Vulnerabilities > Siemens > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-11 CVE-2019-10933 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20).
network
low complexity
siemens CWE-79
6.1
2019-06-12 CVE-2019-6567 Insufficiently Protected Credentials vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
local
low complexity
siemens CWE-522
5.5
2019-06-12 CVE-2019-10926 Unspecified vulnerability in Siemens Simatic Mv420 Firmware and Simatic Mv440 Firmware
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6).
network
high complexity
siemens
5.3
2019-05-14 CVE-2019-6577 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions).
network
low complexity
siemens CWE-79
5.4
2019-05-14 CVE-2019-10917 Improper Handling of Exceptional Conditions vulnerability in Siemens products
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3).
local
low complexity
siemens CWE-755
5.5
2019-05-10 CVE-2018-7064 Cross-site Scripting vulnerability in multiple products
A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface.
network
low complexity
arubanetworks siemens CWE-79
6.1
2019-04-17 CVE-2018-13810 Cross-Site Request Forgery (CSRF) vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware
A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions).
network
low complexity
siemens CWE-352
6.5
2019-04-17 CVE-2018-13809 Cross-site Scripting vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware
A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions).
network
low complexity
siemens CWE-79
6.1
2019-03-21 CVE-2018-16563 Unspecified vulnerability in Siemens products
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58).
network
high complexity
siemens
5.9
2019-03-05 CVE-2019-8263 Out-of-bounds Write vulnerability in multiple products
UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition.
network
low complexity
uvnc siemens CWE-787
6.5