Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-13099 | Information Exposure Through Discrepancy vulnerability in multiple products wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. | 5.9 |
| 2017-11-15 | CVE-2017-12738 | Cross-site Scripting vulnerability in Siemens Sm-2556 Firmware An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. | 6.1 |
| 2017-11-15 | CVE-2017-12737 | Information Exposure vulnerability in Siemens Sm-2556 Firmware An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. | 5.3 |
| 2017-11-06 | CVE-2017-14023 | Improper Input Validation vulnerability in Siemens Simatic Pcs7 and Simatic Wincc An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. | 4.9 |
| 2017-10-23 | CVE-2017-9947 | Path Traversal vulnerability in Siemens products A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. | 5.3 |
| 2017-08-30 | CVE-2017-9945 | Improper Input Validation vulnerability in Siemens 7KM PAC Switched Ethernet Profinet Expansion Module Firmware 2.1.2 In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. | 6.5 |
| 2017-08-08 | CVE-2017-6872 | Exposure of Resource to Wrong Sphere vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. | 6.5 |
| 2017-08-08 | CVE-2017-6871 | Improper Authentication vulnerability in Siemens products A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). | 5.4 |
| 2017-08-07 | CVE-2017-6866 | Unspecified vulnerability in Siemens XHQ Server 4.7.1.2/5.0.0.1 A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. | 6.5 |
| 2017-08-07 | CVE-2015-7855 | Improper Input Validation vulnerability in multiple products The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. | 6.5 |