Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-01-08 | CVE-2011-4532 | Path Traversal vulnerability in Siemens Automation License Manager 5.1 Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. | 5.0 |
| 2012-01-08 | CVE-2011-4531 | Improper Input Validation vulnerability in Siemens Automation License Manager 5.1 Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command. | 5.0 |
| 2012-01-08 | CVE-2011-4530 | Improper Input Validation vulnerability in Siemens Automation License Manager 5.1 Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function. | 5.0 |
| 2012-01-08 | CVE-2011-4529 | Buffer Errors vulnerability in Siemens Automation License Manager 5.1 Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command. | 7.5 |
| 2012-01-08 | CVE-2011-4056 | Unspecified vulnerability in Siemens Tecnomatix Factorylink 6.6.1/7.5.217/8.0.2.54 An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. network siemens | 5.8 |
| 2012-01-08 | CVE-2011-4055 | Buffer Errors vulnerability in Siemens Tecnomatix Factorylink 6.6.1/7.5.217/8.0.2.54 Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL. | 9.3 |
| 2011-09-16 | CVE-2011-3321 | Buffer Errors vulnerability in Siemens products Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308. | 9.3 |
| 2010-07-22 | CVE-2010-2772 | Use of Hard-coded Credentials vulnerability in Siemens Simatic PCS 7 and Simatic Wincc Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. | 7.8 |
| 2009-09-23 | CVE-2009-3322 | Denial of Service vulnerability in Siemens Gigaset SE361 WLAN Data Flood The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723. | 7.8 |
| 2009-08-25 | CVE-2008-7065 | Gigaset VoIP Phones SIP Remote Denial of Service vulnerability in Siemens Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060. | 7.8 |