Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-23 | CVE-2021-3672 | Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. | 5.6 |
| 2021-11-09 | CVE-2020-10052 | Unspecified vulnerability in Siemens Simatic Rtls Locating Manager 2.10/2.10.2/2.9.3 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). | 5.5 |
| 2021-11-09 | CVE-2020-10053 | Unspecified vulnerability in Siemens Simatic Rtls Locating Manager 2.10/2.10.2/2.9.3 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). | 5.5 |
| 2021-11-09 | CVE-2020-10054 | Unspecified vulnerability in Siemens Simatic Rtls Locating Manager 2.10/2.10.2/2.9.3 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). | 5.5 |
| 2021-11-09 | CVE-2021-31344 | Unspecified vulnerability in Siemens products A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). | 5.3 |
| 2021-10-27 | CVE-2021-25219 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. | 5.3 |
| 2021-10-12 | CVE-2021-37734 | Path Traversal vulnerability in multiple products A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. | 6.5 |
| 2021-10-12 | CVE-2021-37735 | Use of Externally-Controlled Format String vulnerability in multiple products A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. | 5.3 |
| 2021-10-12 | CVE-2021-33722 | Unspecified vulnerability in Siemens Sinec NMS 1.0 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). | 4.9 |
| 2021-10-12 | CVE-2021-33723 | Unspecified vulnerability in Siemens Sinec NMS 1.0 A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). | 6.5 |