Filtered by vendor Siemens
Subscribe
Total
1751 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1971 | 8 Debian, Fedoraproject, Netapp and 5 more | 46 Debian Linux, Fedora, Active Iq Unified Manager and 43 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). | |||||
| CVE-2020-8265 | 5 Debian, Fedoraproject, Nodejs and 2 more | 5 Debian Linux, Fedora, Node.js and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. | |||||
| CVE-2020-26984 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972) | |||||
| CVE-2020-26989 | 1 Siemens | 3 Jt2go, Solid Edge, Teamcenter Visualization | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892) | |||||
| CVE-2021-22884 | 5 Fedoraproject, Netapp, Nodejs and 2 more | 13 Fedora, Active Iq Unified Manager, E-series Performance Analyzer and 10 more | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
| Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. | |||||
| CVE-2021-22663 | 1 Siemens | 1 Cscape | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-25676 | 1 Siemens | 8 Ruggedcom Rm1224, Ruggedcom Rm1224 Firmware, Scalance M-800 and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. | |||||
| CVE-2021-25178 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Comos, Jt2go and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. | |||||
| CVE-2020-26999 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042) | |||||
| CVE-2020-7591 | 1 Siemens | 1 Siport Mp | 2023-12-10 | 8.5 HIGH | 8.8 HIGH |
| A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled. | |||||
| CVE-2020-25234 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2023-12-10 | 3.6 LOW | 7.7 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files. | |||||
| CVE-2020-27001 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041) | |||||
| CVE-2021-25176 | 2 Opendesign, Siemens | 4 Drawings Software Development Kit, Comos, Jt2go and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | |||||
| CVE-2020-25230 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device. | |||||
| CVE-2020-15783 | 1 Siemens | 24 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 312 Firmware, Simatic S7-300 Cpu 314 and 21 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service. | |||||
| CVE-2020-15793 | 1 Siemens | 1 Desigo Insight | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker. | |||||
| CVE-2019-19283 | 1 Siemens | 1 Xhq | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The application's web server could expose non-sensitive information about the server's architecture. This could allow an attacker to adapt further attacks to the version in place. | |||||
| CVE-2020-7578 | 1 Siemens | 1 Opcenter Execution Core | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes. | |||||
| CVE-2019-20839 | 5 Canonical, Debian, Libvnc Project and 2 more | 16 Ubuntu Linux, Debian Linux, Libvncserver and 13 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | |||||
| CVE-2020-15784 | 1 Siemens | 1 Spectrum Power 4 | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. | |||||