Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-11 | CVE-2017-6865 | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). | 6.1 |
| 2017-05-11 | CVE-2017-2681 | Resource Exhaustion vulnerability in Siemens products Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. | 6.5 |
| 2017-05-11 | CVE-2017-2680 | Resource Exhaustion vulnerability in Siemens products Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). | 6.5 |
| 2017-03-29 | CVE-2017-2689 | Improper Authentication vulnerability in Siemens Ruggedcom ROX I Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | 6.5 |
| 2017-03-29 | CVE-2017-2688 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom ROX I The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. | 6.8 |
| 2017-03-29 | CVE-2017-2687 | Cross-site Scripting vulnerability in Siemens Ruggedcom ROX I Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. | 4.3 |
| 2017-03-29 | CVE-2017-2686 | Information Exposure vulnerability in Siemens Ruggedcom ROX I Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. | 4.0 |
| 2017-03-01 | CVE-2017-2685 | Information Exposure vulnerability in Siemens products Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. | 5.8 |
| 2017-02-27 | CVE-2017-2683 | Cross-site Scripting vulnerability in Siemens Ruggedcom Network Management Software 2.0.2 A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. | 4.3 |
| 2017-02-27 | CVE-2017-2682 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom Network Management Software 2.0.2 The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. | 6.8 |