Filtered by vendor Siemens
Subscriptions
Total
2218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56840 | 1 Siemens | 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware | 2025-12-11 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user. | ||||
| CVE-2024-56835 | 1 Siemens | 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware | 2025-12-11 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system. | ||||
| CVE-2024-56836 | 1 Siemens | 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware | 2025-12-11 | 7.5 High |
| A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system. | ||||
| CVE-2024-56837 | 1 Siemens | 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware | 2025-12-11 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system. | ||||
| CVE-2024-56838 | 1 Siemens | 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware | 2025-12-11 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user. | ||||
| CVE-2024-56839 | 1 Siemens | 2 Ruggedcom Rox Ii, Ruggedcom Rox Ii Firmware | 2025-12-11 | 7.2 High |
| A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user. | ||||
| CVE-2025-40818 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-12-10 | 3.3 Low |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to impersonate the server potentially enabling man-in-the-middle, traffic decryption or unauthorized access to services that trust these certificates. | ||||
| CVE-2025-40819 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-12-10 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of the system_ticketinfo table to bypass license limitations without proper enforcement checks. This could allow with database access to circumvent licensing restrictions by directly modifying database values and potentially enabling unauthorized use beyond the permitted scope. | ||||
| CVE-2025-40830 | 1 Siemens | 1 Sinec Security Monitor | 2025-12-10 | 6.7 Medium |
| A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any file on server or sensor. | ||||
| CVE-2025-40831 | 1 Siemens | 1 Sinec Security Monitor | 2025-12-10 | 6.5 Medium |
| A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report functionality. | ||||
| CVE-2025-40937 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-10 | 8.3 High |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited privileges. | ||||
| CVE-2025-40938 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-10 | 8.1 High |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability. | ||||
| CVE-2025-40939 | 1 Siemens | 1 Simatic Cn 4100 | 2025-12-10 | 4.6 Medium |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition. | ||||
| CVE-2025-40940 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-10 | 4.9 Medium |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data, potentially leading to a breach of confidentiality. | ||||
| CVE-2025-40941 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-10 | 4.3 Medium |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access to gain useful information, increasing the likelihood of targeted attacks. | ||||
| CVE-2025-40800 | 1 Siemens | 6 Comos, Nx, Simcenter 3d and 3 more | 2025-12-10 | 7.4 High |
| A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack. | ||||
| CVE-2025-40807 | 1 Siemens | 1 Gridscale X Prepay | 2025-12-10 | 6.3 Medium |
| A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions. | ||||
| CVE-2025-40806 | 1 Siemens | 1 Gridscale X Prepay | 2025-12-10 | 5.3 Medium |
| A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users. | ||||
| CVE-2025-40935 | 1 Siemens | 20 Ruggedcom Rmc8388, Ruggedcom Rs416pv2, Ruggedcom Rs416v2 and 17 more | 2025-12-10 | 4.3 Medium |
| A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.1), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.1), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.1), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.1), RUGGEDCOM RSG907R (All versions < V5.10.1), RUGGEDCOM RSG908C (All versions < V5.10.1), RUGGEDCOM RSG909R (All versions < V5.10.1), RUGGEDCOM RSG910C (All versions < V5.10.1), RUGGEDCOM RSG920P V5.X (All versions < V5.10.1), RUGGEDCOM RSL910 (All versions < V5.10.1), RUGGEDCOM RST2228 (All versions < V5.10.1), RUGGEDCOM RST2228P (All versions < V5.10.1), RUGGEDCOM RST916C (All versions < V5.10.1), RUGGEDCOM RST916P (All versions < V5.10.1). Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device. | ||||
| CVE-2025-40801 | 1 Siemens | 8 Comos, Nx, Simcenter 3d and 5 more | 2025-12-10 | 8.1 High |
| A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement (bundled as NX X)), NX V2506 (All versions < V2506.6000 with Cloud Entitlement (bundled as NX X)), Simcenter 3D (All versions < V2506.6000 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Femap (All versions < V2506.0002 with Cloud Entitlement (bundled as Simcenter X Mechanical)), Simcenter Studio (All versions), Simcenter System Architect (All versions), Tecnomatix Plant Simulation (All versions < V2504.0007). The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack. | ||||