Siemens

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-8177 5Debian FujitsuHaxx+2 more 10Curl Debian LinuxM10 1 Firmware+7 more Jun 17, 2026 Dec 14, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
CVE-2020-8169 4Debian HaxxSiemens+1 more 5Curl Debian LinuxSimatic Tim 1531 Irc Firmware+2 more Jun 17, 2026 Dec 14, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
CVE-2020-17437 3Open Iscsi Project SiemensUip Project 11Open Iscsi Sentron 3va Com100 FirmwareSentron 3va Com800 Firmware+8 more Jun 17, 2026 Dec 11, 2020 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of th...Show more An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.Show less
CVE-2020-13987 3Open Iscsi Project SiemensUip Project 6Open Iscsi Sentron 3va Com100 FirmwareSentron 3va Com800 Firmware+3 more Jun 17, 2026 Dec 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
CVE-2020-7793 2Siemens Ua Parser Js Project 2Sinec Ins Ua Parser Js Jun 17, 2026 Dec 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
CVE-2020-1971 8Debian FedoraprojectNetapp+5 more 44Active Iq Unified Manager Aff A250 FirmwareApi Gateway+41 more Jun 17, 2026 Dec 8, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of...Show more The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).Show less
CVE-2020-7774 3Oracle SiemensY18n Project 3Graalvm Sinec Infrastructure Network ServicesY18n Jun 17, 2026 Nov 17, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
CVE-2020-15783 1Siemens 12Simatic S7 300 Cpu 312 Firmware Simatic S7 300 Cpu 314 FirmwareSimatic S7 300 Cpu 315 2 Dp Firmware+9 more Jun 17, 2026 Nov 12, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specia...Show more A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.Show less
CVE-2020-8745 2Intel Siemens 22Converged Security And Manageability Engine Simatic Drive Controller FirmwareSimatic Et200sp 1515sp Pc2 Firmware+19 more Jun 17, 2026 Nov 12, 2020 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow...Show more Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.Show less
CVE-2020-8744 2Intel Siemens 6Converged Security And Management Engine Server Platform ServicesSimatic S7 1500 Firmware+3 more Jun 17, 2026 Nov 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileg...Show more Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.Show less
CVE-2020-8698 5Debian FedoraprojectIntel+2 more 17Clustered Data Ontap Debian LinuxFedora+14 more Jun 17, 2026 Nov 12, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-0591 2Intel Siemens 3Bios Simatic Cpu 1518 4 FirmwareSimatic Cpu 1518f 4 Firmware Jun 17, 2026 Nov 12, 2020 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-0590 3Intel NetappSiemens 137Cloud Backup Clustered Data OntapFas/aff Bios+134 more Jun 17, 2026 Nov 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-28168 2Axios Siemens 2Axios Sinec Ins Jun 17, 2026 Nov 6, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
CVE-2019-17007 2Mozilla Siemens 9Network Security Services Ruggedcom Rox Mx5000 FirmwareRuggedcom Rox Rx1400 Firmware+6 more Jun 17, 2026 Oct 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
CVE-2019-17006 3Mozilla NetappSiemens 13Hci Compute Node Hci Management NodeHci Storage Node+10 more Jun 17, 2026 Oct 22, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result...Show more In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.Show less
CVE-2018-18508 2Mozilla Siemens 9Network Security Services Ruggedcom Rox Mx5000 FirmwareRuggedcom Rox Rx1400 Firmware+6 more Nov 21, 2024 Oct 22, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
CVE-2020-7591 1Siemens 1Siport Mp Jun 17, 2026 Oct 15, 2020 N/A· v4 8.8 HIGH· v3 8.5 HIGH· v2 A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administr...Show more A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.Show less
CVE-2020-15794 1Siemens 1Desigo Insight Jun 17, 2026 Oct 15, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve ad...Show more A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated attacker to retrieve additional information about the host system.Show less
CVE-2020-15793 1Siemens 1Desigo Insight Jun 17, 2026 Oct 15, 2020 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticate...Show more A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.Show less

Previous 1...757677...109 Next