Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-18 | CVE-2015-5374 | Data Processing Errors vulnerability in Siemens Siprotec Firmware 4.24 A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. | 7.8 |
| 2015-07-16 | CVE-2015-5386 | Improper Input Validation vulnerability in Siemens Sicam MIC Firmware Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. | 9.3 |
| 2015-06-28 | CVE-2015-4174 | Cross-site Scripting vulnerability in Siemens Climatix Bacnet/Ip Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2015-05-07 | CVE-2015-3610 | Cryptographic Issues vulnerability in Siemens Homecontrol for Room Automation 2.0.0 The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. | 5.4 |
| 2015-04-08 | CVE-2015-2823 | Improper Authentication vulnerability in Siemens Wincc Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. | 6.8 |
| 2015-04-08 | CVE-2015-2822 | Improper Input Validation vulnerability in Siemens Wincc 5.0/7.0/7.1 Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. | 4.3 |
| 2015-04-06 | CVE-2015-1602 | Information Exposure vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files. | 2.1 |
| 2015-04-06 | CVE-2015-1601 | 7PK - Security Features vulnerability in Siemens Simatic Step 7 12/13/5.5 Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | 6.8 |
| 2015-03-07 | CVE-2015-2177 | Improper Input Validation vulnerability in Siemens Simatic S7-300 CPU and Simatic S7-300 CPU Firmware Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. | 7.8 |
| 2015-03-07 | CVE-2015-1599 | Permissions, Privileges, and Access Controls vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | 2.1 |