Vulnerabilities > Siemens > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-01-08 | CVE-2011-4530 | Improper Input Validation vulnerability in Siemens Automation License Manager 5.1 Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function. | 5.0 |
| 2012-01-08 | CVE-2011-4056 | Unspecified vulnerability in Siemens Tecnomatix Factorylink 6.6.1/7.5.217/8.0.2.54 An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. network siemens | 5.8 |
| 2008-09-11 | CVE-2008-3972 | Permissions, Privileges, and Access Controls vulnerability in Opensc-Project Opensc pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235. | 6.6 |
| 2008-08-01 | CVE-2008-2235 | Cryptographic Issues vulnerability in Opensc-Project Opensc OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. | 4.9 |
| 2007-08-22 | CVE-2007-4488 | Cross-Site Scripting vulnerability in Siemens Gigaset Se361 Wlan Router 0 Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page. network siemens | 4.3 |
| 2002-03-25 | CVE-2002-0122 | Denial of Service vulnerability in Siemens 3568I WAP 0.0 Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters. | 5.0 |
| 2001-06-18 | CVE-2001-0411 | Denial-Of-Service vulnerability in Siemens Reliant Unix 5.44 Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet. | 5.0 |