Vulnerabilities > Siemens > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-06-15 CVE-2021-27388 Improper Input Validation vulnerability in Siemens products
SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).
network
low complexity
siemens CWE-20
critical
9.8
2021-05-28 CVE-2020-15782 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl.
network
low complexity
siemens CWE-119
critical
9.8
2021-05-12 CVE-2021-27384 Access of Memory Location After End of Buffer vulnerability in Siemens products
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl.
network
low complexity
siemens CWE-788
critical
9.8
2021-04-29 CVE-2021-25216 Out-of-bounds Read vulnerability in multiple products
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.
network
low complexity
debian isc siemens netapp CWE-125
critical
9.8
2021-04-22 CVE-2021-27389 Use of Hard-coded Cryptographic Key vulnerability in Siemens Opcenter Quality and QMS Automotive
A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30).
network
low complexity
siemens CWE-321
critical
9.8
2021-04-22 CVE-2021-25669 Stack-based Buffer Overflow vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl.
network
low complexity
siemens CWE-121
critical
9.8
2021-04-22 CVE-2021-25668 Heap-based Buffer Overflow vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl.
network
low complexity
siemens CWE-122
critical
9.8
2021-04-13 CVE-2021-29998 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Wind River VxWorks before 6.5.
network
low complexity
windriver siemens CWE-787
critical
9.8
2021-03-30 CVE-2019-5319 Classic Buffer Overflow vulnerability in multiple products
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below.
network
low complexity
arubanetworks siemens CWE-120
critical
9.8
2021-03-30 CVE-2021-25149 Classic Buffer Overflow vulnerability in multiple products
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below.
network
low complexity
arubanetworks siemens CWE-120
critical
9.8