Vulnerabilities > Siemens > Sinema Server

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-35796 Cross-site Scripting vulnerability in Siemens Sinema Server 14.0
A vulnerability has been identified in SINEMA Server V14 (All versions).
network
low complexity
siemens CWE-79
critical
9.0
2022-03-08 CVE-2022-25311 Improper Privilege Management vulnerability in Siemens Sinec Network Management System and Sinema Server
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions).
local
low complexity
siemens CWE-269
7.3
2021-09-16 CVE-2021-34798 NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
7.5
2021-09-16 CVE-2021-39275 Out-of-bounds Write vulnerability in multiple products
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.
network
low complexity
apache fedoraproject debian netapp oracle siemens CWE-787
critical
9.8
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
9.0
2021-09-14 CVE-2019-10941 Missing Authentication for Critical Function vulnerability in Siemens Sinema Server 12.0/13.0/14.0
A vulnerability has been identified in SINEMA Server (All versions < V14 SP3).
network
low complexity
siemens CWE-306
5.3
2021-03-25 CVE-2021-3449 NULL Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
5.9
2021-02-09 CVE-2020-25237 Path Traversal vulnerability in Siemens Sinec Network Management System and Sinema Server
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2).
network
low complexity
siemens CWE-22
8.1
2020-06-10 CVE-2020-7580 Unquoted Search Path or Element vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14).
local
low complexity
siemens CWE-428
6.7
2020-01-16 CVE-2019-10940 Improper Privilege Management vulnerability in Siemens Sinema Server 12.0/13.0/14.0
A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1).
network
low complexity
siemens CWE-269
critical
9.9