Vulnerabilities > Siemens > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-12 CVE-2019-18291 Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions).
network
low complexity
siemens CWE-787
7.5
7.5
2019-12-12 CVE-2019-18290 Out-of-bounds Write vulnerability in Siemens Sppa-T3000 Ms3000 Migration Server
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions).
network
low complexity
siemens CWE-787
7.5
7.5
2019-12-12 CVE-2019-18288 Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Sppa-T3000 Application Server R8.2
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2).
network
low complexity
siemens CWE-434
8.8
8.8
2019-12-12 CVE-2019-13942 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions).
network
low complexity
siemens CWE-119
7.5
7.5
2019-12-12 CVE-2019-13930 Cross-Site Request Forgery (CSRF) vulnerability in Siemens XHQ 6.0.0.0
A vulnerability has been identified in XHQ (All versions < V6.0.0.2).
network
low complexity
siemens CWE-352
8.1
8.1
2019-12-09 CVE-2019-19603 SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
network
low complexity
sqlite oracle siemens apache netapp
7.5
7.5
2019-11-25 CVE-2019-19244 sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
network
low complexity
sqlite canonical oracle siemens
7.5
7.5
2019-10-30 CVE-2018-16417 Command Injection vulnerability in multiple products
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
network
low complexity
arubanetworks siemens CWE-77
7.5
7.5
2019-10-29 CVE-2019-15681 Improper Initialization vulnerability in multiple products
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure.
network
low complexity
libvnc-project canonical debian siemens CWE-665
7.5
7.5
2019-10-10 CVE-2019-13921 Resource Exhaustion vulnerability in Siemens Simatic Winac RTX (F) 2010 Sp1/Sp2
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1).
network
low complexity
siemens CWE-400
7.5
7.5