ReportizFlow
Filtered by vendor Siemens
Subscriptions
Total
2125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38533 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | 3.3 Low |
| A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. | ||||
| CVE-2025-23365 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | 7.8 High |
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code. | ||||
| CVE-2025-23364 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | 6.2 Medium |
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations. | ||||
| CVE-2025-40593 | 1 Siemens | 1 Simatic Cn 4100 | 2025-08-21 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition. | ||||
| CVE-2025-40738 | 1 Siemens | 2 Sinec-nms, Sinec Nms | 2025-08-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572). | ||||
| CVE-2025-40737 | 1 Siemens | 2 Sinec-nms, Sinec Nms | 2025-08-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571). | ||||
| CVE-2025-40736 | 1 Siemens | 2 Sinec-nms, Sinec Nms | 2025-08-21 | 9.8 Critical |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application exposes an endpoint that allows an unauthorized modification of administrative credentials. This could allow an unauthenticated attacker to reset the superadmin password and gain full control of the application (ZDI-CAN-26569). | ||||
| CVE-2025-40735 | 1 Siemens | 2 Sinec-nms, Sinec Nms | 2025-08-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | ||||
| CVE-2025-40741 | 1 Siemens | 1 Solid Edge | 2025-08-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-40740 | 1 Siemens | 1 Solid Edge | 2025-08-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-40739 | 1 Siemens | 1 Solid Edge | 2025-08-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-28831 | 1 Siemens | 156 Simatic Cloud Connect 7 Cc712, Simatic Cloud Connect 7 Cc712 Firmware, Simatic Cloud Connect 7 Cc716 and 153 more | 2025-08-21 | 7.5 High |
| The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. | ||||
| CVE-2025-30034 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2025-08-20 | 6.2 Medium |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition. | ||||
| CVE-2025-40746 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2025-08-20 | 9.1 Critical |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges. | ||||
| CVE-2025-40751 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2025-08-20 | 6.3 Medium |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. | ||||
| CVE-2025-40770 | 1 Siemens | 1 Sinec Traffic Analyzer | 2025-08-20 | 7.4 High |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks. | ||||
| CVE-2024-32006 | 1 Siemens | 1 Sinema Remote Connect Client | 2025-08-20 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication. | ||||
| CVE-2024-46891 | 2 Seimens, Siemens | 2 Sinec Ins, Sinec Ins | 2025-08-20 | 5.3 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. | ||||
| CVE-2024-46894 | 1 Siemens | 1 Sinec Ins | 2025-08-20 | 6.3 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration. | ||||
| CVE-2024-32740 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-08-20 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device locally or over the network. | ||||