CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Siemens : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-13806 427 Exec Code 2018-09-12 2018-11-20
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known.
2 CVE-2018-4860 78 Exec Code 2018-06-26 2018-08-31
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
3 CVE-2018-4859 78 Exec Code 2018-06-26 2018-08-31
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
4 CVE-2018-4858 284 Exec Code 2018-07-09 2018-12-13
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.
5 CVE-2018-4854 284 Exec Code 2018-07-03 2018-09-06
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system.
6 CVE-2018-4853 284 2018-07-03 2018-09-06
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device.
7 CVE-2018-4846 798 2018-06-26 2018-08-31
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.
8 CVE-2017-12739 264 Exec Code 2017-11-15 2017-11-30
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.
9 CVE-2017-6869 264 Exec Code 2017-08-07 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.
10 CVE-2016-7114 287 2016-09-05 2018-03-22
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful.
11 CVE-2016-7112 287 2016-09-05 2018-03-22
10.0
Admin Remote Low Not required Complete Complete Complete
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations.
12 CVE-2016-5743 20 Exec Code 2016-07-22 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
13 CVE-2015-8214 264 2015-11-27 2016-12-07
9.7
None Remote Low Not required Partial Complete Complete
Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102.
14 CVE-2015-5386 20 Bypass 2015-07-16 2015-07-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests.
15 CVE-2015-1449 119 Exec Code Overflow 2015-02-02 2015-02-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.
16 CVE-2015-1448 264 Bypass 2015-02-02 2015-02-04
10.0
None Remote Low Not required Complete Complete Complete
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.
17 CVE-2014-8551 94 Exec Code 2014-11-26 2014-11-26
10.0
None Remote Low Not required Complete Complete Complete
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.
18 CVE-2014-2731 Exec Code 2014-04-19 2014-04-21
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.
19 CVE-2013-6920 287 Bypass 2013-12-06 2013-12-09
10.0
None Remote Low Not required Complete Complete Complete
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.
20 CVE-2013-5944 287 2013-10-03 2013-10-03
10.0
None Remote Low Not required Complete Complete Complete
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.
21 CVE-2013-4781 78 Exec Code 2013-07-18 2013-08-22
10.0
None Remote Low Not required Complete Complete Complete
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors.
22 CVE-2013-4652 Exec Code Bypass 2013-08-01 2013-08-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET connection.
23 CVE-2013-0659 Exec Code 2013-04-01 2013-04-01
10.0
None Remote Low Not required Complete Complete Complete
The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185.
24 CVE-2012-5409 119 Exec Code Overflow 2012-11-01 2013-05-20
10.0
None Remote Low Not required Complete Complete Complete
AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack.
25 CVE-2012-1799 287 2012-04-18 2012-12-05
10.0
None Remote Low Not required Complete Complete Complete
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
26 CVE-2011-4876 22 1 Dir. Trav. 2012-02-03 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.
27 CVE-2011-4875 119 1 Exec Code Overflow 2012-02-03 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
28 CVE-2011-4514 287 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.
29 CVE-2011-4513 Exec Code 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.
30 CVE-2011-4509 264 2012-02-03 2012-02-06
10.0
None Remote Low Not required Complete Complete Complete
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
31 CVE-2011-4508 287 Bypass 2012-02-03 2012-02-07
9.3
None Remote Medium Not required Complete Complete Complete
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.
32 CVE-2011-4055 119 Exec Code Overflow 2012-01-07 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL.
33 CVE-2011-3321 119 DoS Exec Code Overflow Mem. Corr. 2011-09-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.
34 CVE-2008-6993 310 2009-08-19 2009-08-21
10.0
None Remote Low Not required Complete Complete Complete
Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
35 CVE-2008-6916 287 Bypass 2009-08-07 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
36 CVE-2000-0964 DoS Exec Code Overflow 2000-12-19 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.