Vulnerabilities > Siemens > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-09 | CVE-2021-31886 | Unspecified vulnerability in Siemens products A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). | 9.8 |
| 2021-11-09 | CVE-2021-31889 | Unspecified vulnerability in Siemens products A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). | 9.1 |
| 2021-11-09 | CVE-2021-31890 | Unspecified vulnerability in Siemens products A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). | 9.1 |
| 2021-10-21 | CVE-2020-27304 | Path Traversal vulnerability in multiple products The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. | 9.8 |
| 2021-10-12 | CVE-2021-37726 | Classic Buffer Overflow vulnerability in multiple products A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. | 9.8 |
| 2021-10-12 | CVE-2021-33724 | Unspecified vulnerability in Siemens Sinec NMS 1.0 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). | 9.1 |
| 2021-10-12 | CVE-2021-33725 | Unspecified vulnerability in Siemens Sinec NMS 1.0 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). | 9.1 |
| 2021-10-07 | CVE-2021-22930 | Use After Free vulnerability in multiple products Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | 9.8 |
| 2021-09-23 | CVE-2021-22945 | Double Free vulnerability in multiple products When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | 9.1 |
| 2021-09-16 | CVE-2021-39275 | Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. | 9.8 |