Vulnerabilities > Siemens > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-12 CVE-2019-18286 Information Exposure vulnerability in Siemens Sppa-T3000 Application Server R8.2
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2).
network
low complexity
siemens CWE-200
5.3
2019-12-12 CVE-2019-18285 Cleartext Transmission of Sensitive Information vulnerability in Siemens Sppa-T3000 Application Server R8.2
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2).
network
high complexity
siemens CWE-319
5.9
2019-12-12 CVE-2019-13947 Unspecified vulnerability in Siemens products
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0).
network
low complexity
siemens
4.9
2019-12-12 CVE-2019-13944 Path Traversal vulnerability in Siemens products
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions).
network
low complexity
siemens CWE-22
5.3
2019-12-12 CVE-2019-13943 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions).
network
low complexity
siemens CWE-79
6.1
2019-12-12 CVE-2019-13931 Cross-site Scripting vulnerability in Siemens XHQ 6.0.0.0
A vulnerability has been identified in XHQ (All versions < V6.0.0.2).
network
low complexity
siemens CWE-79
5.4
2019-12-12 CVE-2019-13945 Unspecified vulnerability in Siemens products
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl.
low complexity
siemens
6.8
2019-12-12 CVE-2019-13927 Exposure of Resource to Wrong Sphere vulnerability in Siemens products
A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320).
network
low complexity
siemens CWE-668
5.3
2019-12-09 CVE-2019-19645 Uncontrolled Recursion vulnerability in multiple products
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
local
low complexity
sqlite netapp oracle tenable siemens CWE-674
5.5
2019-11-27 CVE-2019-19242 NULL Pointer Dereference vulnerability in multiple products
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
network
high complexity
sqlite canonical redhat oracle siemens CWE-476
5.9