Siemens Latest Vulnerabilities

December 16

Heap-Based Buffer Overflow in Siemens Automation Products

CVE-2024-49775
SiemensOpcenter Execution Fou...9.8CRITICAL

December 10

Integer Underflow Vulnerability in Solid Edge SE2024 Could Allow Code Execution

CVE-2024-54095
SiemensSolid Edge Se20247.8HIGH

Heap-Based Buffer Overflow Vulnerability Affects Solid Edge SE2024

CVE-2024-54094
SiemensSolid Edge Se20247.8HIGH

Heap-Based Buffer Overflow Vulnerability Affects Solid Edge SE2024

CVE-2024-54093
SiemensSolid Edge Se20247.8HIGH

Parasolid Vulnerability Could Allow Execution of Code in Context of Current Process

CVE-2024-54091
SiemensParasolid V36.17.8HIGH

COMOS PDMS/E3D Interface Vulnerability Could Allow File Extraction

CVE-2024-54005
SiemensComos V10.35.1MEDIUM

Secure Element Vulnerability Exposes Password and Update Files to Physical Attack

CVE-2024-53832
SiemensCpci85 Central Process...4.6MEDIUM

Siemens Teamcenter Visualization Vulnerability Affects Multiple Releases

CVE-2024-53242
SiemensTeamcenter Visualizati...7.8HIGH

Siemens Teamcenter Visualization Vulnerability: Stack-Based Overflow in WRL File Processing

CVE-2024-53041
SiemensTeamcenter Visualizati...7.8HIGH

{"Vulnerability in Siemens PLCs and SCADA Systems Could Allow Arbitrary Code Execution"}

CVE-2024-52051
SiemensSimatic S7-plcsim V177.3HIGH

{"Vulnerability in Siemens Products Could Allow Arbitrary Code Execution"}

CVE-2024-49849
SiemensSimatic S7-plcsim V167.8HIGH

COMOS XML External Entity Vulnerability

CVE-2024-49704
SiemensComos V10.35.5MEDIUM

Cross-Site Request Forgery (CSRF) Vulnerability Affects RUGGEDCOM ROX Devices

CVE-2020-28398
SiemensRuggedcom Rox Mx50008.8HIGH

December 6

Vulnerability in syngo.plaza VB30E Allows Execution of Malicious SQL Commands

CVE-2024-52335
SiemensSyngo.plaza Vb30e9.8CRITICAL

November 18

CVE-2024-52569
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52574
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52568
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52567
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52571
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52572
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52566
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52570
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52573
SiemensTeamcenter Visualizati...7.8HIGH

CVE-2024-52565
SiemensTeamcenter Visualizati...7.8HIGH

November 12

RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) and other products remote code execution vulnerability

CVE-2024-50572
SiemensRuggedcom Rm1224 Lte(4...7.2HIGH

SCALANCE Mxx6-x ADSL-Router vulnerable to file sanitization attack

CVE-2024-50561
SiemensRuggedcom Rm1224 Lte(4...6.1MEDIUM

{"{\"name\":\"Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet\",\"versions\":[\"< V8.2\"]}"}

CVE-2024-50560
SiemensRuggedcom Rm1224 Lte(4...4.3MEDIUM

Siemens SCALANCE Products Vulnerability

CVE-2024-50559
SiemensRuggedcom Rm1224 Lte(4...4.3MEDIUM

Vulnerability in RUGGEDCOM RM1224 LTE(4G) Devices Could Lead to Denial of Service

CVE-2024-50558
SiemensRuggedcom Rm1224 Lte(4...4.3MEDIUM

Input Validation Vulnerability in iperf Functionality Could Allow Arbitrary Code Execution

CVE-2024-50557
SiemensRuggedcom Rm1224 Lte(4...9.8CRITICAL

Race Condition Vulnerability Affects Mendix Runtime Versions

CVE-2024-50313
SiemensMendix Runtime V104.8MEDIUM

Unauthorized Access to Filesystem via Authentication Bypass

CVE-2024-50310
SiemensSimatic Cp 1543-1 V4.07.5HIGH

DLL Hijacking Vulnerability Affects Solid Edge SE2024

CVE-2024-47942
SiemensSolid Edge Se20247.3HIGH

Vulnerability in Solid Edge SE2024 Could Allow Execution of Code

CVE-2024-47941
SiemensSolid Edge Se20247.8HIGH

Vulnerability in Solid Edge SE2024 Allows Execution of Code

CVE-2024-47940
SiemensSolid Edge Se20247.8HIGH

Arbitrary File Write Vulnerability in SINEC NMS

CVE-2024-47808
SiemensSinec Nms6.5MEDIUM

Local Attacker Could Gain Elevated Privileges via Incorrect File Permissions

CVE-2024-47783
SiemensSiport7.8HIGH

Remotely exploitable vulnerability in SINEC INS allows attackers to access sensitive SFTP user config

CVE-2024-46894
SiemensSinec Ins6.3MEDIUM

Vulnerability in SINEC INS Could Allow Continued Malicious Actions After User Disabling

CVE-2024-46892
SiemensSinec Ins8.1HIGH

Unauthenticated Remote Attack Could Trigger Denial of Service Condition Through Exhaustion of System Resources

CVE-2024-46891
SiemensSinec Ins5.3MEDIUM

Invalid Input Validation in SINEC INS Leads to Arbitrary Code Execution

CVE-2024-46890
SiemensSinec Ins9.1CRITICAL

SINEC INS Vulnerability: Hard-Coded Cryptographic Key Material Exposes Configuration Files

CVE-2024-46889
SiemensSinec Ins5.3MEDIUM

Arbitrary File Manipulation and Code Execution Vulnerability

CVE-2024-46888
SiemensSinec Ins9.9CRITICAL

Serielization Vulnerability in TeleControl Server Basic Could Allow Arbitrary Code Execution

CVE-2024-44102
SiemensPp Telecontrol Server ...10CRITICAL

Stored Cross-Site Scripting (XSS) Vulnerability Affects OZW672 Devices

CVE-2024-36140
SiemensOzw6725.4MEDIUM

Local Privilege Escalation Vulnerability Affects Spectrum Power 7

CVE-2024-29119
SiemensSpectrum Power 77.8HIGH

{"Vulnerability in Siemens Products Could Allow Arbitrary Code Execution"}

CVE-2023-32736
SiemensSimatic S7-plcsim V167.3HIGH

October 23

CVE-2024-47903
SiemensIntermesh 7177 Hybrid ...9.1CRITICAL

CVE-2024-47904
SiemensIntermesh 7177 Hybrid ...7.8HIGH

CVE-2024-47902
SiemensIntermesh 7177 Hybrid ...9.8CRITICAL

October 8

Siemens SINEC Security Monitor Vulnerability: Authentication Bypass Risk

CVE-2024-47565
SiemensSiemens Sinec Security...4.3MEDIUM

Invalid File Path Validation in SINEC Security Monitor Could Lead to File Compromise

CVE-2024-47563
SiemensSiemens Sinec Security...5.3MEDIUM

SINEC Security Monitor Vulnerability Affects Authentication and Privilege Escalation

CVE-2024-47562
SiemensSiemens Sinec Security...8.8HIGH

SINEC Security Monitor Vulnerability - Arbitrary Code Execution

CVE-2024-47553
SiemensSiemens Sinec Security...9.9CRITICAL

Arbitrary Code Execution Vulnerability in vsimk.exe

CVE-2024-47196
SiemensModelsim7.3HIGH

ModelSim Vulnerability Allows Arbitrary Code Injection and Privilege Escalation

CVE-2024-47195
SiemensModelsim7.3HIGH

ModelSim Vulnerability Could Allow Arbitrary Code Injection and Privilege Escalation

CVE-2024-47194
SiemensModelsim7.3HIGH

Siemens Simcenter Nastran vulnerable to memory corruption

CVE-2024-47046
SiemensSimcenter Femap V23067.8HIGH

Unauthenticated Remote Attacker Could Gain Knowledge of Current Cycle Times and Communication Load

CVE-2024-46887
SiemensSimatic Drive Controll...5.3MEDIUM

Attackers Can Redirect Users to Malicious URLs via Insecure Input Validation

CVE-2024-46886
SiemensSimatic Drive Controll...4.7MEDIUM

Tecnomatix Plant Simulation Vulnerability Leads to Denial of Service

CVE-2024-45476
SiemensTeamcenter Visualizati...3.3LOW

Memory Corruption vulnerability in Tecnomatix Plant Simulation

CVE-2024-45475
SiemensTeamcenter Visualizati...7.8HIGH

Memory Corruption Vulnerability in Tecnomatix Plant Simulation

CVE-2024-45474
SiemensTeamcenter Visualizati...7.8HIGH

Tecnomatix Plant Simulation Vulnerable to Memory Corruption

CVE-2024-45473
SiemensTeamcenter Visualizati...7.8HIGH

Memory Corruption Vulnerability in Tecnomatix Plant Simulation

CVE-2024-45472
SiemensTeamcenter Visualizati...7.8HIGH

Specially Crafted WRL File Vulnerability Affects Tecnomatix Plant Simulation

CVE-2024-45471
SiemensTeamcenter Visualizati...7.8HIGH

Specially Crafted WRL File Vulnerability Affects Tecnomatix Plant Simulation

CVE-2024-45470
SiemensTeamcenter Visualizati...7.8HIGH

Tecnomatix Plant Simulation Vulnerability: Out of Bounds Write Risk

CVE-2024-45469
SiemensTeamcenter Visualizati...7.8HIGH

Memory Corruption Vulnerability in Tecnomatix Plant Simulation

CVE-2024-45468
SiemensTeamcenter Visualizati...7.8HIGH

Memory Corruption Vulnerability in Tecnomatix Plant Simulation

CVE-2024-45467
SiemensTeamcenter Visualizati...7.8HIGH

Tecnomatix Plant Simulation Vulnerability: Execution of Code in Context of Current Process Possible

CVE-2024-45466
SiemensTeamcenter Visualizati...7.8HIGH

Vulnerability in Tecnomatix Plant Simulation Could Allow Execution of Code

CVE-2024-45465
SiemensTeamcenter Visualizati...7.8HIGH

Vulnerability in Tecnomatix Plant Simulation Could Allow Code Execution

CVE-2024-45464
SiemensTeamcenter Visualizati...7.8HIGH

Tecnomatix Plant Simulation Vulnerability Could Allow code Execution

CVE-2024-45463
SiemensTeamcenter Visualizati...7.8HIGH

Heap-Based Buffer Overflow Vulnerability Affects Simcenter Nastran

CVE-2024-41981
SiemensSimcenter Femap V23067.8HIGH

Stack-based buffer overflow vulnerability in JT2Go could allow code execution

CVE-2024-41902
SiemensJt2go7.8HIGH

Vulnerability Alert: 4-Digit PIN Insufficient Protection Against Brute-Force Attacks

CVE-2024-41798
SiemensSentron 7km Pac32009.8CRITICAL

Unauthenticated Escape Vulnerability in HiMed Cockpit

CVE-2023-52952
SiemensHimed Cockpit 12 Pro8.5HIGH

September 10

Unauthenticated Remote Attacker Could Impersonate Other Devices via Validation Vulnerability

CVE-2024-45032
SiemensIndustrial Edge Manage...10CRITICAL

Automation License Manager Vulnerability Could Lead to Remote Code Execution

CVE-2024-44087
SiemensAutomation License Man...8.6HIGH

Insertion of Sensitive Information into Log File Vulnerability Affects SINUMERIK Systems

CVE-2024-43781
SiemensSinumerik 828d V45.5MEDIUM

{"SIMATIC S7-200 SMART CPU Firmware Vulnerability Could Lead to Denial of Service","SIMATIC S7-200 SMART CPU Affected by TCP Packet Structure Error","Unplugging Network Cable Can Restore Normal Operations for SIMATIC S7-200 SMART CPU"}

CVE-2024-43647
SiemensSimatic S7-200 Smart C...7.5HIGH

Remote Access Vulnerability in SINEMA Remote Connect Server Could Allow Circumvention of Additional Multi-Factor Authentication

CVE-2024-42345
SiemensSinema Remote Connect ...4.3MEDIUM

SINEMA Remote Connect Client Vulnerability Could Compromise Confidentiality

CVE-2024-42344
SiemensSinema Remote Connect ...5.5MEDIUM

SINUMERIK Devices Vulnerable to Privilege Escalation Attacks

CVE-2024-41171
SiemensSinumerik 828d V48.8HIGH

Stack Based Overflow Vulnerability in Tecnomatix Plant Simulation

CVE-2024-41170
SiemensTecnomatix Plant Simul...7.8HIGH

SIMATIC Reader vulnerability could lead to sensitive information disclosure

CVE-2024-37995
SiemensSimatic Reader Rf610r ...9.1CRITICAL

Hidden Configuration Item Could Lead to Deployment Insights

CVE-2024-37994
SiemensSimatic Reader Rf610r ...7.1HIGH

Affected applications do not authenticate the creation of Ajax2App instances

CVE-2024-37993
SiemensSimatic Reader Rf610r ...7.5HIGH

SIMATIC Reader vulnerabilities due to error handling

CVE-2024-37992
SiemensSimatic Reader Rf610r ...7.5HIGH

Sensitive Information Accessible Without Authentication in SIMATIC Reader RF610R, RF615R, RF680R, and Other Products

CVE-2024-37991
SiemensSimatic Reader Rf610r ...6.5MEDIUM

CVE-2024-37990
SiemensSimatic Reader Rf610r ...6.5MEDIUM

Elevated Privileges Vulnerability Affects Siemens' Industrial Automation Products

CVE-2024-35783
SiemensSimatic Batch V9.19.1CRITICAL

CVE-2024-33698
SiemensOpcenter Execution Fou...9.8CRITICAL

Remote Connect Client Vulnerability Allows Bypass of Multi-Factor Authentication Without Logout

CVE-2024-32006
SiemensSinema Remote Connect ...4.3MEDIUM

Vulnerability in Mendix Runtime Could Allow Unauthorized Access to User Data

CVE-2023-49069
SiemensMendix Runtime V105.3MEDIUM

CVE-2023-30756
SiemensSimatic Cp 1242-7 V2 (...5.9MEDIUM

CVE-2023-30755
SiemensSimatic Cp 1242-7 V2 (...4.4MEDIUM

CVE-2023-28827
SiemensSimatic Cp 1242-7 V2 (...5.9MEDIUM

August 13

SCALANCE M804PB Faces Vulnerability in 2FA Log File Injection

CVE-2024-41978
SiemensRuggedcom Rm1224 Lte(4...6.5MEDIUM