Vulnerabilities > Siemens > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-14 CVE-2020-25228 Missing Authentication for Critical Function vulnerability in Siemens Logo! 8 BM Firmware
A vulnerability has been identified in LOGO! 8 BM (incl.
network
low complexity
siemens CWE-306
critical
10.0
2020-11-17 CVE-2020-7774 The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
network
low complexity
y18n-project oracle siemens
critical
9.8
2020-10-22 CVE-2019-17006 Insufficient Verification of Data Authenticity vulnerability in multiple products
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks.
network
low complexity
siemens mozilla netapp CWE-345
critical
10.0
2020-08-14 CVE-2020-10055 Code Injection vulnerability in Siemens products
A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x).
network
siemens CWE-94
critical
9.3
2020-06-30 CVE-2017-18922 Out-of-bounds Write vulnerability in multiple products
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames.
9.8
2020-01-31 CVE-2016-2031 Improper Input Validation vulnerability in multiple products
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
network
low complexity
arubanetworks siemens CWE-20
critical
9.8
2020-01-16 CVE-2019-10940 Improper Privilege Management vulnerability in Siemens Sinema Server 12.0/13.0/14.0
A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1).
network
low complexity
siemens CWE-269
critical
9.0
2019-12-12 CVE-2019-18342 Unspecified vulnerability in Siemens Control Center Server
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0).
network
low complexity
siemens
critical
9.9
2019-12-12 CVE-2019-18339 Missing Authentication for Critical Function vulnerability in Siemens products
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0).
network
low complexity
siemens CWE-306
critical
9.8
2019-12-12 CVE-2019-18337 Improper Authentication vulnerability in Siemens products
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0).
network
low complexity
siemens CWE-287
critical
9.8