cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-56841,https://securityvulnerability.io/vulnerability/CVE-2024-56841,LDAP Injection Vulnerability in Mendix by Siemens,"A serious vulnerability exists in Mendix LDAP versions prior to 1.1.2, allowing attackers to exploit LDAP injection flaws. This weakness enables an unauthenticated remote attacker to bypass user authentication mechanisms, potentially gaining unauthorized access to sensitive system information. Organizations using affected versions should implement immediate measures to mitigate risks and ensure their systems remain secure.",Siemens,,7.4,HIGH,0.000910000002477318,false,false,false,false,false,false,false,2025-01-14T11:15:00.000Z,0
CVE-2024-53649,https://securityvulnerability.io/vulnerability/CVE-2024-53649,Webserver Path Exposure in SIPROTEC 5 Series by Siemens,"A vulnerability exists in multiple SIPROTEC 5 devices that allows authenticated remote attackers to exploit webserver misconfigurations. The flaw permits unauthorized access to arbitrary files on the system, potentially leading to data leaks or further attacks. Users are advised to bolster security measures to prevent exploitation of this oversight.",Siemens,,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,false,false,false,2025-01-14T11:15:00.000Z,0
CVE-2024-45385,https://securityvulnerability.io/vulnerability/CVE-2024-45385,Reflected XSS Vulnerability in Industrial Edge Management OS by Siemens,"A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) affecting all versions, which exposes it to reflected cross-site scripting (XSS) attacks. This security flaw enables attackers to craft malicious links that, when accessed by users, can lead to the unauthorized extraction of sensitive information. Organizations utilizing this product need to implement mitigation measures to safeguard against potential exploit attempts.",Siemens,,4.7,MEDIUM,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-14T11:15:00.000Z,0
CVE-2024-47100,https://securityvulnerability.io/vulnerability/CVE-2024-47100,CSRF Vulnerability in Siemens SIMATIC S7-1200 CPUs,"This vulnerability allows unauthenticated attackers to exploit the web interface of the affected Siemens SIMATIC S7-1200 CPUs. By utilizing Cross-Site Request Forgery (CSRF) techniques, an attacker could potentially manipulate CPU settings by tricking a legitimate user with sufficient permissions to click on a malicious link. This manipulation could lead to unauthorized changes in operational modes, significantly affecting system integrity and security.",Siemens,,7.1,HIGH,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-14T11:15:00.000Z,0
CVE-2024-49775,https://securityvulnerability.io/vulnerability/CVE-2024-49775,Heap-Based Buffer Overflow in Siemens Automation Products,"CVE-2024-49775 identifies a critical heap-based buffer overflow vulnerability affecting multiple Siemens automation products, including the Opcenter suite and the Totally Integrated Automation Portal (TIA Portal). This vulnerability resides in the integrated UMC component and could allow an unauthenticated remote attacker to execute arbitrary code. Given the widespread use of these products in industrial environments, the implications of such exploitation could lead to severe operational disruptions. Siemens has acknowledged this vulnerability in all listed versions and it is imperative for users to assess their current configurations and apply necessary mitigations.",Siemens,"Opcenter Execution Foundation,Opcenter Intelligence,Opcenter Quality,Opcenter Rdl,Simatic Pcs Neo V4.0,Simatic Pcs Neo V4.1,Simatic Pcs Neo V5.0,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19",9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-12-16T15:06:04.714Z,184
CVE-2024-54095,https://securityvulnerability.io/vulnerability/CVE-2024-54095,Integer Underflow Vulnerability in Solid Edge SE2024 Could Allow Code Execution,"A vulnerability exists in Solid Edge SE2024 affecting all versions prior to V224.0 Update 10. This vulnerability is an integer underflow that can be exploited by attackers through specially crafted PAR files. When the application parses these files, it may enable the execution of arbitrary code within the context of the current process, posing significant risks to system integrity and user data.",Siemens,Solid Edge Se2024,7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-12-10T13:54:21.335Z,0
CVE-2024-54094,https://securityvulnerability.io/vulnerability/CVE-2024-54094,Heap-Based Buffer Overflow Vulnerability Affects Solid Edge SE2024,"A heap-based buffer overflow vulnerability exists in Siemens' Solid Edge SE2024, impacting all versions prior to V224.0 Update 5. This vulnerability arises during the processing of specially crafted PAR files, potentially allowing an attacker to execute arbitrary code within the context of the affected process. Prompt mitigation measures are advisable to safeguard systems against exploitation of this flaw.",Siemens,Solid Edge Se2024,7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-12-10T13:54:20.014Z,0
CVE-2024-54093,https://securityvulnerability.io/vulnerability/CVE-2024-54093,Heap-Based Buffer Overflow Vulnerability Affects Solid Edge SE2024,"A heap-based buffer overflow vulnerability exists in Solid Edge SE2024 which affects all versions prior to V224.0 Update 5. This flaw is triggered while processing specially crafted ASM files, which can lead to potential code execution in the context of the current process. Attackers who exploit this vulnerability could take control of the affected system, posing significant risks to users and organizations utilizing this software. Immediate updates and security measures are recommended to mitigate the threat.",Siemens,Solid Edge Se2024,7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-12-10T13:54:18.597Z,0
CVE-2024-54091,https://securityvulnerability.io/vulnerability/CVE-2024-54091,Parasolid Vulnerability Could Allow Execution of Code in Context of Current Process,"A critical vulnerability has been identified in the Parasolid software, specifically affecting versions of Parasolid V36.1 prior to V36.1.225 and V37.0 prior to V37.0.173. This flaw manifests as an out of bounds write past the end of an allocated buffer when processing X_T data or handling specially crafted files in X_T format. Exploitation of this vulnerability could enable an attacker to execute arbitrary code within the context of the currently running process, posing significant security risks to users.",Siemens,"Parasolid V36.1,Parasolid V37.0",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T13:54:17.315Z,0
CVE-2024-54005,https://securityvulnerability.io/vulnerability/CVE-2024-54005,COMOS PDMS/E3D Interface Vulnerability Could Allow File Extraction,"A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems.",Siemens,"Comos V10.3,Comos V10.4.0,Comos V10.4.1,Comos V10.4.2,Comos V10.4.3,Comos V10.4.4,Comos V10.4.4.1",5.1,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-12-10T13:54:15.994Z,0
CVE-2024-53832,https://securityvulnerability.io/vulnerability/CVE-2024-53832,Secure Element Vulnerability Exposes Password and Update Files to Physical Attack,"A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.",Siemens,Cpci85 Central Processing/communication,4.6,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-12-10T13:54:14.682Z,0
CVE-2024-53242,https://securityvulnerability.io/vulnerability/CVE-2024-53242,Siemens Teamcenter Visualization Vulnerability Affects Multiple Releases,"A vulnerability has been discovered in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation products, which involves an out of bounds read past the end of an allocated structure. This vulnerability occurs during the parsing of specially crafted WRL files, potentially enabling an attacker to execute code within the context of the current process. Users of the affected versions should implement the recommended updates provided by Siemens to mitigate this risk.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-12-10T13:54:13.403Z,0
CVE-2024-53041,https://securityvulnerability.io/vulnerability/CVE-2024-53041,Siemens Teamcenter Visualization Vulnerability: Stack-Based Overflow in WRL File Processing,"A stack-based overflow vulnerability has been detected in multiple versions of Teamcenter Visualization and Tecnomatix Plant Simulation. The flaw occurs when these applications parse specially crafted WRL files. This vulnerability may enable an attacker to execute arbitrary code within the context of the current process, thereby posing a significant risk to users and systems relying on these applications. The affected versions span across Teamcenter Visualization V14.2, V14.3, and V2312, as well as multiple iterations of Tecnomatix Plant Simulation, necessitating prompt attention for those utilizing these products.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.000590000010561198,false,false,false,false,,false,false,2024-12-10T13:54:12.113Z,0
CVE-2024-52051,https://securityvulnerability.io/vulnerability/CVE-2024-52051,"{""Vulnerability in Siemens PLCs and SCADA Systems Could Allow Arbitrary Code Execution""}","A vulnerability exists in various Siemens products, including SIMATIC S7-PLCSIM and TIA Portal, due to improper sanitization of user-controllable input when processing user settings. This flaw could enable local attackers to execute arbitrary commands on the host operating system, leveraging the privileges of the user running the affected software. Organizations utilizing these products should prioritize updates and apply security measures to mitigate potential risks.",Siemens,"Simatic S7-plcsim V17,Simatic S7-plcsim V18,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 Safety V19,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Step 7 V19,Simatic Wincc Unified Pc Runtime V18,Simatic Wincc Unified Pc Runtime V19,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc Unified V19,Simatic Wincc V17,Simatic Wincc V18,Simatic Wincc V19,Simocode Es V17,Simocode Es V18,Simocode Es V19,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Simotion Scout Tia V5.6 Sp1,Sinamics Startdrive V17,Sinamics Startdrive V18,Sinamics Startdrive V19,Sirius Safety Es V17 (tia Portal),Sirius Safety Es V18 (tia Portal),Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V17 (tia Portal),Sirius Soft Starter Es V18 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Portal Cloud V17,Tia Portal Cloud V18,Tia Portal Cloud V19",7.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T13:53:57.576Z,0
CVE-2024-49849,https://securityvulnerability.io/vulnerability/CVE-2024-49849,"{""Vulnerability in Siemens Products Could Allow Arbitrary Code Execution""}","A vulnerability has been identified across multiple versions and products within Siemens' SIMATIC and TIA Portal lines. The flaw involves inadequate sanitization of user-controllable input when parsing log files, potentially allowing an attacker to exploit this weakness. This exploitation may lead to type confusion and the execution of arbitrary code within the affected applications, compromising operational integrity and security.",Siemens,"Simatic S7-plcsim V16,Simatic S7-plcsim V17,Simatic Step 7 Safety V16,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 Safety V19,Simatic Step 7 V16,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Step 7 V19,Simatic Wincc Unified V16,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc Unified V19,Simatic Wincc V16,Simatic Wincc V17,Simatic Wincc V18,Simatic Wincc V19,Simocode Es V16,Simocode Es V17,Simocode Es V18,Simocode Es V19,Simotion Scout Tia V5.4 Sp1,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Simotion Scout Tia V5.6 Sp1,Sinamics Startdrive V16,Sinamics Startdrive V17,Sinamics Startdrive V18,Sinamics Startdrive V19,Sirius Safety Es V17 (tia Portal),Sirius Safety Es V18 (tia Portal),Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V17 (tia Portal),Sirius Soft Starter Es V18 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Portal Cloud V16,Tia Portal Cloud V17,Tia Portal Cloud V18,Tia Portal Cloud V19",7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-12-10T13:53:56.043Z,0
CVE-2024-49704,https://securityvulnerability.io/vulnerability/CVE-2024-49704,COMOS XML External Entity Vulnerability,"A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components.",Siemens,"Comos V10.3,Comos V10.4.0,Comos V10.4.1,Comos V10.4.2,Comos V10.4.3,Comos V10.4.4,Comos V10.4.4.1",5.5,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-12-10T13:53:54.522Z,0
CVE-2020-28398,https://securityvulnerability.io/vulnerability/CVE-2020-28398,Cross-Site Request Forgery (CSRF) Vulnerability Affects RUGGEDCOM ROX Devices,"A vulnerability exists in the command-line interface (CLI) feature within the web interface of several RUGGEDCOM ROX products. This vulnerability can be exploited through cross-site request forgery (CSRF), allowing attackers to manipulate device configurations. If a legitimate user is tricked into clicking a malicious link, an attacker may gain unauthorized access to modify device settings. It is essential for organizations using affected RUGGEDCOM products to update their systems to version 2.16.0 or later to mitigate potential risks.",Siemens,"Ruggedcom Rox Mx5000,Ruggedcom Rox Mx5000re,Ruggedcom Rox Rx1400,Ruggedcom Rox Rx1500,Ruggedcom Rox Rx1501,Ruggedcom Rox Rx1510,Ruggedcom Rox Rx1511,Ruggedcom Rox Rx1512,Ruggedcom Rox Rx1524,Ruggedcom Rox Rx1536,Ruggedcom Rox Rx5000",8.8,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2024-12-10T13:53:19.090Z,0
CVE-2024-52335,https://securityvulnerability.io/vulnerability/CVE-2024-52335,Vulnerability in syngo.plaza VB30E Allows Execution of Malicious SQL Commands,"A security vulnerability exists in the syngo.plaza VB30E application developed by Siemens Healthineers. The flaw arises from insufficient input data sanitization before it is processed by the SQL server. This gap in security allows attackers with access to the application to insert and execute harmful SQL commands, potentially leading to unauthorized access and manipulation of the entire database, which could severely compromise sensitive medical data.",Siemens,Syngo.plaza Vb30e,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-12-06T13:14:16.935Z,0
CVE-2024-52574,https://securityvulnerability.io/vulnerability/CVE-2024-52574,Out of Bounds Read Vulnerability in Siemens Teamcenter and Tecnomatix Products,"A vulnerability has been identified in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation products, which involves an out of bounds read occurring past the end of an allocated structure when parsing specially crafted WRL files. This vulnerability could enable an attacker to execute code within the context of the affected application, posing significant security risks to users. It is crucial for organizations using these products to apply relevant patches and updates to mitigate potential exploitation.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-18T16:15:00.000Z,0
CVE-2024-52573,https://securityvulnerability.io/vulnerability/CVE-2024-52573,Out of Bounds Write Vulnerability in Teamcenter Visualization and Tecnomatix Plant Simulation Products from Siemens,"An out of bounds write vulnerability has been detected in Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation applications. This flaw manifests when these products process specially crafted WRL files, allowing potential attackers to execute arbitrary code within the context of the current process. Regular updates and patches are essential to mitigate the risks associated with this vulnerability and safeguard sensitive operations performed by the affected applications.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-18T16:15:00.000Z,0
CVE-2024-52572,https://securityvulnerability.io/vulnerability/CVE-2024-52572,Stack-Based Overflow Vulnerability in Teamcenter and Tecnomatix Products by Siemens,"A significant vulnerability has been discovered in Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation products, specifically affecting various versions that have not been updated. This vulnerability involves a stack-based overflow that can occur during the parsing of specially crafted WRL files. As a result, it presents a risk allowing an attacker to execute arbitrary code within the context of the affected applications. Mitigation strategies should be employed immediately by updating to the specified non-vulnerable versions to safeguard against potential exploits.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0005099999834783375,false,false,false,false,,false,false,2024-11-18T16:15:00.000Z,0
CVE-2024-52571,https://securityvulnerability.io/vulnerability/CVE-2024-52571,Out of Bounds Write Vulnerability in Siemens Teamcenter and Tecnomatix Products,"A vulnerability exists in multiple versions of Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation products. Specifically, an out of bounds write issue is triggered when the applications parse specially crafted WRL files. This flaw potentially enables attackers to execute arbitrary code within the context of the affected process. Various affected product versions include older iterations, emphasizing the necessity for users to promptly update to mitigate any associated risks.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-18T16:15:00.000Z,0
CVE-2024-52570,https://securityvulnerability.io/vulnerability/CVE-2024-52570,Out of Bounds Write Vulnerability in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation,"A notable vulnerability has been identified in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation products, where an out of bounds write can occur during the parsing of specially crafted WRL files. This weakness may enable attackers to execute arbitrary code within the context of the affected application process. It is essential for users of the specified versions to apply patches or mitigations to reduce exposure to potential exploitation.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-18T16:15:00.000Z,0
CVE-2024-52569,https://securityvulnerability.io/vulnerability/CVE-2024-52569,Out of Bounds Write Vulnerability in Siemens Teamcenter Visualization and Tecnomatix,"A vulnerability present in Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation products involves an out of bounds write that can occur when processing specially crafted WRL files. This flaw may enable an attacker to execute arbitrary code within the context of the affected process, potentially leading to unauthorized actions and system compromise. The vulnerability affects multiple versions of Teamcenter Visualization and Tecnomatix Plant Simulation, underscoring the importance of applying security patches and updates to mitigate the risks associated with this issue. Organizations using these products should review their versioning and implement necessary safeguards to protect against potential exploits.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-18T16:15:00.000Z,0
CVE-2024-52568,https://securityvulnerability.io/vulnerability/CVE-2024-52568,Use-After-Free Vulnerability in Teamcenter Visualization and Tecnomatix Products by Siemens,"A use-after-free vulnerability has been discovered in Siemens' Teamcenter Visualization and Tecnomatix Plant Simulation applications, which can be exploited when processing specially crafted WRL files. This vulnerability affects multiple versions of these products, presenting a risk where malicious actors could execute arbitrary code within the context of the affected process. Users of Teamcenter Visualization and Tecnomatix should take immediate action to update their respective installations to the latest secure versions to mitigate potential risks associated with this vulnerability.",Siemens,"Teamcenter Visualization V14.2,Teamcenter Visualization V14.3,Teamcenter Visualization V2312,Teamcenter Visualization V2406,Tecnomatix Plant Simulation V2302,Tecnomatix Plant Simulation V2404",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-18T16:15:00.000Z,0