Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-30	CVE-2021-25157	A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. network low complexity arubanetworks siemens	4.0
2021-03-30	CVE-2021-25156	A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. network low complexity arubanetworks siemens	4.0
2021-03-29	CVE-2021-25143	A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. network low complexity arubanetworks siemens	5.0
2021-03-29	CVE-2019-5317	Improper Authentication vulnerability in multiple products A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. local low complexity arubanetworks siemens CWE-287	4.6
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-03-23	CVE-2021-23362	The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. network low complexity npmjs siemens	5.3
2021-03-15	CVE-2021-27381	Out-of-bounds Read vulnerability in Siemens Solid Edge Se2021 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). network siemens CWE-125	6.8
2021-03-15	CVE-2021-27380	Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020/Se2021 A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). network siemens CWE-787	6.8
2021-03-15	CVE-2021-25676	Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). network low complexity siemens CWE-307	5.0
2021-03-15	CVE-2021-25673	Infinite Loop vulnerability in Siemens Simatic S7-Plcsim A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). local low complexity siemens CWE-835	4.9