Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-22918 | Out-of-bounds Read vulnerability in multiple products Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. | 5.3 |
| 2021-07-12 | CVE-2021-22921 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. | 4.4 |
| 2021-06-28 | CVE-2021-31337 | Missing Authentication for Critical Function vulnerability in Siemens products The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled. | 6.8 |
| 2021-06-17 | CVE-2021-32944 | Use After Free vulnerability in multiple products A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. | 6.8 |
| 2021-06-17 | CVE-2021-32950 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. | 5.8 |
| 2021-06-17 | CVE-2021-32952 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. | 6.8 |
| 2021-06-17 | CVE-2021-32946 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. | 6.8 |
| 2021-06-16 | CVE-2021-20094 | Out-of-bounds Read vulnerability in multiple products A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. | 5.0 |
| 2021-06-11 | CVE-2021-22897 | Exposure of Resource to Wrong Sphere vulnerability in multiple products curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. | 5.3 |
| 2021-06-09 | CVE-2020-12357 | Improper Initialization vulnerability in multiple products Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |