Vulnerabilities > Siemens > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-28 | CVE-2015-7836 | Information Exposure vulnerability in Siemens Ruggedcom Rugged Operating System Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. | 3.3 |
| 2015-08-03 | CVE-2015-5084 | Information Exposure vulnerability in Siemens products The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. | 2.1 |
| 2015-04-06 | CVE-2015-1602 | Information Exposure vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files. | 2.1 |
| 2015-03-07 | CVE-2015-1598 | Information Exposure vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. | 2.1 |
| 2015-03-07 | CVE-2015-1599 | Permissions, Privileges, and Access Controls vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | 2.1 |
| 2015-02-18 | CVE-2015-1355 | Cryptographic Issues vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | 2.1 |
| 2015-01-14 | CVE-2014-5231 | Information Exposure vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. | 2.1 |
| 2015-01-14 | CVE-2014-5232 | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. | 1.9 |
| 2015-01-14 | CVE-2014-5233 | Information Exposure vulnerability in Siemens Simatic Wincc Sm@Rtclient 1.0 The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism. | 1.9 |
| 2013-03-21 | CVE-2013-0672 | Cross-Site Scripting vulnerability in Siemens Wincc TIA Portal 11.0 Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data. | 3.5 |