Vulnerabilities > Siemens > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-01-31 CVE-2019-6111 Path Traversal vulnerability in multiple products
An issue was discovered in OpenSSH 7.9.
5.9
2019-01-31 CVE-2019-6110 Inappropriate Encoding for Output Context vulnerability in multiple products
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
network
high complexity
openbsd winscp netapp siemens CWE-838
6.8
2019-01-31 CVE-2019-6109 Improper Encoding or Escaping of Output vulnerability in multiple products
An issue was discovered in OpenSSH 7.9.
6.8
2019-01-10 CVE-2018-20685 Incorrect Authorization vulnerability in multiple products
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of .
5.3
2018-12-13 CVE-2018-16555 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1).
network
low complexity
siemens CWE-79
5.4
2018-12-13 CVE-2018-13811 Information Exposure vulnerability in Siemens Simatic Step 7 (Tia Portal)
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1).
local
low complexity
siemens CWE-200
5.5
2018-12-12 CVE-2018-11461 Unspecified vulnerability in Siemens products
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3).
local
low complexity
siemens
6.6
2018-09-12 CVE-2018-3658 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.
network
low complexity
siemens intel CWE-772
5.3
2018-09-12 CVE-2018-3657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
local
low complexity
siemens intel CWE-119
6.7
2018-09-12 CVE-2018-3616 Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
network
high complexity
intel siemens
5.9