Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-07 | CVE-2015-1598 | Information Exposure vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. | 2.1 |
| 2015-03-07 | CVE-2015-1597 | Code Injection vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. | 6.8 |
| 2015-03-07 | CVE-2015-1596 | Cryptographic Issues vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2015-03-07 | CVE-2015-1595 | Information Exposure vulnerability in Siemens Spcanywhere 1.4/1.4.1 The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. | 4.3 |
| 2015-03-07 | CVE-2015-1594 | Unspecified vulnerability in Siemens products Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. local siemens | 6.9 |
| 2015-03-07 | CVE-2014-9369 | Improper Input Validation vulnerability in Siemens products Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. | 7.8 |
| 2015-02-18 | CVE-2015-1358 | Cryptographic Issues vulnerability in Siemens Wincc 13.0 The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. | 5.0 |
| 2015-02-18 | CVE-2015-1356 | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | 4.4 |
| 2015-02-18 | CVE-2015-1355 | Cryptographic Issues vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | 2.1 |
| 2015-02-02 | CVE-2015-1449 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Ruggedcom Firmware Bs4.4.4621.31/Ss4.4.4624.34 Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |