CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Siemens : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-34748 787 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17293)
2 CVE-2022-34465 125 Exec Code 2022-07-12 2022-10-27
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420)
3 CVE-2022-34289 787 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-054)
4 CVE-2022-34286 787 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-051)
5 CVE-2022-34284 787 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-049)
6 CVE-2022-34281 125 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-046)
7 CVE-2022-34280 125 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-045)
8 CVE-2022-34279 125 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-044)
9 CVE-2022-34278 125 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-043)
10 CVE-2022-34277 125 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-042)
11 CVE-2022-34276 787 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-041)
12 CVE-2022-34275 787 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-040)
13 CVE-2022-34274 787 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-039)
14 CVE-2022-34273 787 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038)
15 CVE-2022-34272 125 Exec Code 2022-07-12 2022-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-037, FG-VD-22-059)
16 CVE-2022-33139 603 2022-06-21 2022-10-11
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.
17 CVE-2022-32259 863 2022-06-14 2022-06-22
6.4
None Remote Low Not required Partial Partial None
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.
18 CVE-2022-31619 798 Exec Code 2022-06-14 2022-08-10
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions.
19 CVE-2022-29033 824 Exec Code 2022-05-20 2022-05-26
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
20 CVE-2022-29032 415 Exec Code 2022-05-20 2022-05-26
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.
21 CVE-2022-28663 787 Exec Code 2022-04-12 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592)
22 CVE-2022-28661 125 Exec Code 2022-04-12 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114)
23 CVE-2022-27653 787 Exec Code 2022-05-20 2022-06-01
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15594)
24 CVE-2022-25311 269 2022-03-08 2022-10-11
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEC NMS (All versions >= V1.0.3). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
25 CVE-2022-24661 787 Exec Code Mem. Corr. 2022-03-08 2022-03-11
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute code in the context of the current process.
26 CVE-2022-24282 502 Exec Code 2022-03-08 2022-10-11
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEC NMS (All versions >= V1.0.3). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.
27 CVE-2022-24281 89 Exec Code Sql 2022-03-08 2022-12-09
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.
28 CVE-2022-23449 427 Exec Code 2022-04-12 2022-04-19
6.9
None Local Medium Not required Complete Complete Complete
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.
29 CVE-2022-22827 190 Overflow 2022-01-10 2022-10-06
6.8
None Remote Medium Not required Partial Partial Partial
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
30 CVE-2022-22826 190 Overflow 2022-01-10 2022-10-06
6.8
None Remote Medium Not required Partial Partial Partial
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
31 CVE-2022-22825 190 Overflow 2022-01-10 2022-10-06
6.8
None Remote Medium Not required Partial Partial Partial
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
32 CVE-2021-46699 787 Exec Code Overflow 2022-02-22 2022-03-24
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061)
33 CVE-2021-46162 787 Exec Code 2022-02-22 2022-04-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048)
34 CVE-2021-46161 787 Exec Code 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15302)
35 CVE-2021-46160 787 Exec Code 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286)
36 CVE-2021-46159 787 Exec Code 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050)
37 CVE-2021-46158 787 Exec Code Overflow 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602)
38 CVE-2021-46157 119 Exec Code Overflow Mem. Corr. 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757)
39 CVE-2021-46156 787 Exec Code 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14684)
40 CVE-2021-46155 787 Exec Code Overflow 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593)
41 CVE-2021-46154 787 Exec Code Overflow 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304)
42 CVE-2021-46153 119 Exec Code Overflow Mem. Corr. 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599)
43 CVE-2021-46152 843 Exec Code 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183)
44 CVE-2021-46151 787 Exec Code 2022-02-09 2022-02-28
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082)
45 CVE-2021-46143 190 Overflow 2022-01-06 2022-10-06
6.8
None Remote Medium Not required Partial Partial Partial
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
46 CVE-2021-44523 668 2021-12-14 2021-12-17
6.4
None Remote Low Not required Partial Partial None
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.
47 CVE-2021-44450 125 +Info 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865)
48 CVE-2021-44449 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)
49 CVE-2021-44447 416 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911)
50 CVE-2021-44446 787 Exec Code 2021-12-14 2021-12-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)
Total number of vulnerabilities : 236   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.