cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-26491,https://securityvulnerability.io/vulnerability/CVE-2025-26491,Server-Side Request Forgery Vulnerability in Opcenter Intelligence by Siemens,"A server-side request forgery (SSRF) vulnerability has been discovered in Opcenter Intelligence, affecting all versions prior to V2501. This security flaw could allow an attacker to send unauthorized requests from the server, potentially exposing sensitive internal systems and data. As a result, users of affected versions are advised to apply the necessary patches and update to the latest version to mitigate the risks associated with this vulnerability.",Siemens,Opcenter Intelligence,7.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:29:20.922Z,0
CVE-2025-24812,https://securityvulnerability.io/vulnerability/CVE-2025-24812,Denial of Service Vulnerability in Siemens SIMATIC S7-1200 Series,"A vulnerability exists in several models of the Siemens SIMATIC S7-1200 series that can be exploited via specially crafted packets sent to port 102/tcp. This flaw could enable attackers to trigger a denial of service condition, leading to potential disruptions in device operations.",Siemens,"Simatic S7-1200 Cpu 1211c Ac/dc/rly,Simatic S7-1200 Cpu 1211c Dc/dc/dc,Simatic S7-1200 Cpu 1211c Dc/dc/rly,Simatic S7-1200 Cpu 1212c Ac/dc/rly,Simatic S7-1200 Cpu 1212c Dc/dc/dc,Simatic S7-1200 Cpu 1212c Dc/dc/rly,Simatic S7-1200 Cpu 1212fc Dc/dc/dc,Simatic S7-1200 Cpu 1212fc Dc/dc/rly,Simatic S7-1200 Cpu 1214c Ac/dc/rly,Simatic S7-1200 Cpu 1214c Dc/dc/dc,Simatic S7-1200 Cpu 1214c Dc/dc/rly,Simatic S7-1200 Cpu 1214fc Dc/dc/dc,Simatic S7-1200 Cpu 1214fc Dc/dc/rly,Simatic S7-1200 Cpu 1215c Ac/dc/rly,Simatic S7-1200 Cpu 1215c Dc/dc/dc,Simatic S7-1200 Cpu 1215c Dc/dc/rly,Simatic S7-1200 Cpu 1215fc Dc/dc/dc,Simatic S7-1200 Cpu 1215fc Dc/dc/rly,Simatic S7-1200 Cpu 1217c Dc/dc/dc,Siplus S7-1200 Cpu 1212 Ac/dc/rly,Siplus S7-1200 Cpu 1212 Dc/dc/rly,Siplus S7-1200 Cpu 1212c Dc/dc/dc,Siplus S7-1200 Cpu 1212c Dc/dc/dc Rail,Siplus S7-1200 Cpu 1214 Ac/dc/rly,Siplus S7-1200 Cpu 1214 Dc/dc/dc,Siplus S7-1200 Cpu 1214 Dc/dc/rly,Siplus S7-1200 Cpu 1214c Dc/dc/dc Rail,Siplus S7-1200 Cpu 1214fc Dc/dc/dc,Siplus S7-1200 Cpu 1214fc Dc/dc/rly,Siplus S7-1200 Cpu 1215 Ac/dc/rly,Siplus S7-1200 Cpu 1215 Dc/dc/dc,Siplus S7-1200 Cpu 1215 Dc/dc/rly,Siplus S7-1200 Cpu 1215c Dc/dc/dc,Siplus S7-1200 Cpu 1215fc Dc/dc/dc",7.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:29:16.319Z,0
CVE-2025-24811,https://securityvulnerability.io/vulnerability/CVE-2025-24811,Denial of Service Vulnerability in Siemens SIMATIC S7-1200 Products,"The identified vulnerability in several models of Siemens SIMATIC S7-1200 CPUs allows unauthenticated attackers to disrupt device operation. Specifically, devices fail to properly handle specially crafted packets sent to port 80/tcp, potentially resulting in denial of service conditions. Such vulnerabilities may affect critical operations within industrial environments and require prompt attention to mitigate risks.",Siemens,"Simatic S7-1200 Cpu 1211c Ac/dc/rly,Simatic S7-1200 Cpu 1211c Dc/dc/dc,Simatic S7-1200 Cpu 1211c Dc/dc/rly,Simatic S7-1200 Cpu 1212c Ac/dc/rly,Simatic S7-1200 Cpu 1212c Dc/dc/dc,Simatic S7-1200 Cpu 1212c Dc/dc/rly,Simatic S7-1200 Cpu 1212fc Dc/dc/dc,Simatic S7-1200 Cpu 1212fc Dc/dc/rly,Simatic S7-1200 Cpu 1214c Ac/dc/rly,Simatic S7-1200 Cpu 1214c Dc/dc/dc,Simatic S7-1200 Cpu 1214c Dc/dc/rly,Simatic S7-1200 Cpu 1214fc Dc/dc/dc,Simatic S7-1200 Cpu 1214fc Dc/dc/rly,Simatic S7-1200 Cpu 1215c Ac/dc/rly,Simatic S7-1200 Cpu 1215c Dc/dc/dc,Simatic S7-1200 Cpu 1215c Dc/dc/rly,Simatic S7-1200 Cpu 1215fc Dc/dc/dc,Simatic S7-1200 Cpu 1215fc Dc/dc/rly,Simatic S7-1200 Cpu 1217c Dc/dc/dc,Siplus S7-1200 Cpu 1212 Ac/dc/rly,Siplus S7-1200 Cpu 1212 Dc/dc/rly,Siplus S7-1200 Cpu 1212c Dc/dc/dc,Siplus S7-1200 Cpu 1212c Dc/dc/dc Rail,Siplus S7-1200 Cpu 1214 Ac/dc/rly,Siplus S7-1200 Cpu 1214 Dc/dc/dc,Siplus S7-1200 Cpu 1214 Dc/dc/rly,Siplus S7-1200 Cpu 1214c Dc/dc/dc Rail,Siplus S7-1200 Cpu 1214fc Dc/dc/dc,Siplus S7-1200 Cpu 1214fc Dc/dc/rly,Siplus S7-1200 Cpu 1215 Ac/dc/rly,Siplus S7-1200 Cpu 1215 Dc/dc/dc,Siplus S7-1200 Cpu 1215 Dc/dc/rly,Siplus S7-1200 Cpu 1215c Dc/dc/dc,Siplus S7-1200 Cpu 1215fc Dc/dc/dc",8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:29:14.081Z,0
CVE-2025-24499,https://securityvulnerability.io/vulnerability/CVE-2025-24499,Input Validation Flaw in SCALANCE Networking Products by Siemens,"A vulnerability has been discovered in various SCALANCE devices from Siemens, including WAB762-1 and WAM series, where the devices fail to properly validate input during configuration file loading. This oversight could grant an authenticated remote attacker the ability to execute arbitrary shell commands on the affected devices, potentially compromising their integrity and security. Users are advised to upgrade to the latest versions to mitigate this risk.",Siemens,"Scalance Wab762-1,Scalance Wam763-1,Scalance Wam763-1 (me),Scalance Wam763-1 (us),Scalance Wam766-1,Scalance Wam766-1 (me),Scalance Wam766-1 (us),Scalance Wam766-1 Eec,Scalance Wam766-1 Eec (me),Scalance Wam766-1 Eec (us),Scalance Wub762-1,Scalance Wub762-1 Ifeatures,Scalance Wum763-1,Scalance Wum763-1 (us),Scalance Wum766-1,Scalance Wum766-1 (me),Scalance Wum766-1 (usa)",7.5,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:29:05.987Z,0
CVE-2025-23403,https://securityvulnerability.io/vulnerability/CVE-2025-23403,Improper User Permission Control in Siemens SIMATIC IPC DiagBase and DiagMonitor,"A critical security vulnerability has been detected in Siemens' SIMATIC IPC DiagBase and DiagMonitor. The affected systems fail to enforce proper permissions for their respective registry keys, which may allow authenticated attackers to exploit this flaw. By gaining unauthorized access, attackers could potentially load malicious drivers into the system. This action can lead to privilege escalation, allowing them to bypass existing endpoint protection and other security measures, thereby compromising system integrity and data security.",Siemens,"Simatic Ipc Diagbase,Simatic Ipc Diagmonitor",7.3,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:29:04.193Z,0
CVE-2024-54089,https://securityvulnerability.io/vulnerability/CVE-2024-54089,Weak Encryption Vulnerability in APOGEE PXC and TALON TC Series by Siemens,"A critical vulnerability exists in various models of Siemens APOGEE PXC and TALON TC Series devices due to a weak encryption scheme relying on a hard-coded key. This vulnerability enables attackers to potentially deduce or decrypt sensitive passwords from intercepted cyphertext, thereby compromising the security of affected systems. Organizations using these devices should assess their infrastructure and implement necessary safeguards to mitigate potential threats stemming from this weakness.",Siemens,"Apogee Pxc Series (bacnet),Apogee Pxc Series (p2 Ethernet),Talon Tc Series (bacnet)",8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:29:00.200Z,0
CVE-2024-54015,https://securityvulnerability.io/vulnerability/CVE-2024-54015,Unvalidated SNMP GET Requests in SIEMENS SIPROTEC 5 Devices,"A security flaw in various SIEMENS SIPROTEC 5 devices has been identified where these devices fail to properly validate SNMP GET requests. An unauthenticated remote attacker can exploit this vulnerability to retrieve sensitive information by issuing SNMPv2 GET requests, potentially using default credentials. This lack of validation poses a significant risk, as it could lead to unauthorized access to critical device information, making it essential for affected users to apply the recommended mitigations swiftly.",Siemens,"Siprotec 5 6md84 (cp300),Siprotec 5 6md85 (cp300),Siprotec 5 6md86 (cp300),Siprotec 5 6md89 (cp300),Siprotec 5 6mu85 (cp300),Siprotec 5 7ke85 (cp300),Siprotec 5 7sa82 (cp150),Siprotec 5 7sa86 (cp300),Siprotec 5 7sa87 (cp300),Siprotec 5 7sd82 (cp150),Siprotec 5 7sd86 (cp300),Siprotec 5 7sd87 (cp300),Siprotec 5 7sj81 (cp150),Siprotec 5 7sj82 (cp150),Siprotec 5 7sj85 (cp300),Siprotec 5 7sj86 (cp300),Siprotec 5 7sk82 (cp150),Siprotec 5 7sk85 (cp300),Siprotec 5 7sl82 (cp150),Siprotec 5 7sl86 (cp300),Siprotec 5 7sl87 (cp300),Siprotec 5 7ss85 (cp300),Siprotec 5 7st85 (cp300),Siprotec 5 7st86 (cp300),Siprotec 5 7sx82 (cp150),Siprotec 5 7sx85 (cp300),Siprotec 5 7sy82 (cp150),Siprotec 5 7um85 (cp300),Siprotec 5 7ut82 (cp150),Siprotec 5 7ut85 (cp300),Siprotec 5 7ut86 (cp300),Siprotec 5 7ut87 (cp300),Siprotec 5 7ve85 (cp300),Siprotec 5 7vk87 (cp300),Siprotec 5 7vu85 (cp300),Siprotec 5 Communication Module Eth-ba-2el (rev.2),Siprotec 5 Communication Module Eth-bb-2fo (rev. 2),Siprotec 5 Communication Module Eth-bd-2fo,Siprotec 5 Compact 7sx800 (cp050)",8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:28:58.684Z,0
CVE-2024-53648,https://securityvulnerability.io/vulnerability/CVE-2024-53648,Development Shell Access Vulnerability in SIPROTEC 5 Products by Siemens,"A significant vulnerability exists in several models of the SIPROTEC 5 series from Siemens, which fails to properly restrict access to a development shell over a physical interface. This weakness could enable an unauthenticated attacker with physical access to the device to execute arbitrary commands, potentially compromising the integrity and security of the affected systems.",Siemens,"Siprotec 5 6md84 (cp300),Siprotec 5 6md85 (cp200),Siprotec 5 6md85 (cp300),Siprotec 5 6md86 (cp200),Siprotec 5 6md86 (cp300),Siprotec 5 6md89 (cp300),Siprotec 5 6mu85 (cp300),Siprotec 5 7ke85 (cp200),Siprotec 5 7ke85 (cp300),Siprotec 5 7sa82 (cp100),Siprotec 5 7sa82 (cp150),Siprotec 5 7sa86 (cp200),Siprotec 5 7sa86 (cp300),Siprotec 5 7sa87 (cp200),Siprotec 5 7sa87 (cp300),Siprotec 5 7sd82 (cp100),Siprotec 5 7sd82 (cp150),Siprotec 5 7sd86 (cp200),Siprotec 5 7sd86 (cp300),Siprotec 5 7sd87 (cp200),Siprotec 5 7sd87 (cp300),Siprotec 5 7sj81 (cp100),Siprotec 5 7sj81 (cp150),Siprotec 5 7sj82 (cp100),Siprotec 5 7sj82 (cp150),Siprotec 5 7sj85 (cp200),Siprotec 5 7sj85 (cp300),Siprotec 5 7sj86 (cp200),Siprotec 5 7sj86 (cp300),Siprotec 5 7sk82 (cp100),Siprotec 5 7sk82 (cp150),Siprotec 5 7sk85 (cp200),Siprotec 5 7sk85 (cp300),Siprotec 5 7sl82 (cp100),Siprotec 5 7sl82 (cp150),Siprotec 5 7sl86 (cp200),Siprotec 5 7sl86 (cp300),Siprotec 5 7sl87 (cp200),Siprotec 5 7sl87 (cp300),Siprotec 5 7ss85 (cp200),Siprotec 5 7ss85 (cp300),Siprotec 5 7st85 (cp200),Siprotec 5 7st85 (cp300),Siprotec 5 7st86 (cp300),Siprotec 5 7sx82 (cp150),Siprotec 5 7sx85 (cp300),Siprotec 5 7sy82 (cp150),Siprotec 5 7um85 (cp300),Siprotec 5 7ut82 (cp100),Siprotec 5 7ut82 (cp150),Siprotec 5 7ut85 (cp200),Siprotec 5 7ut85 (cp300),Siprotec 5 7ut86 (cp200),Siprotec 5 7ut86 (cp300),Siprotec 5 7ut87 (cp200),Siprotec 5 7ut87 (cp300),Siprotec 5 7ve85 (cp300),Siprotec 5 7vk87 (cp200),Siprotec 5 7vk87 (cp300),Siprotec 5 7vu85 (cp300),Siprotec 5 Compact 7sx800 (cp050)",7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:28:52.039Z,0
CVE-2024-45386,https://securityvulnerability.io/vulnerability/CVE-2024-45386,Session Management Flaw in SIMATIC PCS neo and Related Siemens Products,"A session management vulnerability exists in multiple Siemens products, including SIMATIC PCS neo. The issue arises from the failure to properly invalidate user sessions following logout. As a result, remote attackers could potentially exploit this flaw by reusing session tokens collected through unauthorized means, thereby gaining access to user accounts and sensitive information even after legitimate users have logged out.",Siemens,"Simatic Pcs Neo V4.0,Simatic Pcs Neo V4.1,Simatic Pcs Neo V5.0,Simocode Es V19,Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Administrator",8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:28:44.675Z,0
CVE-2024-56841,https://securityvulnerability.io/vulnerability/CVE-2024-56841,LDAP Injection Vulnerability in Mendix by Siemens,"A serious vulnerability exists in Mendix LDAP versions prior to 1.1.2, allowing attackers to exploit LDAP injection flaws. This weakness enables an unauthenticated remote attacker to bypass user authentication mechanisms, potentially gaining unauthorized access to sensitive system information. Organizations using affected versions should implement immediate measures to mitigate risks and ensure their systems remain secure.",Siemens,,7.4,HIGH,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-14T11:15:00.000Z,0
CVE-2024-53649,https://securityvulnerability.io/vulnerability/CVE-2024-53649,Webserver Path Exposure in SIPROTEC 5 Series by Siemens,"A vulnerability exists in multiple SIPROTEC 5 devices that allows authenticated remote attackers to exploit webserver misconfigurations. The flaw permits unauthorized access to arbitrary files on the system, potentially leading to data leaks or further attacks. Users are advised to bolster security measures to prevent exploitation of this oversight.",Siemens,"Siprotec 5 6md84 (cp300),Siprotec 5 6md85 (cp300),Siprotec 5 6md86 (cp300),Siprotec 5 6md89 (cp300),Siprotec 5 6mu85 (cp300),Siprotec 5 7ke85 (cp300),Siprotec 5 7sa82 (cp100),Siprotec 5 7sa82 (cp150),Siprotec 5 7sa86 (cp300),Siprotec 5 7sa87 (cp300),Siprotec 5 7sd82 (cp100),Siprotec 5 7sd82 (cp150),Siprotec 5 7sd86 (cp300),Siprotec 5 7sd87 (cp300),Siprotec 5 7sj81 (cp100),Siprotec 5 7sj81 (cp150),Siprotec 5 7sj82 (cp100),Siprotec 5 7sj82 (cp150),Siprotec 5 7sj85 (cp300),Siprotec 5 7sj86 (cp300),Siprotec 5 7sk82 (cp100),Siprotec 5 7sk82 (cp150),Siprotec 5 7sk85 (cp300),Siprotec 5 7sl82 (cp100),Siprotec 5 7sl82 (cp150),Siprotec 5 7sl86 (cp300),Siprotec 5 7sl87 (cp300),Siprotec 5 7ss85 (cp300),Siprotec 5 7st85 (cp300),Siprotec 5 7st86 (cp300),Siprotec 5 7sx82 (cp150),Siprotec 5 7sx85 (cp300),Siprotec 5 7sy82 (cp150),Siprotec 5 7um85 (cp300),Siprotec 5 7ut82 (cp100),Siprotec 5 7ut82 (cp150),Siprotec 5 7ut85 (cp300),Siprotec 5 7ut86 (cp300),Siprotec 5 7ut87 (cp300),Siprotec 5 7ve85 (cp300),Siprotec 5 7vk87 (cp300),Siprotec 5 7vu85 (cp300),Siprotec 5 Compact 7sx800 (cp050)",7.1,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-14T11:15:00.000Z,0
CVE-2024-47100,https://securityvulnerability.io/vulnerability/CVE-2024-47100,CSRF Vulnerability in Siemens SIMATIC S7-1200 CPUs,"This vulnerability allows unauthenticated attackers to exploit the web interface of the affected Siemens SIMATIC S7-1200 CPUs. By utilizing Cross-Site Request Forgery (CSRF) techniques, an attacker could potentially manipulate CPU settings by tricking a legitimate user with sufficient permissions to click on a malicious link. This manipulation could lead to unauthorized changes in operational modes, significantly affecting system integrity and security.",Siemens,,7.1,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T11:15:00.000Z,0
CVE-2024-49775,https://securityvulnerability.io/vulnerability/CVE-2024-49775,Heap-Based Buffer Overflow in Siemens Automation Products,"CVE-2024-49775 identifies a critical heap-based buffer overflow vulnerability affecting multiple Siemens automation products, including the Opcenter suite and the Totally Integrated Automation Portal (TIA Portal). This vulnerability resides in the integrated UMC component and could allow an unauthenticated remote attacker to execute arbitrary code. Given the widespread use of these products in industrial environments, the implications of such exploitation could lead to severe operational disruptions. Siemens has acknowledged this vulnerability in all listed versions and it is imperative for users to assess their current configurations and apply necessary mitigations.",Siemens,"Opcenter Execution Foundation,Opcenter Intelligence,Opcenter Quality,Opcenter Rdl,Simatic Pcs Neo V4.0,Simatic Pcs Neo V4.1,Simatic Pcs Neo V5.0,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-12-16T15:06:04.714Z,184
CVE-2024-54095,https://securityvulnerability.io/vulnerability/CVE-2024-54095,Integer Underflow Vulnerability in Solid Edge SE2024 Could Allow Code Execution,"A vulnerability exists in Solid Edge SE2024 affecting all versions prior to V224.0 Update 10. This vulnerability is an integer underflow that can be exploited by attackers through specially crafted PAR files. When the application parses these files, it may enable the execution of arbitrary code within the context of the current process, posing significant risks to system integrity and user data.",Siemens,Solid Edge Se2024,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-10T13:54:21.335Z,0
CVE-2024-54094,https://securityvulnerability.io/vulnerability/CVE-2024-54094,Heap-Based Buffer Overflow Vulnerability Affects Solid Edge SE2024,"A heap-based buffer overflow vulnerability exists in Siemens' Solid Edge SE2024, impacting all versions prior to V224.0 Update 5. This vulnerability arises during the processing of specially crafted PAR files, potentially allowing an attacker to execute arbitrary code within the context of the affected process. Prompt mitigation measures are advisable to safeguard systems against exploitation of this flaw.",Siemens,Solid Edge Se2024,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-10T13:54:20.014Z,0
CVE-2024-54093,https://securityvulnerability.io/vulnerability/CVE-2024-54093,Heap-Based Buffer Overflow Vulnerability Affects Solid Edge SE2024,"A heap-based buffer overflow vulnerability exists in Solid Edge SE2024 which affects all versions prior to V224.0 Update 5. This flaw is triggered while processing specially crafted ASM files, which can lead to potential code execution in the context of the current process. Attackers who exploit this vulnerability could take control of the affected system, posing significant risks to users and organizations utilizing this software. Immediate updates and security measures are recommended to mitigate the threat.",Siemens,Solid Edge Se2024,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-10T13:54:18.597Z,0
CVE-2024-54091,https://securityvulnerability.io/vulnerability/CVE-2024-54091,Parasolid Vulnerability Could Allow Execution of Code in Context of Current Process,"A critical vulnerability has been identified in the Parasolid software, specifically affecting versions of Parasolid V36.1 prior to V36.1.225 and V37.0 prior to V37.0.173. This flaw manifests as an out of bounds write past the end of an allocated buffer when processing X_T data or handling specially crafted files in X_T format. Exploitation of this vulnerability could enable an attacker to execute arbitrary code within the context of the currently running process, posing significant security risks to users.",Siemens,"Parasolid V36.1,Parasolid V37.0",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T13:54:17.315Z,0
CVE-2024-53242,https://securityvulnerability.io/vulnerability/CVE-2024-53242,Siemens Teamcenter Visualization Vulnerability Affects Multiple Releases,"A vulnerability has been discovered in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation products, which involves an out of bounds read past the end of an allocated structure. This vulnerability occurs during the parsing of specially crafted WRL files, potentially enabling an attacker to execute code within the context of the current process. Users of the affected versions should implement the recommended updates provided by Siemens to mitigate this risk.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-10T13:54:13.403Z,0
CVE-2024-53041,https://securityvulnerability.io/vulnerability/CVE-2024-53041,Siemens Teamcenter Visualization Vulnerability: Stack-Based Overflow in WRL File Processing,"A stack-based overflow vulnerability has been detected in multiple versions of Teamcenter Visualization and Tecnomatix Plant Simulation. The flaw occurs when these applications parse specially crafted WRL files. This vulnerability may enable an attacker to execute arbitrary code within the context of the current process, thereby posing a significant risk to users and systems relying on these applications. The affected versions span across Teamcenter Visualization V14.2, V14.3, and V2312, as well as multiple iterations of Tecnomatix Plant Simulation, necessitating prompt attention for those utilizing these products.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-12-10T13:54:12.113Z,0
CVE-2024-52051,https://securityvulnerability.io/vulnerability/CVE-2024-52051,"{""Vulnerability in Siemens PLCs and SCADA Systems Could Allow Arbitrary Code Execution""}","A vulnerability exists in various Siemens products, including SIMATIC S7-PLCSIM and TIA Portal, due to improper sanitization of user-controllable input when processing user settings. This flaw could enable local attackers to execute arbitrary commands on the host operating system, leveraging the privileges of the user running the affected software. Organizations utilizing these products should prioritize updates and apply security measures to mitigate potential risks.",Siemens,"Simatic S7-plcsim V17,Simatic S7-plcsim V18,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 Safety V19,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Step 7 V19,Simatic Wincc Unified Pc Runtime V18,Simatic Wincc Unified Pc Runtime V19,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc Unified V19,Simatic Wincc V17,Simatic Wincc V18,Simatic Wincc V19,Simocode Es V17,Simocode Es V18,Simocode Es V19,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Simotion Scout Tia V5.6 Sp1,Sinamics Startdrive V17,Sinamics Startdrive V18,Sinamics Startdrive V19,Sirius Safety Es V17 (tia Portal),Sirius Safety Es V18 (tia Portal),Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V17 (tia Portal),Sirius Soft Starter Es V18 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Portal Cloud V17,Tia Portal Cloud V18,Tia Portal Cloud V19",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T13:53:57.576Z,0
CVE-2024-49849,https://securityvulnerability.io/vulnerability/CVE-2024-49849,"{""Vulnerability in Siemens Products Could Allow Arbitrary Code Execution""}","A vulnerability has been identified across multiple versions and products within Siemens' SIMATIC and TIA Portal lines. The flaw involves inadequate sanitization of user-controllable input when parsing log files, potentially allowing an attacker to exploit this weakness. This exploitation may lead to type confusion and the execution of arbitrary code within the affected applications, compromising operational integrity and security.",Siemens,"Simatic S7-plcsim V16,Simatic S7-plcsim V17,Simatic Step 7 Safety V16,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 Safety V19,Simatic Step 7 V16,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Step 7 V19,Simatic Wincc Unified V16,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc Unified V19,Simatic Wincc V16,Simatic Wincc V17,Simatic Wincc V18,Simatic Wincc V19,Simocode Es V16,Simocode Es V17,Simocode Es V18,Simocode Es V19,Simotion Scout Tia V5.4 Sp1,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Simotion Scout Tia V5.6 Sp1,Sinamics Startdrive V16,Sinamics Startdrive V17,Sinamics Startdrive V18,Sinamics Startdrive V19,Sirius Safety Es V17 (tia Portal),Sirius Safety Es V18 (tia Portal),Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V17 (tia Portal),Sirius Soft Starter Es V18 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Portal Cloud V16,Tia Portal Cloud V17,Tia Portal Cloud V18,Tia Portal Cloud V19",7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-10T13:53:56.043Z,0
CVE-2020-28398,https://securityvulnerability.io/vulnerability/CVE-2020-28398,Cross-Site Request Forgery (CSRF) Vulnerability Affects RUGGEDCOM ROX Devices,"A vulnerability exists in the command-line interface (CLI) feature within the web interface of several RUGGEDCOM ROX products. This vulnerability can be exploited through cross-site request forgery (CSRF), allowing attackers to manipulate device configurations. If a legitimate user is tricked into clicking a malicious link, an attacker may gain unauthorized access to modify device settings. It is essential for organizations using affected RUGGEDCOM products to update their systems to version 2.16.0 or later to mitigate potential risks.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",8.8,HIGH,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-12-10T13:53:19.090Z,0
CVE-2024-52335,https://securityvulnerability.io/vulnerability/CVE-2024-52335,Vulnerability in syngo.plaza VB30E Allows Execution of Malicious SQL Commands,"A security vulnerability exists in the syngo.plaza VB30E application developed by Siemens Healthineers. The flaw arises from insufficient input data sanitization before it is processed by the SQL server. This gap in security allows attackers with access to the application to insert and execute harmful SQL commands, potentially leading to unauthorized access and manipulation of the entire database, which could severely compromise sensitive medical data.",Siemens,Syngo.plaza Vb30e,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-12-06T13:14:16.935Z,0
CVE-2024-52565,https://securityvulnerability.io/vulnerability/CVE-2024-52565,Out of Bounds Write Vulnerability in Teamcenter and Tecnomatix Products by Siemens,"A vulnerability exists in Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation products that may lead to an out-of-bounds write condition when processing specially crafted WRL files. This flaw allows an attacker to potentially execute arbitrary code within the context of the application, posing significant security risks. The affected products include various versions of Teamcenter Visualization and Tecnomatix Plant Simulation, requiring immediate attention to update to secure versions as specified in Siemens' advisories.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T16:15:00.000Z,0
CVE-2024-52566,https://securityvulnerability.io/vulnerability/CVE-2024-52566,Out of Bounds Write Vulnerability in Teamcenter Visualization and Tecnomatix Plant Simulation,"A vulnerability has been discovered in specific versions of Teamcenter Visualization and Tecnomatix Plant Simulation, which exposes the applications to an out of bounds write error when processing specially crafted WRL files. This flaw can allow an attacker to execute arbitrary code within the context of the current process, presenting significant security implications. Users of the affected versions should prioritize updating their software to mitigate potential risks. Detailed information and remediation steps can be found through the Siemens security alerts.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T16:15:00.000Z,0