CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Siemens : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-9157 20 DoS Exec Code 2016-12-05 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in Siemens SICAM PAS (all versions including V8.08) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets sent to port 19234/TCP.
2 CVE-2016-9156 20 2016-12-05 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in Siemens SICAM PAS (all versions including V8.08) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
3 CVE-2016-9155 284 2016-11-22 2016-11-29
5.0
None Remote Low Not required Partial None None
The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.
4 CVE-2016-8673 352 CSRF 2016-11-23 2016-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the integrated web server on Siemens SIMATIC CP 343-1 Advanced before 3.0.53, SIMATIC CP 443-1 Advanced, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices allows remote attackers to hijack the authentication of arbitrary users.
5 CVE-2016-8672 200 +Info 2016-11-23 2016-11-30
5.0
None Remote Low Not required Partial None None
The integrated web server on Siemens SIMATIC CP 343-1 Advanced before 3.0.53, SIMATIC CP 443-1 Advanced, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
6 CVE-2016-8565 284 2016-10-13 2016-12-02
6.4
None Remote Low Not required None Partial Partial
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
7 CVE-2016-8564 89 Exec Code Sql 2016-10-13 2016-12-02
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
8 CVE-2016-8563 20 DoS 2016-10-13 2016-12-02
5.0
None Remote Low Not required None None Partial
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
9 CVE-2016-8562 20 DoS 2016-11-18 2016-12-02
3.5
None Remote Medium Single system None None Partial
Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables.
10 CVE-2016-8561 264 +Priv 2016-11-18 2016-12-02
6.0
None Remote Medium Single system Partial Partial Partial
Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated users to gain privileges by leveraging certain TIA-Portal access and project-data access.
11 CVE-2016-7960 200 +Info 2016-10-13 2016-12-02
1.9
None Local Medium Not required Partial None None
Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors.
12 CVE-2016-7959 254 +Info 2016-10-13 2016-12-02
1.9
None Local Medium Not required Partial None None
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.
13 CVE-2016-7165 284 +Priv 2016-11-15 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
Unquoted Windows search path vulnerability in Siemens SIMATIC WinCC before 7.0 SP2 Upd 12, 7.0 SP3 before Upd 8, and 7.2 through 7.4; SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced before 14; SIMATIC WinCC Runtime Professional; SIMATIC WinCC (TIA Portal) Professional; SIMATIC STEP 7 5.x; SIMATIC STEP 7 (TIA Portal) before 14; SIMATIC NET PC-Software before 14; TeleControl Server Basic before 3.0 SP2; SINEMA Server before 13 SP2; SIMATIC PCS 7 through 8.2; SINEMA Remote Connect Client; SIMATIC WinAC RTX 2010 SP2; SIMATIC WinAC RTX F 2010 SP2; SIMATIC IT Production Suite; SOFTNET Security Client 5.0; SIMIT 9.0; Security Configuration Tool (SCT); and Primary Setup Tool (PST), when the installation does not use the %PROGRAMFILES% directory, might allow local users to gain privileges via a Trojan horse executable file.
14 CVE-2016-7114 287 Bypass 2016-09-05 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to bypass authentication and obtain administrative access via unspecified HTTP traffic during an authenticated session.
15 CVE-2016-7113 399 DoS 2016-09-05 2016-11-28
7.8
None Remote Low Not required None None Complete
The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.
16 CVE-2016-7112 287 Bypass 2016-09-05 2016-11-28
10.0
Admin Remote Low Not required Complete Complete Complete
The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to bypass authentication and obtain administrative access via unspecified HTTP traffic.
17 CVE-2016-7090 200 +Info 2016-09-29 2016-11-28
4.3
None Remote Medium Not required Partial None None
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
18 CVE-2016-6486 264 +Priv 2016-08-07 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.
19 CVE-2016-6204 79 XSS 2016-07-22 2016-11-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
20 CVE-2016-5874 20 DoS 2016-07-22 2016-11-28
5.0
None Remote Low Not required None None Partial
Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.
21 CVE-2016-5849 200 +Info 2016-07-04 2016-11-28
1.9
None Local Medium Not required Partial None None
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
22 CVE-2016-5848 255 2016-07-04 2016-11-28
1.7
None Local Low Single system Partial None None
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
23 CVE-2016-5744 200 +Info 2016-07-22 2016-11-28
5.0
None Remote Low Not required Partial None None
Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.
24 CVE-2016-5743 20 Exec Code 2016-07-22 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
25 CVE-2016-4785 200 +Info 2016-05-30 2016-06-01
5.0
None Remote Low Not required Partial None None
The integrated web server in the EN100 Ethernet module before 4.27 on Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to obtain sensitive information from device memory via an HTTP request.
26 CVE-2016-4784 200 +Info 2016-05-30 2016-06-01
5.0
None Remote Low Not required Partial None None
The integrated web server in the EN100 Ethernet module before 4.27 on Siemens SIPROTEC 4 and SIPROTEC Compact devices, and the Ethernet Service Interface on SIPROTEC Compact devices, allows remote attackers to obtain sensitive information via an HTTP request.
27 CVE-2016-3963 DoS 2016-04-08 2016-12-02
5.0
None Remote Low Not required None None Partial
Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
28 CVE-2016-3949 399 DoS 2016-06-27 2016-08-18
7.8
None Remote Low Not required None None Complete
Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets.
29 CVE-2016-3155 200 +Info 2016-03-18 2016-12-02
3.6
None Local Low Not required Partial Partial None
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.
30 CVE-2016-2846 254 Bypass 2016-03-16 2016-12-02
6.4
None Remote Low Not required Partial Partial None
Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.
31 CVE-2016-2201 20 Bypass 2016-02-08 2016-12-06
5.0
None Remote Low Not required None Partial None
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
32 CVE-2016-2200 20 DoS 2016-02-08 2016-12-06
7.8
None Remote Low Not required None None Complete
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
33 CVE-2016-1488 79 XSS 2016-01-30 2016-03-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
34 CVE-2015-8214 264 2015-11-27 2016-12-07
9.7
None Remote Low Not required Partial Complete Complete
Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102.
35 CVE-2015-7836 200 +Info 2015-10-28 2015-10-28
3.3
None Local Network Low Not required Partial None None
Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.
36 CVE-2015-6675 284 Bypass 2015-09-11 2015-09-14
4.3
None Local Network Medium Not required Partial Partial None
Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.
37 CVE-2015-5717 310 +Info 2015-08-31 2015-11-04
5.8
None Remote Medium Not required Partial Partial None
The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
38 CVE-2015-5698 352 CSRF 2015-08-30 2015-08-31
7.5
None Remote Low Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
39 CVE-2015-5537 310 2015-08-02 2015-08-03
4.3
None Remote Medium Not required Partial None None
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
40 CVE-2015-5386 20 Bypass 2015-07-16 2015-07-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests.
41 CVE-2015-5374 19 DoS 2015-07-18 2016-12-07
7.8
None Remote Low Not required None None Complete
The EN100 module with firmware before 4.25 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to cause a denial of service via crafted packets on UDP port 50000.
42 CVE-2015-5084 200 +Info 2015-08-02 2016-11-28
2.1
None Local Low Not required Partial None None
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors.
43 CVE-2015-4174 79 XSS 2015-06-28 2016-12-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
44 CVE-2015-3610 310 +Info 2015-05-07 2015-05-07
5.4
None Local Network Medium Not required Partial Partial Partial
The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate.
45 CVE-2015-2823 287 2015-04-08 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.
46 CVE-2015-2822 20 DoS 2015-04-08 2016-11-28
4.3
None Remote Medium Not required None None Partial
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.
47 CVE-2015-2177 20 DoS 2015-03-06 2016-12-02
7.8
None Remote Low Not required None None Complete
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
48 CVE-2015-1602 200 +Info 2015-04-05 2015-04-23
2.1
None Local Low Not required Partial None None
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.
49 CVE-2015-1601 254 +Info 2015-04-05 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors.
50 CVE-2015-1599 264 Bypass 2015-03-06 2015-03-09
2.1
None Local Low Not required None Partial None
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.
Total number of vulnerabilities : 201   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.