Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-13 | CVE-2018-13811 | Information Exposure vulnerability in Siemens Simatic Step 7 (Tia Portal) A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). | 5.5 |
| 2018-12-12 | CVE-2018-11461 | Unspecified vulnerability in Siemens products A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). | 6.6 |
| 2018-09-12 | CVE-2018-3658 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. | 5.3 |
| 2018-09-12 | CVE-2018-3657 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. | 6.7 |
| 2018-09-12 | CVE-2018-3616 | Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. | 5.9 |
| 2018-08-17 | CVE-2018-15473 | Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 5.3 |
| 2018-08-07 | CVE-2018-11456 | Unspecified vulnerability in Siemens Automation License Manager A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). | 5.8 |
| 2018-07-09 | CVE-2018-11450 | Cross-site Scripting vulnerability in Siemens Teamcenter Product Lifecycle Management 9.1.2.5 A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). | 6.1 |
| 2018-07-05 | CVE-2017-11175 | Cross-site Scripting vulnerability in Siemens FIN Stack 4.0 In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login. | 6.1 |
| 2018-07-03 | CVE-2018-4856 | Unspecified vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). | 4.9 |