Vulnerabilities > Siemens > Critical

DATE CVE VULNERABILITY TITLE RISK
2012-02-03 CVE-2011-4875 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
network
siemens CWE-119
critical
9.3
2012-02-03 CVE-2011-4514 Improper Authentication vulnerability in Siemens products
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.
network
low complexity
siemens CWE-287
critical
10.0
2012-02-03 CVE-2011-4513 Remote Security vulnerability in SIMATIC Wincc Runtime Advanced
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.
network
low complexity
siemens
critical
10.0
2012-02-03 CVE-2011-4509 Permissions, Privileges, and Access Controls vulnerability in Siemens products
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
network
low complexity
siemens CWE-264
critical
10.0
2012-02-03 CVE-2011-4508 Improper Authentication vulnerability in Siemens products
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.
network
siemens CWE-287
critical
9.3
2012-01-08 CVE-2011-4055 Buffer Errors vulnerability in Siemens Tecnomatix Factorylink 6.6.1/7.5.217/8.0.2.54
Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL.
network
siemens CWE-119
critical
9.3
2011-09-16 CVE-2011-3321 Buffer Errors vulnerability in Siemens products
Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.
network
siemens CWE-119
critical
9.3
2009-08-19 CVE-2008-6993 Cryptographic Issues vulnerability in Siemens Gigaset Wlan Camera 1.27
Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities.
network
low complexity
siemens CWE-310
critical
10.0
2009-08-07 CVE-2008-6916 Improper Authentication vulnerability in multiple products
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
network
low complexity
siemens john-doe CWE-287
critical
10.0
2003-04-22 CVE-2002-1484 Server-Side Request Forgery (SSRF) vulnerability in Siemens Db4Web 3.4/3.6
DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.
network
low complexity
siemens CWE-918
critical
9.8