Vulnerabilities > Siemens > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-11447 Cross-Site Request Forgery (CSRF) vulnerability in Siemens Scalance M875 Firmware
A vulnerability has been identified in SCALANCE M875 (All versions).
network
siemens CWE-352
6.8
6.8
2018-06-14 CVE-2018-4848 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
network
low complexity
siemens CWE-79
6.1
6.1
2018-06-14 CVE-2018-4842 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200IRT switch family (incl.
network
low complexity
siemens CWE-79
4.8
4.8
2018-06-14 CVE-2018-4833 Improper Input Validation vulnerability in Siemens products
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl.
low complexity
siemens CWE-20
5.8
5.8
2018-06-04 CVE-2016-9042 Improper Input Validation vulnerability in multiple products
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9.
network
high complexity
ntp freebsd hpe siemens CWE-20
5.9
5.9
2018-05-16 CVE-2018-4850 Unspecified vulnerability in Siemens Simatic S7-400 Firmware and Simatic S7-400H Firmware
A vulnerability has been identified in SIMATIC S7-400 (incl.
network
low complexity
siemens
5.0
5.0
2018-05-03 CVE-2018-4849 Improper Certificate Validation vulnerability in Siemens Siveillance VMS Video
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)).
network
siemens CWE-295
5.8
5.8
2018-04-30 CVE-2018-7891 Deserialization of Untrusted Data vulnerability in multiple products
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution. 		6.8
6.8
2018-03-20 CVE-2018-4844 Improper Privilege Management vulnerability in Siemens Simatic Wincc OA UI
A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10).
low complexity
siemens CWE-269
6.7
6.7
2018-03-20 CVE-2018-4843 Improper Input Validation vulnerability in Siemens products
A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl.
low complexity
siemens CWE-20
6.5
6.5