Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-10 | CVE-2018-7064 | Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. | 4.3 |
| 2019-05-10 | CVE-2018-7083 | Information Exposure vulnerability in multiple products If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. | 5.0 |
| 2019-04-17 | CVE-2019-10953 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. | 5.0 |
| 2019-04-17 | CVE-2018-13810 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). | 4.3 |
| 2019-04-17 | CVE-2018-13809 | Cross-site Scripting vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). | 4.3 |
| 2019-04-17 | CVE-2018-13808 | Information Exposure vulnerability in Siemens CP 1604 Firmware and CP 1616 Firmware A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). | 6.4 |
| 2019-03-26 | CVE-2019-6569 | Expected Behavior Violation vulnerability in Siemens products The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. | 6.4 |
| 2019-03-21 | CVE-2018-16563 | Unspecified vulnerability in Siemens products A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). network siemens | 4.3 |
| 2019-03-08 | CVE-2019-8277 | Improper Initialization vulnerability in multiple products UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. | 5.0 |
| 2019-03-08 | CVE-2019-8276 | Out-of-bounds Write vulnerability in multiple products UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). | 5.0 |