cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-49849,https://securityvulnerability.io/vulnerability/CVE-2024-49849,"{""Vulnerability in Siemens Products Could Allow Arbitrary Code Execution""}","A vulnerability has been identified across multiple versions and products within Siemens' SIMATIC and TIA Portal lines. The flaw involves inadequate sanitization of user-controllable input when parsing log files, potentially allowing an attacker to exploit this weakness. This exploitation may lead to type confusion and the execution of arbitrary code within the affected applications, compromising operational integrity and security.",Siemens,"Simatic S7-plcsim V16,Simatic S7-plcsim V17,Simatic Step 7 Safety V16,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 Safety V19,Simatic Step 7 V16,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Step 7 V19,Simatic Wincc Unified V16,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc Unified V19,Simatic Wincc V16,Simatic Wincc V17,Simatic Wincc V18,Simatic Wincc V19,Simocode Es V16,Simocode Es V17,Simocode Es V18,Simocode Es V19,Simotion Scout Tia V5.4 Sp1,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Simotion Scout Tia V5.6 Sp1,Sinamics Startdrive V16,Sinamics Startdrive V17,Sinamics Startdrive V18,Sinamics Startdrive V19,Sirius Safety Es V17 (tia Portal),Sirius Safety Es V18 (tia Portal),Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V17 (tia Portal),Sirius Soft Starter Es V18 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Portal Cloud V16,Tia Portal Cloud V17,Tia Portal Cloud V18,Tia Portal Cloud V19",7.8,HIGH,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-10T13:53:56.043Z,0
CVE-2023-32736,https://securityvulnerability.io/vulnerability/CVE-2023-32736,"{""Vulnerability in Siemens Products Could Allow Arbitrary Code Execution""}","A vulnerability exists in various Siemens automation products that fail to adequately sanitize user-controllable input, especially when processing user settings. This flaw could facilitate type confusion, potentially allowing an attacker to execute arbitrary code within the affected application. Affected software includes SIMATIC S7-PLCSIM, STEP 7, WinCC, and other associated tools, and users are advised to review the latest updates and apply necessary patches to mitigate this risk. For detailed information, refer to the provided reference.",Siemens,"Simatic S7-plcsim V16,Simatic S7-plcsim V17,Simatic Step 7 Safety V16,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 V16,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Wincc Unified V16,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc V16,Simatic Wincc V17,Simatic Wincc V18,Simocode Es V16,Simocode Es V17,Simocode Es V18,Simotion Scout Tia V5.4 Sp1,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Sinamics Startdrive V16,Sinamics Startdrive V17,Sinamics Startdrive V18,Sirius Safety Es V17,Sirius Safety Es V18,Sirius Soft Starter Es V17,Sirius Soft Starter Es V18,Tia Portal Cloud V16,Tia Portal Cloud V17,Tia Portal Cloud V18",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-12T12:49:22.651Z,0
CVE-2023-32735,https://securityvulnerability.io/vulnerability/CVE-2023-32735,"{""Siemens: Multiple Products Affected by Deserialization Vulnerability"",""Siemens: Simatic Safety and Motion Control"",""Siemens: Sinamics Drive Technologies"",""Siemens: Simotion Safety"",""Siemens: TIA Portal Cloud""}","A vulnerability exists in various Siemens products, including SIMATIC STEP 7, SIMATIC WinCC, and other related applications, that fails to properly restrict .NET BinaryFormatter during the deserialization of hardware configuration profiles. This imperfection may lead to type confusion, enabling an attacker to execute arbitrary code within affected applications. This could result in unauthorized actions or data manipulation, posing a significant risk to system integrity and operations.",Siemens,"Simatic Step 7 Safety V16,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 V16,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Wincc Unified V16,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc V16,Simatic Wincc V17,Simatic Wincc V18,Simocode Es V16,Simocode Es V17,Simocode Es V18,Simotion Scout Tia V5.4 Sp1,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Sinamics Startdrive V16,Sinamics Startdrive V17,Sinamics Startdrive V18,Sirius Safety Es V17,Sirius Safety Es V18,Sirius Soft Starter Es V17,Sirius Soft Starter Es V18,Soft Starter Es V16,Tia Portal Cloud V3.0",6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-09T12:04:26.871Z,0
CVE-2020-7581,https://securityvulnerability.io/vulnerability/CVE-2020-7581,,"A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted. This could allow a local attacker with administrative privileges to execute code with SYSTEM level privileges.",Siemens,"Opcenter Execution Discrete,Opcenter Execution Foundation,Opcenter Execution Process,Opcenter Intelligence,Opcenter Quality,Opcenter Rd&l,Simatic Notifier Server For Windows,Simatic Pcs Neo,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simocode Es V15.1,Simocode Es V16,Soft Starter Es V15.1,Soft Starter Es V16",6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,2020-07-14T13:18:05.000Z,0
CVE-2020-7588,https://securityvulnerability.io/vulnerability/CVE-2020-7588,,"A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself.",Siemens,"Opcenter Execution Discrete,Opcenter Execution Foundation,Opcenter Execution Process,Opcenter Intelligence,Opcenter Quality,Opcenter Rd&l,Simatic It Lms,Simatic It Production Suite,Simatic Notifier Server For Windows,Simatic Pcs Neo,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simocode Es V15.1,Simocode Es V16,Soft Starter Es V15.1,Soft Starter Es V16",5.3,MEDIUM,0.0010999999940395355,false,,false,false,false,,false,false,2020-07-14T13:18:05.000Z,0
CVE-2020-7587,https://securityvulnerability.io/vulnerability/CVE-2020-7587,,"A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.",Siemens,"Opcenter Execution Discrete,Opcenter Execution Foundation,Opcenter Execution Process,Opcenter Intelligence,Opcenter Quality,Opcenter Rd&l,Simatic It Lms,Simatic It Production Suite,Simatic Notifier Server For Windows,Simatic Pcs Neo,Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simocode Es V15.1,Simocode Es V16,Soft Starter Es V15.1,Soft Starter Es V16",8.2,HIGH,0.002460000105202198,false,,false,false,false,,false,false,2020-07-14T13:18:05.000Z,0