Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-15 | CVE-2020-28387 | XXE vulnerability in Siemens Solid Edge Se2021 A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). | 4.3 |
| 2021-03-15 | CVE-2020-28385 | Out-of-bounds Write vulnerability in Siemens Solid Edge Se2020/Se2021 A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). | 6.8 |
| 2021-03-15 | CVE-2020-25241 | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Siemens products A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). | 5.0 |
| 2021-03-15 | CVE-2020-25240 | Incorrect Authorization vulnerability in Siemens Sinema Remote Connect Server 1.1/2.0 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). | 6.5 |
| 2021-03-15 | CVE-2020-25239 | Incorrect Authorization vulnerability in Siemens Sinema Remote Connect Server 1.1/2.0 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). | 6.5 |
| 2021-03-15 | CVE-2020-25236 | Improper Handling of Exceptional Conditions vulnerability in Siemens Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). | 5.5 |
| 2021-03-12 | CVE-2021-27290 | ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. | 4.3 |
| 2021-02-23 | CVE-2021-22651 | Path Traversal vulnerability in multiple products When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders. | 6.8 |
| 2021-02-23 | CVE-2021-22647 | Out-of-bounds Write vulnerability in multiple products Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code. | 6.8 |
| 2021-02-23 | CVE-2021-22645 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. | 6.8 |