Vulnerabilities > Siemens > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-27 | CVE-2015-8214 | Permissions, Privileges, and Access Controls vulnerability in Siemens products Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102. | 9.7 |
2015-07-16 | CVE-2015-5386 | Improper Input Validation vulnerability in Siemens Sicam MIC Firmware Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests. | 9.3 |
2015-02-02 | CVE-2015-1449 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Ruggedcom Firmware Bs4.4.4621.31/Ss4.4.4624.34 Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2015-02-02 | CVE-2015-1448 | Permissions, Privileges, and Access Controls vulnerability in Siemens Ruggedcom Firmware Bs4.4.4621.31/Ss4.4.4624.34 The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. | 10.0 |
2014-11-26 | CVE-2014-8551 | Code Injection vulnerability in Siemens products The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | 10.0 |
2014-04-19 | CVE-2014-2731 | Remote Code Execution vulnerability in Siemens Sinema Server 12.0 Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. | 9.3 |
2013-12-07 | CVE-2013-6920 | Improper Authentication vulnerability in Siemens products Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | 10.0 |
2013-10-03 | CVE-2013-5944 | Improper Authentication vulnerability in Siemens products The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. | 10.0 |
2013-08-01 | CVE-2013-4652 | Authentication Bypass vulnerability in Siemens Scalance W-700 Series Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection. | 10.0 |
2013-07-18 | CVE-2013-4781 | OS Command Injection vulnerability in Siemens products core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |