Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-19	CVE-2018-5380	Out-of-bounds Read vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. network low complexity quagga debian canonical siemens CWE-125	4.3
2018-01-25	CVE-2018-4835	Information Exposure vulnerability in Siemens Telecontrol Server Basic 3.0 A vulnerability has been identified in TeleControl Server Basic < V3.1. network low complexity siemens CWE-200	5.3
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	5.6
2018-01-04	CVE-2017-5715	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel arm canonical netapp siemens debian oracle CWE-203	5.6
2017-12-26	CVE-2017-12740	Insufficient Verification of Data Authenticity vulnerability in Siemens Logo! Soft Comfort Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. network high complexity siemens CWE-345	5.9
2017-12-13	CVE-2017-13099	Information Exposure Through Discrepancy vulnerability in multiple products wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. network high complexity wolfssl siemens arubanetworks CWE-203	5.9
2017-11-15	CVE-2017-12738	Cross-site Scripting vulnerability in Siemens Sm-2556 Firmware An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. network low complexity siemens CWE-79	6.1
2017-11-15	CVE-2017-12737	Information Exposure vulnerability in Siemens Sm-2556 Firmware An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. network low complexity siemens CWE-200	5.3
2017-11-06	CVE-2017-14023	Improper Input Validation vulnerability in Siemens Simatic Pcs7 and Simatic Wincc An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. network low complexity siemens CWE-20	4.9
2017-10-23	CVE-2017-9947	Path Traversal vulnerability in Siemens products A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. network low complexity siemens CWE-22	5.3