Vulnerabilities > Siemens > Medium

DATE CVE VULNERABILITY TITLE RISK
2012-01-08 CVE-2011-4531 Improper Input Validation vulnerability in Siemens Automation License Manager 5.1
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command.
network
low complexity
siemens CWE-20
5.0
2012-01-08 CVE-2011-4530 Improper Input Validation vulnerability in Siemens Automation License Manager 5.1
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function.
network
low complexity
siemens CWE-20
5.0
2012-01-08 CVE-2011-4056 Unspecified vulnerability in Siemens Tecnomatix Factorylink 6.6.1/7.5.217/8.0.2.54
An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method.
network
siemens
5.8
2008-09-11 CVE-2008-3972 Permissions, Privileges, and Access Controls vulnerability in Opensc-Project Opensc
pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.
local
low complexity
opensc-project siemens CWE-264
6.6
2008-08-01 CVE-2008-2235 Cryptographic Issues vulnerability in Opensc-Project Opensc
OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.
local
low complexity
siemens opensc-project CWE-310
4.9
2007-08-22 CVE-2007-4488 Cross-Site Scripting vulnerability in Siemens Gigaset Se361 Wlan Router 0
Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page.
network
siemens
4.3
2002-03-25 CVE-2002-0122 Denial of Service vulnerability in Siemens 3568I WAP 0.0
Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters.
network
low complexity
siemens
5.0
2001-06-18 CVE-2001-0411 Denial-Of-Service vulnerability in Siemens Reliant Unix 5.44
Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet.
network
low complexity
siemens
5.0