Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-07 | CVE-2015-1595 | Information Exposure vulnerability in Siemens Spcanywhere 1.4/1.4.1 The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. | 4.3 |
| 2015-03-07 | CVE-2015-1594 | Unspecified vulnerability in Siemens products Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. local siemens | 6.9 |
| 2015-02-18 | CVE-2015-1358 | Cryptographic Issues vulnerability in Siemens Wincc 13.0 The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. | 5.0 |
| 2015-02-18 | CVE-2015-1356 | Permissions, Privileges, and Access Controls vulnerability in Siemens Simatic Step 7 12.0/13.0/5.5 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | 4.4 |
| 2015-02-02 | CVE-2015-1357 | Information Exposure vulnerability in Siemens Ruggedcom Firmware Bs4.4.4621.31/Ss4.4.4624.34 Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. | 5.0 |
| 2015-02-02 | CVE-2015-1049 | Improper Input Validation vulnerability in Siemens Scalance X-200 Series Firmware The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. | 6.8 |
| 2015-01-21 | CVE-2015-1048 | Open Redirection vulnerability in Siemens Simatic S7 1200 CPU Firmware 4.0 Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network siemens | 4.3 |
| 2015-01-21 | CVE-2014-8479 | Improper Input Validation vulnerability in Siemens products The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets. | 6.8 |
| 2014-11-26 | CVE-2014-8552 | Information Exposure vulnerability in Siemens products The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. | 5.0 |
| 2014-07-24 | CVE-2014-4686 | Privilege Escalation vulnerability in Siemens Simatic Pcs7 and Wincc The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. network siemens | 6.8 |