Vulnerabilities > Siemens > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-15 | CVE-2020-25239 | Incorrect Authorization vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). | 8.8 |
| 2021-03-12 | CVE-2021-27290 | ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. | 7.5 |
| 2021-03-10 | CVE-2020-27632 | Unspecified vulnerability in Siemens Simatic Mv420 Firmware and Simatic Mv440 Firmware In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. | 7.5 |
| 2021-03-03 | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. | 7.5 |
| 2021-03-03 | CVE-2021-22883 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. | 7.5 |
| 2021-02-23 | CVE-2021-22651 | Path Traversal vulnerability in multiple products When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders. | 7.8 |
| 2021-02-23 | CVE-2021-22649 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |
| 2021-02-23 | CVE-2021-22647 | Out-of-bounds Write vulnerability in multiple products Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |
| 2021-02-23 | CVE-2021-22645 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. | 7.8 |
| 2021-02-23 | CVE-2021-22643 | Out-of-bounds Read vulnerability in multiple products Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | 7.8 |