Siemens : Security Vulnerabilities (CVSS score between 2 and 2.99)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2018-11449	255		2018-06-26	2018-08-24	2.1	None	Local	Low	Not required	Partial	None	None
A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.
2	CVE-2018-4847	200	+Info	2018-04-23	2018-10-10	2.1	None	Local	Low	Not required	Partial	None	None
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.
3	CVE-2017-9942	255		2017-08-07	2017-08-16	2.1	None	Local	Low	Not required	Partial	None	None
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems.
4	CVE-2015-5084	200	+Info	2015-08-02	2017-09-20	2.1	None	Local	Low	Not required	Partial	None	None
The Siemens SIMATIC WinCC [email protected] and [email protected] Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors.
5	CVE-2015-1602	200	+Info	2015-04-05	2015-04-23	2.1	None	Local	Low	Not required	Partial	None	None
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files.
6	CVE-2015-1599	264	Bypass	2015-03-06	2015-03-09	2.1	None	Local	Low	Not required	None	Partial	None
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.
7	CVE-2015-1598	200	+Info	2015-03-06	2015-03-09	2.1	None	Local	Low	Not required	Partial	None	None
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.
8	CVE-2015-1355	310		2015-02-17	2015-02-18	2.1	None	Local	Low	Not required	Partial	None	None
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.
9	CVE-2014-5231	200	+Info	2015-01-14	2015-11-13	2.1	None	Local	Low	Not required	Partial	None	None
The Siemens SIMATIC WinCC [email protected] app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.
10	CVE-2001-0384			2001-07-02	2008-09-05	2.1	None	Local	Low	Not required	None	Partial	None
ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.

Total number of vulnerabilities : 10 Page : 1 (This Page)