Vulnerabilities > Siemens
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-14 | CVE-2021-44448 | Out-of-bounds Read vulnerability in Siemens JT Open Toolkit and JT Utilities A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). | 4.3 |
| 2021-12-14 | CVE-2021-44449 | Out-of-bounds Write vulnerability in Siemens JT Open Toolkit and JT Utilities A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). | 6.8 |
| 2021-12-14 | CVE-2021-44450 | Out-of-bounds Read vulnerability in Siemens JT Open Toolkit and JT Utilities A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). | 6.8 |
| 2021-12-14 | CVE-2021-44522 | Exposure of Resource to Wrong Sphere vulnerability in Siemens Sipass Integrated and Siveillance Identity A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). | 5.0 |
| 2021-12-14 | CVE-2021-44523 | Exposure of Resource to Wrong Sphere vulnerability in Siemens Sipass Integrated and Siveillance Identity A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). | 6.4 |
| 2021-12-14 | CVE-2021-44524 | Improper Authentication vulnerability in Siemens Sipass Integrated and Siveillance Identity A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). | 7.5 |
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical | 10.0 |
| 2021-11-23 | CVE-2021-3672 | Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. | 5.6 |
| 2021-11-14 | CVE-2021-41057 | Link Following vulnerability in multiple products In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. | 3.6 |
| 2021-11-14 | CVE-2021-43336 | Out-of-bounds Write vulnerability in multiple products An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. | 7.8 |