Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-11 | CVE-2015-6675 | Improper Access Control vulnerability in Siemens Ruggedcom Rugged Operating System 3.8.0/4.0.0/4.1.0 Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. | 4.3 |
| 2015-08-31 | CVE-2015-5717 | Cryptographic Issues vulnerability in Siemens Compas 1.5 The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2015-08-03 | CVE-2015-5537 | Cleartext Storage of Sensitive Information vulnerability in Siemens products The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. | 4.3 |
| 2015-06-28 | CVE-2015-4174 | Cross-site Scripting vulnerability in Siemens Climatix Bacnet/Ip Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2015-05-07 | CVE-2015-3610 | Cryptographic Issues vulnerability in Siemens Homecontrol for Room Automation 2.0.0 The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. | 5.4 |
| 2015-04-08 | CVE-2015-2823 | Improper Authentication vulnerability in Siemens Wincc Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. | 6.8 |
| 2015-04-08 | CVE-2015-2822 | Improper Input Validation vulnerability in Siemens Wincc 5.0/7.0/7.1 Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. | 4.3 |
| 2015-04-06 | CVE-2015-1601 | 7PK - Security Features vulnerability in Siemens Simatic Step 7 12/13/5.5 Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | 6.8 |
| 2015-03-07 | CVE-2015-1597 | Code Injection vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. | 6.8 |
| 2015-03-07 | CVE-2015-1596 | Cryptographic Issues vulnerability in Siemens Spcanywhere The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |