Vulnerabilities > Siemens > Sinamics Sm150 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-06-28 CVE-2021-31337 Missing Authentication for Critical Function vulnerability in Siemens products
The Telnet service of the SIMATIC HMI Comfort Panels system component in affected products does not require authentication, which may allow a remote attacker to gain access to the device if the service is enabled.
network
low complexity
siemens CWE-306
critical
9.8
2021-06-15 CVE-2021-27388 Improper Input Validation vulnerability in Siemens products
SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions).
network
low complexity
siemens CWE-20
critical
9.8
2021-05-12 CVE-2021-27384 Access of Memory Location After End of Buffer vulnerability in Siemens products
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl.
network
low complexity
siemens CWE-788
critical
9.8
2021-02-09 CVE-2020-15798 Missing Authentication for Critical Function vulnerability in Siemens products
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl.
network
low complexity
siemens CWE-306
critical
9.8