Vulnerabilities > Siemens > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2017-0143 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | 8.8 |
| 2017-03-01 | CVE-2017-2685 | Information Exposure vulnerability in Siemens products Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. | 7.4 |
| 2017-02-27 | CVE-2017-2683 | Cross-site Scripting vulnerability in Siemens Ruggedcom Network Management Software 2.0.2 A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. | 8.2 |
| 2017-02-27 | CVE-2017-2682 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom Network Management Software 2.0.2 The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. | 8.8 |
| 2017-02-13 | CVE-2016-8566 | Credentials Management vulnerability in Siemens Sicam Pas/Pqs 7.0 An issue was discovered in Siemens SICAM PAS before 8.00. | 7.8 |
| 2017-02-13 | CVE-2016-7987 | Data Processing Errors vulnerability in Siemens Eta2 Firmware and Eta4 Firmware An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. | 7.5 |
| 2016-12-23 | CVE-2016-9154 | Insufficient Entropy in PRNG vulnerability in Siemens products Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. | 7.5 |
| 2016-12-17 | CVE-2016-9160 | 7PK - Security Features vulnerability in Siemens Simatic PCS 7 and Simatic Wincc A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. | 8.1 |
| 2016-12-17 | CVE-2016-9158 | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. | 7.5 |
| 2016-12-05 | CVE-2016-9156 | Improper Access Control vulnerability in Siemens Sicam Pas/Pqs A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | 7.3 |