Siprotec Firmware 4.26 A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. | 5.3 |
| 2016-04-08 | CVE-2016-3963 | Unspecified vulnerability in Siemens Scalance S613 Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443. | 5.3 |
| 2016-03-18 | CVE-2016-3155 | Information Exposure vulnerability in Siemens Apogee Insight Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. | 3.4 |
| 2016-03-16 | CVE-2016-2846 | 7PK - Security Features vulnerability in Siemens Simatic S7 CPU 1200 Firmware 2.0/3.0/3.0.2 Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. | 6.5 |
| 2016-02-08 | CVE-2016-2201 | Improper Input Validation vulnerability in Siemens Simatic S7-1500 CPU Firmware 1.8.2 Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. | 5.3 |
| 2016-02-08 | CVE-2016-2200 | Improper Input Validation vulnerability in Siemens Simatic S7-1500 CPU Firmware 1.5.1/1.6/1.8.2 Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102. | 7.5 |
| 2016-01-30 | CVE-2016-1488 | Cross-site Scripting vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |