Vulnerabilities > Siemens > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-21 CVE-2020-9327 NULL Pointer Dereference vulnerability in multiple products
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
network
low complexity
sqlite netapp canonical siemens oracle CWE-476
7.5
2020-02-20 CVE-2020-9273 Use After Free vulnerability in multiple products
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel.
8.8
2020-02-20 CVE-2020-9272 Out-of-bounds Read vulnerability in multiple products
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
network
low complexity
proftpd siemens opensuse CWE-125
7.5
2020-02-11 CVE-2019-13946 Resource Exhaustion vulnerability in Siemens products
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device.
network
low complexity
siemens CWE-400
7.5
2020-02-11 CVE-2019-13941 Files or Directories Accessible to External Parties vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00).
network
low complexity
siemens CWE-552
7.5
2020-02-11 CVE-2019-13940 Resource Exhaustion vulnerability in Siemens products
A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl.
network
low complexity
siemens CWE-400
7.5
2020-02-11 CVE-2019-13926 Resource Exhaustion vulnerability in Siemens products
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1).
network
low complexity
siemens CWE-400
7.5
2020-02-11 CVE-2019-13925 Resource Exhaustion vulnerability in Siemens products
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1).
network
low complexity
siemens CWE-400
7.5
2020-01-21 CVE-2020-7595 Infinite Loop vulnerability in multiple products
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
7.5
2020-01-16 CVE-2019-13939 Improper Input Validation vulnerability in Siemens products
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions).
low complexity
siemens CWE-20
7.1