Vulnerabilities > Siemens > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-02-03 | CVE-2011-4875 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. | 9.3 |
| 2012-02-03 | CVE-2011-4514 | Improper Authentication vulnerability in Siemens products The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. | 10.0 |
| 2012-02-03 | CVE-2011-4513 | Remote Security vulnerability in SIMATIC Wincc Runtime Advanced Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. | 10.0 |
| 2012-02-03 | CVE-2011-4509 | Permissions, Privileges, and Access Controls vulnerability in Siemens products The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. | 10.0 |
| 2012-02-03 | CVE-2011-4508 | Improper Authentication vulnerability in Siemens products The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | 9.3 |
| 2012-01-08 | CVE-2011-4055 | Buffer Errors vulnerability in Siemens Tecnomatix Factorylink 6.6.1/7.5.217/8.0.2.54 Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL. | 9.3 |
| 2011-09-16 | CVE-2011-3321 | Buffer Errors vulnerability in Siemens products Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308. | 9.3 |
| 2009-08-19 | CVE-2008-6993 | Cryptographic Issues vulnerability in Siemens Gigaset Wlan Camera 1.27 Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. | 10.0 |
| 2009-08-07 | CVE-2008-6916 | Improper Authentication vulnerability in multiple products Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname. | 10.0 |
| 2003-04-22 | CVE-2002-1484 | Server-Side Request Forgery (SSRF) vulnerability in Siemens Db4Web 3.4/3.6 DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message. | 9.8 |