Vulnerabilities > Siemens > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2019-19300 Resource Exhaustion vulnerability in Siemens products
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl.
network
low complexity
siemens CWE-400
7.5
7.5
2020-04-09 CVE-2020-11655 Improper Initialization vulnerability in multiple products
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. 		7.5
7.5
2020-03-10 CVE-2019-19299 Inadequate Encryption Strength vulnerability in Siemens Sinvr/Sivms Video Server
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2).
network
low complexity
siemens CWE-326
7.5
7.5
2020-03-10 CVE-2019-19298 Improper Input Validation vulnerability in Siemens Sinvr/Sivms Video Server
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2).
network
low complexity
siemens CWE-20
7.5
7.5
2020-03-10 CVE-2019-19297 Path Traversal vulnerability in Siemens products
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0).
network
low complexity
siemens CWE-22
7.5
7.5
2020-03-10 CVE-2019-19292 SQL Injection vulnerability in Siemens products
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0).
network
low complexity
siemens CWE-89
8.8
8.8
2020-03-10 CVE-2019-19282 Incorrect Calculation of Buffer Size vulnerability in Siemens products
A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1).
network
low complexity
siemens CWE-131
7.5
7.5
2020-03-10 CVE-2019-19281 Resource Exhaustion vulnerability in Siemens products
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl.
network
low complexity
siemens CWE-400
7.5
7.5
2020-03-10 CVE-2019-19279 Improper Input Validation vulnerability in Siemens Siprotec 4 and Siprotec Compact
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions).
network
low complexity
siemens CWE-20
7.5
7.5
2020-03-10 CVE-2019-18336 Resource Exhaustion vulnerability in Siemens products
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl.
network
low complexity
siemens CWE-400
7.5
7.5