Siemens Latest Vulnerabilities

November 18

CVE-2024-52574

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52570

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52569

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52568

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52565

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52571

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52572

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52566

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52567

SiemensTecnomatix Plant Simul...7.8HIGH

CVE-2024-52573

SiemensTecnomatix Plant Simul...7.8HIGH

November 12

RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) and other products remote code execution vulnerability

CVE-2024-50572

SiemensRuggedcom Rm1224 Lte(4...7.2HIGH

SCALANCE Mxx6-x ADSL-Router vulnerable to file sanitization attack

CVE-2024-50561

SiemensRuggedcom Rm1224 Lte(4...6.1MEDIUM

{"{\"name\":\"Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet\",\"versions\":[\"< V8.2\"]}"}

CVE-2024-50560

SiemensRuggedcom Rm1224 Lte(4...4.3MEDIUM

Siemens SCALANCE Products Vulnerability

CVE-2024-50559

SiemensRuggedcom Rm1224 Lte(4...4.3MEDIUM

Vulnerability in RUGGEDCOM RM1224 LTE(4G) Devices Could Lead to Denial of Service

CVE-2024-50558

SiemensRuggedcom Rm1224 Lte(4...4.3MEDIUM

Input Validation Vulnerability in iperf Functionality Could Allow Arbitrary Code Execution

CVE-2024-50557

SiemensRuggedcom Rm1224 Lte(4...9.8CRITICAL

Race Condition Vulnerability Affects Mendix Runtime Versions

CVE-2024-50313

SiemensMendix Runtime V104.8MEDIUM

Unauthorized Access to Filesystem via Authentication Bypass

CVE-2024-50310

SiemensSimatic Cp 1543-1 V4.07.5HIGH

DLL Hijacking Vulnerability Affects Solid Edge SE2024

CVE-2024-47942

SiemensSolid Edge Se20247.3HIGH

Vulnerability in Solid Edge SE2024 Could Allow Execution of Code

CVE-2024-47941

SiemensSolid Edge Se20247.8HIGH

Vulnerability in Solid Edge SE2024 Allows Execution of Code

CVE-2024-47940

SiemensSolid Edge Se20247.8HIGH

Arbitrary File Write Vulnerability in SINEC NMS

CVE-2024-47808

SiemensSinec Nms6.5MEDIUM

Local Attacker Could Gain Elevated Privileges via Incorrect File Permissions

CVE-2024-47783

SiemensSiport7.8HIGH

Remotely exploitable vulnerability in SINEC INS allows attackers to access sensitive SFTP user config

CVE-2024-46894

SiemensSinec Ins6.3MEDIUM

Vulnerability in SINEC INS Could Allow Continued Malicious Actions After User Disabling

CVE-2024-46892

SiemensSinec Ins8.1HIGH

Unauthenticated Remote Attack Could Trigger Denial of Service Condition Through Exhaustion of System Resources

CVE-2024-46891

SiemensSinec Ins5.3MEDIUM

Invalid Input Validation in SINEC INS Leads to Arbitrary Code Execution

CVE-2024-46890

SiemensSinec Ins9.1CRITICAL

SINEC INS Vulnerability: Hard-Coded Cryptographic Key Material Exposes Configuration Files

CVE-2024-46889

SiemensSinec Ins5.3MEDIUM

Arbitrary File Manipulation and Code Execution Vulnerability

CVE-2024-46888

SiemensSinec Ins9.9CRITICAL

Serielization Vulnerability in TeleControl Server Basic Could Allow Arbitrary Code Execution

CVE-2024-44102

SiemensPp Telecontrol Server ...10CRITICAL

Stored Cross-Site Scripting (XSS) Vulnerability Affects OZW672 Devices

CVE-2024-36140

SiemensOzw6725.4MEDIUM

Local Privilege Escalation Vulnerability Affects Spectrum Power 7

CVE-2024-29119

SiemensSpectrum Power 77.8HIGH

{"Vulnerability in Siemens Products Could Allow Arbitrary Code Execution"}

CVE-2023-32736

SiemensSimatic S7-plcsim V167.3HIGH

October 23

CVE-2024-47903

SiemensIntermesh 7177 Hybrid ...9.1CRITICAL

CVE-2024-47904

SiemensIntermesh 7177 Hybrid ...7.8HIGH

CVE-2024-47902

SiemensIntermesh 7177 Hybrid ...9.8CRITICAL

October 8

Siemens SINEC Security Monitor Vulnerability: Authentication Bypass Risk

CVE-2024-47565

SiemensSiemens Sinec Security...4.3MEDIUM

Invalid File Path Validation in SINEC Security Monitor Could Lead to File Compromise

CVE-2024-47563

SiemensSiemens Sinec Security...5.3MEDIUM

SINEC Security Monitor Vulnerability Affects Authentication and Privilege Escalation

CVE-2024-47562

SiemensSiemens Sinec Security...8.8HIGH

SINEC Security Monitor Vulnerability - Arbitrary Code Execution

CVE-2024-47553

SiemensSiemens Sinec Security...9.9CRITICAL

Arbitrary Code Execution Vulnerability in vsimk.exe

CVE-2024-47196

SiemensModelsim7.3HIGH

ModelSim Vulnerability Allows Arbitrary Code Injection and Privilege Escalation

CVE-2024-47195

SiemensModelsim7.3HIGH

ModelSim Vulnerability Could Allow Arbitrary Code Injection and Privilege Escalation

CVE-2024-47194

SiemensModelsim7.3HIGH

Siemens Simcenter Nastran vulnerable to memory corruption

CVE-2024-47046

SiemensSimcenter Nastran 23067.8HIGH

Unauthenticated Remote Attacker Could Gain Knowledge of Current Cycle Times and Communication Load

CVE-2024-46887

SiemensSimatic Drive Controll...5.3MEDIUM

Attackers Can Redirect Users to Malicious URLs via Insecure Input Validation

CVE-2024-46886

SiemensSimatic Drive Controll...4.7MEDIUM

Tecnomatix Plant Simulation Vulnerability Leads to Denial of Service

CVE-2024-45476

SiemensTecnomatix Plant Simul...3.3LOW

Memory Corruption vulnerability in Tecnomatix Plant Simulation

CVE-2024-45475

SiemensTecnomatix Plant Simul...7.8HIGH

Memory Corruption Vulnerability in Tecnomatix Plant Simulation

CVE-2024-45474

SiemensTecnomatix Plant Simul...7.8HIGH

Tecnomatix Plant Simulation Vulnerable to Memory Corruption

CVE-2024-45473

SiemensTecnomatix Plant Simul...7.8HIGH

Memory Corruption Vulnerability in Tecnomatix Plant Simulation

CVE-2024-45472

SiemensTecnomatix Plant Simul...7.8HIGH

Specially Crafted WRL File Vulnerability Affects Tecnomatix Plant Simulation

CVE-2024-45471

SiemensTecnomatix Plant Simul...7.8HIGH

Specially Crafted WRL File Vulnerability Affects Tecnomatix Plant Simulation

CVE-2024-45470

SiemensTecnomatix Plant Simul...7.8HIGH

Tecnomatix Plant Simulation Vulnerability: Out of Bounds Write Risk

CVE-2024-45469

SiemensTecnomatix Plant Simul...7.8HIGH

Memory Corruption Vulnerability in Tecnomatix Plant Simulation

CVE-2024-45468

SiemensTecnomatix Plant Simul...7.8HIGH

Memory Corruption Vulnerability in Tecnomatix Plant Simulation

CVE-2024-45467

SiemensTecnomatix Plant Simul...7.8HIGH

Tecnomatix Plant Simulation Vulnerability: Execution of Code in Context of Current Process Possible

CVE-2024-45466

SiemensTecnomatix Plant Simul...7.8HIGH

Vulnerability in Tecnomatix Plant Simulation Could Allow Execution of Code

CVE-2024-45465

SiemensTecnomatix Plant Simul...7.8HIGH

Vulnerability in Tecnomatix Plant Simulation Could Allow Code Execution

CVE-2024-45464

SiemensTecnomatix Plant Simul...7.8HIGH

Tecnomatix Plant Simulation Vulnerability Could Allow code Execution

CVE-2024-45463

SiemensTecnomatix Plant Simul...7.8HIGH

Heap-Based Buffer Overflow Vulnerability Affects Simcenter Nastran

CVE-2024-41981

SiemensSimcenter Nastran 23067.8HIGH

Stack-based buffer overflow vulnerability in JT2Go could allow code execution

CVE-2024-41902

SiemensJt2go7.8HIGH

Vulnerability Alert: 4-Digit PIN Insufficient Protection Against Brute-Force Attacks

CVE-2024-41798

SiemensSentron 7km Pac32009.8CRITICAL

Unauthenticated Escape Vulnerability in HiMed Cockpit

CVE-2023-52952

SiemensHimed Cockpit 12 Pro8.5HIGH

September 10

Unauthenticated Remote Attacker Could Impersonate Other Devices via Validation Vulnerability

CVE-2024-45032

SiemensIndustrial Edge Manage...10CRITICAL

Automation License Manager Vulnerability Could Lead to Remote Code Execution

CVE-2024-44087

SiemensAutomation License Man...8.6HIGH

Insertion of Sensitive Information into Log File Vulnerability Affects SINUMERIK Systems

CVE-2024-43781

SiemensSinumerik 828d V45.5MEDIUM

{"SIMATIC S7-200 SMART CPU Firmware Vulnerability Could Lead to Denial of Service","SIMATIC S7-200 SMART CPU Affected by TCP Packet Structure Error","Unplugging Network Cable Can Restore Normal Operations for SIMATIC S7-200 SMART CPU"}

CVE-2024-43647

SiemensSimatic S7-200 Smart C...7.5HIGH

Remote Access Vulnerability in SINEMA Remote Connect Server Could Allow Circumvention of Additional Multi-Factor Authentication

CVE-2024-42345

SiemensSinema Remote Connect ...4.3MEDIUM

SINEMA Remote Connect Client Vulnerability Could Compromise Confidentiality

CVE-2024-42344

SiemensSinema Remote Connect ...5.5MEDIUM

SINUMERIK Devices Vulnerable to Privilege Escalation Attacks

CVE-2024-41171

SiemensSinumerik 828d V48.8HIGH

Stack Based Overflow Vulnerability in Tecnomatix Plant Simulation

CVE-2024-41170

SiemensTecnomatix Plant Simul...7.8HIGH

SIMATIC Reader vulnerability could lead to sensitive information disclosure

CVE-2024-37995

SiemensSimatic Reader Rf610r ...9.1CRITICAL

Hidden Configuration Item Could Lead to Deployment Insights

CVE-2024-37994

SiemensSimatic Reader Rf610r ...7.1HIGH

Affected applications do not authenticate the creation of Ajax2App instances

CVE-2024-37993

SiemensSimatic Reader Rf610r ...7.5HIGH

SIMATIC Reader vulnerabilities due to error handling

CVE-2024-37992

SiemensSimatic Reader Rf610r ...7.5HIGH

Sensitive Information Accessible Without Authentication in SIMATIC Reader RF610R, RF615R, RF680R, and Other Products

CVE-2024-37991

SiemensSimatic Reader Rf610r ...6.5MEDIUM

CVE-2024-37990

SiemensSimatic Reader Rf610r ...6.5MEDIUM

Elevated Privileges Vulnerability Affects Siemens' Industrial Automation Products

CVE-2024-35783

SiemensSimatic Batch V9.19.1CRITICAL

CVE-2024-33698

SiemensOpcenter Execution Fou...9.8CRITICAL

Remote Connect Client Vulnerability Allows Bypass of Multi-Factor Authentication Without Logout

CVE-2024-32006

SiemensSinema Remote Connect ...4.3MEDIUM

Vulnerability in Mendix Runtime Could Allow Unauthorized Access to User Data

CVE-2023-49069

SiemensMendix Runtime V105.3MEDIUM

CVE-2023-30756

SiemensSimatic Cp 1242-7 V2 (...5.9MEDIUM

CVE-2023-30755

SiemensSimatic Cp 1242-7 V2 (...4.4MEDIUM

CVE-2023-28827

SiemensSimatic Cp 1242-7 V2 (...5.9MEDIUM

August 13

SCALANCE M804PB Faces Vulnerability in 2FA Log File Injection

CVE-2024-41978

SiemensRuggedcom Rm1224 Lte(4...6.5MEDIUM

Devices vulnerable to attack through web server component

CVE-2024-41977

SiemensRuggedcom Rm1224 Lte(4...8HIGH

SCALANCE M874-3 VPN Router Vulnerability

CVE-2024-41976

SiemensRuggedcom Rm1224 Lte(4...8.8HIGH

Unauthorized Access to Modify Application Settings in SINEC NMS

CVE-2024-41941

SiemensSinec Nms4.3MEDIUM

Privilege Escalation Vulnerability in SINEC NMS

CVE-2024-41940

SiemensSinec Nms9.1CRITICAL

Vulnerability in SINEC NMS Could Allow Elevated Privileges

CVE-2024-41939

SiemensSinec Nms8.8HIGH

Path Traversal Vulnerability in SINEC NMS Leads to Certificate Deletion

CVE-2024-41938

SiemensSinec Nms3.8LOW

NX Parsing Vulnerability Could Lead to Code Execution

CVE-2024-41908

SiemensNx7.8HIGH

Clickjacking Vulnerability in SINEC Traffic Analyzer

CVE-2024-41907

SiemensSinec Traffic Analyzer5.4MEDIUM

Cache Abuse Vulnerability in Traffic Analyzer

CVE-2024-41906

SiemensSinec Traffic Analyzer6.5MEDIUM

SINEC Traffic Analyzer Vulnerability: Unauthorized Access to Sensitive Information

CVE-2024-41905

SiemensSinec Traffic Analyzer6.5MEDIUM

Brute Force Attack Vulnerability Affects SINEC Traffic Analyzer

CVE-2024-41904

SiemensSinec Traffic Analyzer7.5HIGH

Container RootFS Privilege Escalation Vulnerability

CVE-2024-41903

SiemensSinec Traffic Analyzer7.2HIGH

Brute Force Vulnerability in Location Intelligence Family

CVE-2024-41683

SiemensLocation Intelligence ...5.3MEDIUM

Attackers can conduct brute force attacks against legitimate user passwords

CVE-2024-41682

SiemensLocation Intelligence ...5.3MEDIUM