Vulnerabilities > Siemens

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
7.5
2021-08-19 CVE-2021-31338 Unspecified vulnerability in Siemens Sinema Remote Connect 3.0
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1).
local
low complexity
siemens
4.6
4.6
2021-08-19 CVE-2020-35683 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in HCC Nichestack 3.0.
network
low complexity
hcc-embedded siemens CWE-125
5.0
5.0
2021-08-19 CVE-2020-35684 Improper Input Validation vulnerability in multiple products
An issue was discovered in HCC Nichestack 3.0.
network
low complexity
hcc-embedded siemens CWE-20
5.0
5.0
2021-08-19 CVE-2020-35685 Use of Insufficiently Random Values vulnerability in multiple products
An issue was discovered in HCC Nichestack 3.0.
network
low complexity
hcc-embedded siemens CWE-330
6.4
6.4
2021-08-19 CVE-2021-31401 Improper Input Validation vulnerability in multiple products
An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1.
network
low complexity
hcc-embedded siemens CWE-20
5.0
5.0
2021-08-16 CVE-2021-22931 Improper Input Validation vulnerability in multiple products
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
network
low complexity
nodejs netapp oracle siemens CWE-20
critical
 9.8
9.8
2021-08-16 CVE-2021-22939 Improper Certificate Validation vulnerability in multiple products
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
network
low complexity
nodejs oracle netapp siemens debian CWE-295
5.3
5.3
2021-08-16 CVE-2021-22940 Use After Free vulnerability in multiple products
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs oracle netapp siemens debian CWE-416
7.5
7.5
2021-08-10 CVE-2020-28397 Incorrect Authorization vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.
network
low complexity
siemens CWE-863
5.0
5.0