Vulnerabilities > Siemens > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-02 | CVE-2015-1449 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Ruggedcom Firmware Bs4.4.4621.31/Ss4.4.4624.34 Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2015-02-02 | CVE-2015-1448 | Permissions, Privileges, and Access Controls vulnerability in Siemens Ruggedcom Firmware Bs4.4.4621.31/Ss4.4.4624.34 The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. | 10.0 |
2014-11-26 | CVE-2014-8551 | Code Injection vulnerability in Siemens products The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | 10.0 |
2014-04-19 | CVE-2014-2731 | Remote Code Execution vulnerability in Siemens Sinema Server 12.0 Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. | 9.3 |
2013-12-07 | CVE-2013-6920 | Improper Authentication vulnerability in Siemens products Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | 10.0 |
2013-10-03 | CVE-2013-5944 | Improper Authentication vulnerability in Siemens products The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. | 10.0 |
2013-08-01 | CVE-2013-4652 | Authentication Bypass vulnerability in Siemens Scalance W-700 Series Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection. | 10.0 |
2013-07-18 | CVE-2013-4781 | OS Command Injection vulnerability in Siemens products core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
2013-04-01 | CVE-2013-0659 | Unspecified vulnerability in Siemens products The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185. | 10.0 |
2012-11-01 | CVE-2012-5409 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens Sipass Integrated AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack. | 10.0 |