Vulnerabilities > Siemens > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-04 | CVE-2016-9042 | Improper Input Validation vulnerability in multiple products An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. | 5.9 |
2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |
2018-04-23 | CVE-2018-4847 | Missing Encryption of Sensitive Data vulnerability in Siemens Simatic Wincc OA Operator A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). | 4.6 |
2018-03-20 | CVE-2018-4844 | Improper Privilege Management vulnerability in Siemens Simatic Wincc OA UI A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). | 6.7 |
2018-03-08 | CVE-2018-4839 | Unspecified vulnerability in Siemens products A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). | 5.3 |
2018-02-19 | CVE-2018-5380 | Out-of-bounds Read vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | 4.3 |
2018-01-25 | CVE-2018-4835 | Information Exposure vulnerability in Siemens Telecontrol Server Basic 3.0 A vulnerability has been identified in TeleControl Server Basic < V3.1. | 5.3 |
2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |
2018-01-04 | CVE-2017-5715 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |
2017-12-26 | CVE-2017-12740 | Insufficient Verification of Data Authenticity vulnerability in Siemens Logo! Soft Comfort Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. | 5.9 |