Vulnerabilities > Siemens > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-14 CVE-2019-12262 Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component.
network
low complexity
windriver belden siemens
critical
9.8
2019-08-09 CVE-2019-12261 Classic Buffer Overflow vulnerability in multiple products
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4).
network
low complexity
windriver sonicwall siemens netapp oracle belden CWE-120
critical
9.8
2019-08-09 CVE-2019-12260 Classic Buffer Overflow vulnerability in multiple products
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4).
network
low complexity
windriver sonicwall siemens netapp oracle belden CWE-120
critical
9.8
2019-08-09 CVE-2019-12255 Classic Buffer Overflow vulnerability in multiple products
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4).
network
low complexity
windriver netapp sonicwall siemens belden CWE-120
critical
9.8
2019-08-09 CVE-2019-12256 Classic Buffer Overflow vulnerability in multiple products
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component.
network
low complexity
windriver netapp sonicwall siemens belden CWE-120
critical
9.8
2019-08-02 CVE-2019-10938 Unspecified vulnerability in Siemens Siprotec 5 Digsi Device Driver
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions).
network
low complexity
siemens
critical
9.8
2019-07-19 CVE-2019-12815 Improper Handling of Exceptional Conditions vulnerability in multiple products
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
network
low complexity
proftpd fedoraproject debian siemens CWE-755
critical
9.8
2019-06-12 CVE-2019-6580 Missing Authorization vulnerability in Siemens products
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance VMS 2018 R3 (All versions < V12.3a), Siveillance VMS 2019 R1 (All versions < V13.1a).
network
low complexity
siemens CWE-862
critical
9.8
2019-05-16 CVE-2019-0708 Use After Free vulnerability in multiple products
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
network
low complexity
microsoft siemens huawei CWE-416
critical
9.8
2019-05-14 CVE-2019-6572 Use of Hard-coded Credentials vulnerability in Siemens products
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions).
network
low complexity
siemens CWE-798
critical
9.1