Filtered by vendor Siemens
Subscribe
Total
1901 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28400 | 1 Siemens | 157 Dk Standard Ethernet Controller Evaluation Kit, Dk Standard Ethernet Controller Evaluation Kit Firmware, Ek-ertec 200 Evaulation Kit and 154 more | 2024-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. | |||||
| CVE-2024-39876 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 4.0 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device. | |||||
| CVE-2024-39875 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships. | |||||
| CVE-2024-39874 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-39873 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. | |||||
| CVE-2024-39872 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 9.6 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level. | |||||
| CVE-2024-39871 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to. | |||||
| CVE-2024-39870 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. | |||||
| CVE-2024-39869 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually. | |||||
| CVE-2024-39868 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 7.6 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges. | |||||
| CVE-2024-39867 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 7.6 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges. | |||||
| CVE-2024-39866 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges. | |||||
| CVE-2024-39865 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution. | |||||
| CVE-2024-39571 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges. | |||||
| CVE-2024-39570 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges. | |||||
| CVE-2024-39569 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-11-21 | N/A | 6.6 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system. | |||||
| CVE-2024-39568 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. | |||||
| CVE-2024-37999 | 1 Siemens | 1 Medicalis Workflow Orchestrator | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges. | |||||
| CVE-2024-35208 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. | |||||
| CVE-2024-35207 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. | |||||