Filtered by vendor Siemens
Subscriptions
Total
2125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3032 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. | ||||
| CVE-2013-0659 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2025-04-11 | N/A |
| The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185. | ||||
| CVE-2012-1800 | 1 Siemens | 4 Scalance S602, Scalance S612, Scalance S613 and 1 more | 2025-04-11 | N/A |
| Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. | ||||
| CVE-2011-4056 | 1 Siemens | 1 Tecnomatix Factorylink | 2025-04-11 | N/A |
| An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. | ||||
| CVE-2011-4508 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. | ||||
| CVE-2013-3957 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-4698 | 1 Siemens | 4 Ros, Rox I Os, Rox Ii Os and 1 more | 2025-04-11 | N/A |
| Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations. | ||||
| CVE-2011-4532 | 1 Siemens | 1 Automation License Manager | 2025-04-11 | N/A |
| Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. | ||||
| CVE-2011-4509 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. | ||||
| CVE-2012-3031 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. | ||||
| CVE-2012-3020 | 1 Siemens | 2 Synco Ozw Web Server, Synco Ozw Web Server Firmware | 2025-04-11 | N/A |
| The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. | ||||
| CVE-2012-3009 | 1 Siemens | 1 Comos | 2025-04-11 | N/A |
| Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls. | ||||
| CVE-2012-3003 | 1 Siemens | 1 Wincc | 2025-04-11 | N/A |
| Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. | ||||
| CVE-2012-3028 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. | ||||
| CVE-2012-2598 | 1 Siemens | 1 Wincc | 2025-04-11 | N/A |
| Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. | ||||
| CVE-2012-3030 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. | ||||
| CVE-2011-4512 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | N/A |
| CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2012-1803 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | N/A |
| RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session. | ||||
| CVE-2013-0656 | 1 Siemens | 2 Simatic Rf-manager, Simatic Rf-manager 2008 | 2025-04-11 | N/A |
| Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. | ||||
| CVE-2013-0677 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. | ||||