Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-10 | CVE-2018-7064 | Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. | 6.1 |
| 2019-04-17 | CVE-2018-13810 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). | 6.5 |
| 2019-04-17 | CVE-2018-13809 | Cross-site Scripting vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). | 6.1 |
| 2019-03-21 | CVE-2018-16563 | Unspecified vulnerability in Siemens products A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). | 5.9 |
| 2019-03-05 | CVE-2019-8263 | Out-of-bounds Write vulnerability in multiple products UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. | 6.5 |
| 2019-01-31 | CVE-2019-6111 | Path Traversal vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 5.9 |
| 2019-01-31 | CVE-2019-6110 | Inappropriate Encoding for Output Context vulnerability in multiple products In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. | 6.8 |
| 2019-01-31 | CVE-2019-6109 | Improper Encoding or Escaping of Output vulnerability in multiple products An issue was discovered in OpenSSH 7.9. | 6.8 |
| 2019-01-10 | CVE-2018-20685 | Incorrect Authorization vulnerability in multiple products In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . | 5.3 |
| 2018-12-13 | CVE-2018-16555 | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). | 5.4 |