Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-07 | CVE-2014-1699 | Resource Management Errors vulnerability in Siemens Simatic Wincc Open Architecture Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. | 5.0 |
| 2014-02-07 | CVE-2014-1698 | Path Traversal vulnerability in Siemens Simatic Wincc Open Architecture Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. | 5.0 |
| 2014-02-07 | CVE-2014-1697 | Arbitrary Code Execution vulnerability in SIEMENS SIMATIC WinCC Open Architecture The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999. | 7.5 |
| 2014-02-07 | CVE-2014-1696 | Cryptographic Issues vulnerability in Siemens Simatic Wincc Open Architecture Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
| 2013-12-17 | CVE-2013-6926 | Incorrect Authorization vulnerability in Siemens Ruggedcom Rugged Operating System The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. | 8.0 |
| 2013-12-17 | CVE-2013-6925 | Use of Insufficiently Random Values vulnerability in Siemens Ruggedcom Rugged Operating System The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. | 8.3 |
| 2013-12-10 | CVE-2013-6840 | Permissions, Privileges, and Access Controls vulnerability in Siemens Comos Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. | 6.9 |
| 2013-12-07 | CVE-2013-6920 | Improper Authentication vulnerability in Siemens products Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | 10.0 |
| 2013-10-03 | CVE-2013-5944 | Improper Authentication vulnerability in Siemens products The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. | 10.0 |
| 2013-09-17 | CVE-2013-5709 | Numeric Errors vulnerability in Siemens products The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers, which makes it easier for remote attackers to hijack sessions by predicting a value. | 8.3 |