# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-27242 |
120 |
|
Overflow Mem. Corr. |
2022-05-20 |
2022-06-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. |
2 |
CVE-2021-42023 |
522 |
|
Bypass |
2021-12-14 |
2021-12-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice. |
3 |
CVE-2021-40363 |
312 |
|
|
2022-02-09 |
2022-05-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system. |
4 |
CVE-2021-37195 |
79 |
|
Exec Code XSS |
2022-01-11 |
2022-04-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. |
5 |
CVE-2021-33715 |
476 |
|
|
2021-07-13 |
2021-07-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. |
6 |
CVE-2021-33714 |
476 |
|
|
2021-07-13 |
2021-07-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. |
7 |
CVE-2021-33713 |
688 |
|
|
2021-07-13 |
2021-07-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application. |
8 |
CVE-2021-25675 |
369 |
|
|
2021-03-15 |
2021-03-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service. |
9 |
CVE-2021-25674 |
476 |
|
|
2021-03-15 |
2021-03-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service. |
10 |
CVE-2021-22923 |
522 |
|
|
2021-08-05 |
2022-04-06 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. |
11 |
CVE-2021-22898 |
909 |
|
|
2021-06-11 |
2022-05-13 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. |
12 |
CVE-2020-28394 |
125 |
|
|
2021-02-09 |
2021-03-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283) |
13 |
CVE-2020-28390 |
522 |
|
+Info |
2021-01-12 |
2021-01-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users. |
14 |
CVE-2020-27008 |
125 |
|
|
2021-02-09 |
2021-03-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209) |
15 |
CVE-2020-26998 |
125 |
|
+Info |
2021-02-09 |
2022-02-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040) |
16 |
CVE-2020-25231 |
321 |
|
|
2020-12-14 |
2020-12-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files. |
17 |
CVE-2020-15358 |
787 |
|
Overflow |
2020-06-27 |
2022-05-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. |
18 |
CVE-2020-13632 |
476 |
|
|
2020-05-27 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. |
19 |
CVE-2020-13631 |
|
|
|
2020-05-27 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. |
20 |
CVE-2020-10054 |
|
|
|
2021-11-09 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service. |
21 |
CVE-2020-10053 |
312 |
|
|
2021-11-09 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks. |
22 |
CVE-2020-10052 |
532 |
|
|
2021-11-09 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks. |
23 |
CVE-2020-10048 |
287 |
|
Bypass |
2021-02-09 |
2021-02-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing authentication. |
24 |
CVE-2019-19645 |
674 |
|
|
2019-12-09 |
2022-04-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. |
25 |
CVE-2019-18340 |
327 |
|
|
2019-12-12 |
2021-04-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks. |
26 |
CVE-2019-10917 |
755 |
|
|
2019-05-14 |
2021-11-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. |
27 |
CVE-2018-13811 |
200 |
|
+Info |
2018-12-13 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All Versions < V15.1). Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the project file. No user interaction is required to exploit the vulnerability. The vulnerability could allow the attacker to obtain certain passwords from the project. At the time of advisory publication no public exploitation of this vulnerability was known. |
28 |
CVE-2018-4847 |
311 |
|
|
2018-04-23 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue. |
29 |
CVE-2017-9942 |
|
|
|
2017-08-08 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems. |
30 |
CVE-2015-5084 |
200 |
|
+Info |
2015-08-03 |
2017-09-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The Siemens SIMATIC WinCC [email protected] and [email protected] Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. |
31 |
CVE-2015-1602 |
200 |
|
+Info |
2015-04-06 |
2015-04-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files. |
32 |
CVE-2015-1599 |
264 |
|
Bypass |
2015-03-07 |
2015-03-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. |
33 |
CVE-2015-1598 |
200 |
|
+Info |
2015-03-07 |
2015-03-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. |
34 |
CVE-2015-1355 |
310 |
|
|
2015-02-18 |
2015-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. |
35 |
CVE-2001-0384 |
|
|
|
2001-07-02 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file. |