Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-02 | CVE-2015-1448 | Permissions, Privileges, and Access Controls vulnerability in Siemens Ruggedcom Firmware Bs4.4.4621.31/Ss4.4.4624.34 The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. | 10.0 |
| 2015-02-02 | CVE-2015-1357 | Information Exposure vulnerability in Siemens Ruggedcom Firmware Bs4.4.4621.31/Ss4.4.4624.34 Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. | 5.0 |
| 2015-02-02 | CVE-2015-1049 | Improper Input Validation vulnerability in Siemens Scalance X-200 Series Firmware The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. | 6.8 |
| 2015-01-21 | CVE-2015-1048 | Open Redirection vulnerability in Siemens Simatic S7 1200 CPU Firmware 4.0 Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network siemens | 4.3 |
| 2015-01-21 | CVE-2014-8479 | Improper Input Validation vulnerability in Siemens products The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets. | 6.8 |
| 2015-01-21 | CVE-2014-8478 | Path Traversal vulnerability in Siemens products The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. | 7.8 |
| 2015-01-14 | CVE-2014-5233 | Information Exposure vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism. | 1.9 |
| 2015-01-14 | CVE-2014-5232 | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. | 1.9 |
| 2015-01-14 | CVE-2014-5231 | Information Exposure vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. | 2.1 |
| 2014-11-26 | CVE-2014-8552 | Information Exposure vulnerability in Siemens products The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. | 5.0 |