Filtered by vendor Siemens
Subscribe
Search
Total
610 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13814 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-13813 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2019-10-09 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-13812 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-13807 | 1 Siemens | 6 Scalance X300, Scalance X300 Firmware, Scalance X408 and 3 more | 2019-10-09 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools. | |||||
| CVE-2018-13806 | 1 Siemens | 1 Td Keypad Designer | 2019-10-09 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-13815 | 1 Siemens | 4 Simatic S7-1200, Simatic S7-1200 Firmware, Simatic S7-1500 and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-13804 | 1 Siemens | 3 Simatic It Line Monitoring System, Simatic It Production Suite, Simatic It Ua Discrete Manufacturing | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-13802 | 1 Siemens | 2 Rox Ii, Rox Ii Firmware | 2019-10-09 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2018-13801 | 1 Siemens | 2 Rox Ii, Rox Ii Firmware | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. | |||||
| CVE-2018-13800 | 1 Siemens | 2 Simatic S7-1200 V4, Simatic S7-1200 V4 Firmware | 2019-10-09 | 4.9 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration. | |||||
| CVE-2018-11449 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
| A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11447 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11455 | 1 Siemens | 1 Automation License Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required. | |||||
| CVE-2018-11465 | 1 Siemens | 10 Sinumerik 808d V4.7, Sinumerik 808d V4.7 Firmware, Sinumerik 808d V4.8 and 7 more | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11463 | 1 Siemens | 10 Sinumerik 808d V4.7, Sinumerik 808d V4.7 Firmware, Sinumerik 808d V4.8 and 7 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11460 | 1 Siemens | 10 Sinumerik 808d V4.7, Sinumerik 808d V4.7 Firmware, Sinumerik 808d V4.8 and 7 more | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11459 | 1 Siemens | 10 Sinumerik 808d V4.7, Sinumerik 808d V4.7 Firmware, Sinumerik 808d V4.8 and 7 more | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11458 | 1 Siemens | 6 Sinumerik 828d V4.7, Sinumerik 828d V4.7 Firmware, Sinumerik 840d Sl V4.7 and 3 more | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11457 | 1 Siemens | 6 Sinumerik 828d V4.7, Sinumerik 828d V4.7 Firmware, Sinumerik 840d Sl V4.7 and 3 more | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11454 | 1 Siemens | 2 Simatic Step 7 \(tia Portal\), Simatic Wincc \(tia Portal\) | 2019-10-09 | 4.4 MEDIUM | 8.6 HIGH |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. | |||||
| CVE-2018-11453 | 1 Siemens | 2 Simatic Step 7 \(tia Portal\), Simatic Wincc \(tia Portal\) | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. | |||||
| CVE-2017-9942 | 1 Siemens | 1 Sipass Integrated | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems. | |||||
| CVE-2017-9940 | 1 Siemens | 1 Sipass Integrated | 2019-10-09 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. | |||||
| CVE-2017-9941 | 1 Siemens | 1 Sipass Integrated | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication. | |||||
| CVE-2017-6873 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp. | |||||
| CVE-2017-6870 | 1 Siemens | 1 Simatic Wincc Sm\@rtclient | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack. | |||||
| CVE-2017-2685 | 1 Siemens | 3 Sinumerik Integrate Access Mymachine\/ethernet, Sinumerik Integrate Operate Client, Sinumerik Operate | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. | |||||
| CVE-2016-9154 | 1 Siemens | 12 Desigo Web Module Pxa30-w0, Desigo Web Module Pxa30-w0 Firmware, Desigo Web Module Pxa30-w1 and 9 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. | |||||
| CVE-2018-16561 | 1 Siemens | 8 Simatic S7-300, Simatic S7-300 Firmware, Simatic S7-300f and 5 more | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. | |||||
| CVE-2018-4858 | 1 Siemens | 12 Digsi 4, Digsi 4 Firmware, Digsi 5 and 9 more | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. | |||||
| CVE-2018-4838 | 1 Siemens | 10 En100 Ethernet Module Dnp3, En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 and 7 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. | |||||
| CVE-2017-12736 | 1 Siemens | 15 Ruggedcom, Ruggedcom Ros, Ruggedcom Rsl910 and 12 more | 2019-10-03 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions. | |||||
| CVE-2017-2689 | 1 Siemens | 1 Ruggedcom Rox I | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. | |||||
| CVE-2019-10937 | 1 Siemens | 2 Simatic Tdc Cp51m1, Simatic Tdc Cp51m1 Firmware | 2019-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-6576 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2019-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known. | |||||
| CVE-2018-7083 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2019-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | |||||
| CVE-2018-16556 | 1 Siemens | 10 Simatic S7-400, Simatic S7-400 Firmware, Simatic S7-400 Pn\/dp V7 and 7 more | 2019-05-14 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-16558 | 1 Siemens | 2 Simatic S7-1500, Simatic S7-1500 Firmware | 2019-04-18 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-16559 | 1 Siemens | 2 Simatic S7-1500, Simatic S7-1500 Firmware | 2019-04-18 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-13798 | 1 Siemens | 6 Sicam A8000 Cp-8000, Sicam A8000 Cp-8000 Firmware, Sicam A8000 Cp-802x and 3 more | 2019-04-02 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public. | |||||
| CVE-2018-11452 | 1 Siemens | 33 6md85, 6md86, 7ke85 and 30 more | 2019-03-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-11451 | 1 Siemens | 33 6md85, 6md86, 7ke85 and 30 more | 2019-03-22 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.80), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-13805 | 1 Siemens | 6 Simatic Et 200sp, Simatic Et 200sp Firmware, Simatic S7-1500 and 3 more | 2019-03-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-7891 | 2 Milestonesys, Siemens | 2 Xprotect, Siveillance Vms | 2018-06-13 | 6.8 MEDIUM | 8.1 HIGH |
| The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution. | |||||
| CVE-2016-7113 | 1 Siemens | 2 En100 Ethernet Module, En100 Ethernet Module Firmware | 2018-03-23 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode. | |||||
| CVE-2016-7114 | 1 Siemens | 2 En100 Ethernet Module, En100 Ethernet Module Firmware | 2018-03-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful. | |||||
| CVE-2017-6868 | 1 Siemens | 1 Simatic Cp 44x-1 Redundant Network Access Modules | 2017-12-30 | 6.8 MEDIUM | 8.1 HIGH |
| An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU. | |||||
| CVE-2017-9938 | 1 Siemens | 1 Simatic Logon | 2017-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically. | |||||
| CVE-2017-12069 | 2 Ocpfoundation, Siemens | 4 Local Discovery Server, Ua .net, Simatic Pcs7 and 1 more | 2017-10-06 | 6.4 MEDIUM | 8.2 HIGH |
| An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. | |||||
| CVE-2016-8563 | 1 Siemens | 1 Automation License Manager | 2017-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. | |||||