Vulnerabilities > Siemens > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-37712 Link Following vulnerability in multiple products
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability.
local
low complexity
npmjs debian oracle siemens CWE-59
8.6
2021-08-31 CVE-2021-37713 Path Traversal vulnerability in multiple products
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability.
local
low complexity
npmjs oracle siemens CWE-22
8.6
2021-08-31 CVE-2021-39134 Improper Handling of Case Sensitivity vulnerability in multiple products
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
low complexity
npmjs oracle siemens CWE-178
7.8
2021-08-31 CVE-2021-39135 UNIX Symbolic Link (Symlink) Following vulnerability in multiple products
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
low complexity
npmjs oracle siemens CWE-61
7.8
2021-08-31 CVE-2021-3749 axios is vulnerable to Inefficient Regular Expression Complexity
network
low complexity
axios siemens oracle
7.5
2021-08-27 CVE-2021-40142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
network
low complexity
opcfoundation siemens CWE-119
7.5
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-08-23 CVE-2020-36475 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-131
7.5
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
2021-08-19 CVE-2021-31338 Unspecified vulnerability in Siemens Sinema Remote Connect 3.0
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1).
local
low complexity
siemens
7.8