Vulnerabilities > Siemens > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-29 CVE-2020-24636 OS Command Injection vulnerability in multiple products
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below.
network
low complexity
arubanetworks siemens CWE-78
critical
 9.8
9.8
2021-03-11 CVE-2016-20009 Out-of-bounds Write vulnerability in multiple products
A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7.
network
low complexity
windriver siemens CWE-787
critical
 9.8
9.8
2021-02-09 CVE-2020-15798 Missing Authentication for Critical Function vulnerability in Siemens products
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl.
network
low complexity
siemens CWE-306
critical
 9.8
9.8
2021-01-12 CVE-2020-25226 Heap-based Buffer Overflow vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
network
low complexity
siemens CWE-122
critical
 9.8
9.8
2021-01-12 CVE-2020-15800 Heap-based Buffer Overflow vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
network
low complexity
siemens CWE-122
critical
 9.8
9.8
2020-12-14 CVE-2020-25228 Missing Authentication for Critical Function vulnerability in Siemens Logo! 8 BM Firmware
A vulnerability has been identified in LOGO! 8 BM (incl.
network
low complexity
siemens CWE-306
critical
 9.8
9.8
2020-11-17 CVE-2020-7774 The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
network
low complexity
y18n-project oracle siemens
critical
 9.8
9.8
2020-10-22 CVE-2019-17006 Improper Input Validation vulnerability in multiple products
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks.
network
low complexity
siemens mozilla netapp CWE-20
critical
 9.8
9.8
2020-09-09 CVE-2020-15787 Authentication Bypass by Primary Weakness vulnerability in Siemens Simatic HMI United Comfort Panels Firmware
A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16).
network
low complexity
siemens CWE-305
critical
 9.8
9.8
2020-09-09 CVE-2020-15786 Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens products
A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl.
network
low complexity
siemens CWE-307
critical
 9.8
9.8