HMS Networks Ewon Flexy and Cosy
1. EXECUTIVE SUMMARY CVSS v3 2.3 ATTENTION: Low skill level to exploit Vendor: HMS Networks Equipment: Ewon Flexy and Cosy Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to retrieve limited confidential information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
Siemens SIMATIC RTLS Locating Manager
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC RTLS Locating Manager Vulnerabilities: Incorrect Default Permissions, Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a privileged local user to escalate privileges. 3. TECHNICAL DETAILS 3.1…
Siemens License Management Utility
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: License Management Utility Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local users to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of License…
Siemens Spectrum Power
1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Spectrum Power Vulnerabilities: Cleartext Storage of Sensitive Information, Exposure of Information Through Directory Listing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized attacker to retrieve a list of software users, or in certain…
Siemens Polarion Subversion Webclient
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Polarion Subversion Webclient Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS), Cross-site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities where an attacker injects client-side…
Siemens Siveillance Video Client
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siveillance Video Client Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain valid administrator login names and use this information to launch…
Siemens SIMATIC HMI Products
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC HMI Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Primary Weakness 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to discover user passwords and obtain…
Wibu-Systems CodeMeter
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wibu-Systems AG Equipment: CodeMeter Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release 2. UPDATE INFORMATION This updated…
Siemens UMC Stack (Update B)
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-196-05 Siemens UMC Stack (Update…
Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update C)
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update B)…
Stay connected