TIM 4R IE Firmware

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-14	CVE-2019-10939	Unspecified vulnerability in Siemens products A vulnerability has been identified in TIM 3V-IE (incl. network low complexity siemens critical	9.8
2017-08-07	CVE-2015-7855	Improper Input Validation vulnerability in multiple products The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. network low complexity ntp debian netapp siemens CWE-20	6.5
2017-08-07	CVE-2015-7705	Improper Input Validation vulnerability in multiple products The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. network low complexity ntp netapp citrix siemens CWE-20 critical	9.8
2017-07-21	CVE-2015-5219	Incorrect Type Conversion or Cast vulnerability in multiple products The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. network low complexity fedoraproject suse redhat debian canonical ntp novell opensuse siemens oracle CWE-704	7.5
2017-01-30	CVE-2015-7977	NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. network high complexity ntp oracle siemens netapp freebsd fedoraproject debian canonical CWE-476	5.9
2017-01-30	CVE-2015-7973	7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. network high complexity ntp siemens freebsd netapp canonical CWE-254	6.5
2016-07-05	CVE-2016-4954	Race Condition vulnerability in multiple products The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. network low complexity ntp oracle suse opensuse siemens CWE-362	7.5
2016-07-05	CVE-2016-4953	Improper Authentication vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. network low complexity ntp oracle suse opensuse siemens CWE-287	7.5
2016-01-26	CVE-2015-7974	Improper Authentication vulnerability in multiple products NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." network low complexity ntp siemens netapp debian CWE-287	7.7