Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-08	CVE-2018-4840	Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). network low complexity siemens CWE-306	5.0
2018-03-08	CVE-2018-4838	Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). network low complexity siemens CWE-306	5.0
2018-02-19	CVE-2018-5381	Infinite Loop vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. network low complexity quagga canonical debian siemens CWE-835	5.0
2018-02-19	CVE-2018-5380	Out-of-bounds Read vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. network low complexity quagga debian canonical siemens CWE-125	4.0
2018-01-25	CVE-2018-4837	Unspecified vulnerability in Siemens Telecontrol Server Basic A vulnerability has been identified in TeleControl Server Basic < V3.1. network low complexity siemens	5.0
2018-01-25	CVE-2018-4836	Unspecified vulnerability in Siemens Telecontrol Server Basic A vulnerability has been identified in TeleControl Server Basic < V3.1. network low complexity siemens	6.5
2018-01-25	CVE-2018-4835	Information Exposure vulnerability in Siemens Telecontrol Server Basic A vulnerability has been identified in TeleControl Server Basic < V3.1. network low complexity siemens CWE-200	5.0
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	4.7
2017-12-26	CVE-2017-12740	Insufficient Verification of Data Authenticity vulnerability in Siemens Logo! Soft Comfort Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. network siemens CWE-345	4.3
2017-12-26	CVE-2017-12736	Improper Initialization vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). low complexity siemens CWE-665	5.8