cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-49775,https://securityvulnerability.io/vulnerability/CVE-2024-49775,Heap-Based Buffer Overflow in Siemens Automation Products,"CVE-2024-49775 identifies a critical heap-based buffer overflow vulnerability affecting multiple Siemens automation products, including the Opcenter suite and the Totally Integrated Automation Portal (TIA Portal). This vulnerability resides in the integrated UMC component and could allow an unauthenticated remote attacker to execute arbitrary code. Given the widespread use of these products in industrial environments, the implications of such exploitation could lead to severe operational disruptions. Siemens has acknowledged this vulnerability in all listed versions and it is imperative for users to assess their current configurations and apply necessary mitigations.",Siemens,"Opcenter Execution Foundation,Opcenter Intelligence,Opcenter Quality,Opcenter Rdl,Simatic Pcs Neo V4.0,Simatic Pcs Neo V4.1,Simatic Pcs Neo V5.0,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,2024-12-16T15:06:04.714Z,184
CVE-2024-52051,https://securityvulnerability.io/vulnerability/CVE-2024-52051,"{""Vulnerability in Siemens PLCs and SCADA Systems Could Allow Arbitrary Code Execution""}","A vulnerability exists in various Siemens products, including SIMATIC S7-PLCSIM and TIA Portal, due to improper sanitization of user-controllable input when processing user settings. This flaw could enable local attackers to execute arbitrary commands on the host operating system, leveraging the privileges of the user running the affected software. Organizations utilizing these products should prioritize updates and apply security measures to mitigate potential risks.",Siemens,"Simatic S7-plcsim V17,Simatic S7-plcsim V18,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 Safety V19,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Step 7 V19,Simatic Wincc Unified Pc Runtime V18,Simatic Wincc Unified Pc Runtime V19,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc Unified V19,Simatic Wincc V17,Simatic Wincc V18,Simatic Wincc V19,Simocode Es V17,Simocode Es V18,Simocode Es V19,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Simotion Scout Tia V5.6 Sp1,Sinamics Startdrive V17,Sinamics Startdrive V18,Sinamics Startdrive V19,Sirius Safety Es V17 (tia Portal),Sirius Safety Es V18 (tia Portal),Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V17 (tia Portal),Sirius Soft Starter Es V18 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Portal Cloud V17,Tia Portal Cloud V18,Tia Portal Cloud V19",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-12-10T13:53:57.576Z,0
CVE-2024-49849,https://securityvulnerability.io/vulnerability/CVE-2024-49849,"{""Vulnerability in Siemens Products Could Allow Arbitrary Code Execution""}","A vulnerability has been identified across multiple versions and products within Siemens' SIMATIC and TIA Portal lines. The flaw involves inadequate sanitization of user-controllable input when parsing log files, potentially allowing an attacker to exploit this weakness. This exploitation may lead to type confusion and the execution of arbitrary code within the affected applications, compromising operational integrity and security.",Siemens,"Simatic S7-plcsim V16,Simatic S7-plcsim V17,Simatic Step 7 Safety V16,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 Safety V19,Simatic Step 7 V16,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Step 7 V19,Simatic Wincc Unified V16,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc Unified V19,Simatic Wincc V16,Simatic Wincc V17,Simatic Wincc V18,Simatic Wincc V19,Simocode Es V16,Simocode Es V17,Simocode Es V18,Simocode Es V19,Simotion Scout Tia V5.4 Sp1,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Simotion Scout Tia V5.6 Sp1,Sinamics Startdrive V16,Sinamics Startdrive V17,Sinamics Startdrive V18,Sinamics Startdrive V19,Sirius Safety Es V17 (tia Portal),Sirius Safety Es V18 (tia Portal),Sirius Safety Es V19 (tia Portal),Sirius Soft Starter Es V17 (tia Portal),Sirius Soft Starter Es V18 (tia Portal),Sirius Soft Starter Es V19 (tia Portal),Tia Portal Cloud V16,Tia Portal Cloud V17,Tia Portal Cloud V18,Tia Portal Cloud V19",7.8,HIGH,0.0005300000193528831,false,,false,false,false,,false,false,2024-12-10T13:53:56.043Z,0
CVE-2023-32736,https://securityvulnerability.io/vulnerability/CVE-2023-32736,"{""Vulnerability in Siemens Products Could Allow Arbitrary Code Execution""}","A vulnerability exists in various Siemens automation products that fail to adequately sanitize user-controllable input, especially when processing user settings. This flaw could facilitate type confusion, potentially allowing an attacker to execute arbitrary code within the affected application. Affected software includes SIMATIC S7-PLCSIM, STEP 7, WinCC, and other associated tools, and users are advised to review the latest updates and apply necessary patches to mitigate this risk. For detailed information, refer to the provided reference.",Siemens,"Simatic S7-plcsim V16,Simatic S7-plcsim V17,Simatic Step 7 Safety V16,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 V16,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Wincc Unified V16,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc V16,Simatic Wincc V17,Simatic Wincc V18,Simocode Es V16,Simocode Es V17,Simocode Es V18,Simotion Scout Tia V5.4 Sp1,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Sinamics Startdrive V16,Sinamics Startdrive V17,Sinamics Startdrive V18,Sirius Safety Es V17,Sirius Safety Es V18,Sirius Soft Starter Es V17,Sirius Soft Starter Es V18,Tia Portal Cloud V16,Tia Portal Cloud V17,Tia Portal Cloud V18",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-12T12:49:22.651Z,0
CVE-2024-33698,https://securityvulnerability.io/vulnerability/CVE-2024-33698,Heap-Based Buffer Overflow in Opcenter and SIMATIC Products by Siemens,"A critical security vulnerability exists within the integrated UMC component of various Siemens products, including Opcenter and SIMATIC series. This vulnerability is characterized as a heap-based buffer overflow, which could potentially enable an unauthenticated remote attacker to execute arbitrary code on the affected systems. This flaw underscores the importance of regular updates and security patch management to protect industrial applications from malicious exploitation.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Opcenter Rdl,Simatic Information Server 2022,Simatic Information Server 2024,Simatic Pcs Neo V4.0,Simatic Pcs Neo V4.1,Simatic Pcs Neo V5.0,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:36:31.009Z,0
CVE-2023-32735,https://securityvulnerability.io/vulnerability/CVE-2023-32735,"{""Siemens: Multiple Products Affected by Deserialization Vulnerability"",""Siemens: Simatic Safety and Motion Control"",""Siemens: Sinamics Drive Technologies"",""Siemens: Simotion Safety"",""Siemens: TIA Portal Cloud""}","A vulnerability exists in various Siemens products, including SIMATIC STEP 7, SIMATIC WinCC, and other related applications, that fails to properly restrict .NET BinaryFormatter during the deserialization of hardware configuration profiles. This imperfection may lead to type confusion, enabling an attacker to execute arbitrary code within affected applications. This could result in unauthorized actions or data manipulation, posing a significant risk to system integrity and operations.",Siemens,"Simatic Step 7 Safety V16,Simatic Step 7 Safety V17,Simatic Step 7 Safety V18,Simatic Step 7 V16,Simatic Step 7 V17,Simatic Step 7 V18,Simatic Wincc Unified V16,Simatic Wincc Unified V17,Simatic Wincc Unified V18,Simatic Wincc V16,Simatic Wincc V17,Simatic Wincc V18,Simocode Es V16,Simocode Es V17,Simocode Es V18,Simotion Scout Tia V5.4 Sp1,Simotion Scout Tia V5.4 Sp3,Simotion Scout Tia V5.5 Sp1,Sinamics Startdrive V16,Sinamics Startdrive V17,Sinamics Startdrive V18,Sirius Safety Es V17,Sirius Safety Es V18,Sirius Soft Starter Es V17,Sirius Soft Starter Es V18,Soft Starter Es V16,Tia Portal Cloud V3.0",6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-09T12:04:26.871Z,0
CVE-2023-46280,https://securityvulnerability.io/vulnerability/CVE-2023-46280,Out of Bounds Read Vulnerability in SIMATIC and TIA Portal Products by Siemens,"An out of bounds read vulnerability has been identified in multiple Siemens products, including the SIMATIC and TIA Portal series. This flaw can potentially lead to the crashing of the Windows kernel, resulting in a Blue Screen of Death (BSOD) error. Attackers could exploit this vulnerability to destabilize systems, impacting operational efficiency and safety within industrial environments. It is crucial for users of these products to be aware of this vulnerability and to implement necessary mitigations as outlined by Siemens.",Siemens,"Security Configuration Tool (sct),Simatic Automation Tool,Simatic Batch V9.1,Simatic Net Pc Software V16,Simatic Net Pc Software V17,Simatic Net Pc Software V18,Simatic Net Pc Software V19,Simatic Pcs 7 V9.1,Simatic Pdm V9.2,Simatic Route Control V9.1,Simatic S7-pct,Simatic Step 7 V5,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18,Simatic Wincc Oa V3.19,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V16,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0,Sinamics Startdrive,Sinec Nms,Sinumerik One Virtual,Sinumerik Plc Programming Tool,Tia Portal Cloud Connector,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T10:01:52.069Z,0
CVE-2023-46282,https://securityvulnerability.io/vulnerability/CVE-2023-46282,Reflected Cross-Site Scripting Vulnerability in Siemens Automation Products,"A reflected cross-site scripting vulnerability has been found in various Siemens automation products, including the Opcenter Execution Foundation and the Totally Integrated Automation Portal. This flaw allows attackers to inject arbitrary JavaScript code into the web interface, which could subsequently be executed by another user, potentially compromising their session and leading to unauthorized actions. The affected versions span multiple platforms, necessitating immediate attention for users of these critical systems.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46281,https://securityvulnerability.io/vulnerability/CVE-2023-46281,CORS Misconfiguration in Siemens Web Interfaces,"A vulnerability exists in the web interfaces of several Siemens products, where an overly permissive CORS policy could allow an attacker to exploit this misconfiguration. By manipulating CORS settings, an attacker could deceive legitimate users into triggering unintended actions, which may compromise the security of the user's session or expose sensitive data.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",8.8,HIGH,0.0018500000005587935,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46283,https://securityvulnerability.io/vulnerability/CVE-2023-46283,Out of Bounds Write Vulnerability in Opcenter and TIA Portal by Siemens,"A vulnerability exists in various Siemens software products that allows for an out of bounds write, potentially leading an attacker to crash the application while processing specific requests on a designated TCP port. Following the crash, the affected service is configured to automatically restart, which could be exploited by an attacker for further malicious actions. It's crucial for users of Opcenter Execution Foundation, TIA Portal, and related products to ensure they are running the latest versions to mitigate this risk.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46284,https://securityvulnerability.io/vulnerability/CVE-2023-46284,Out of Bounds Write Vulnerability in Siemens Automation Products,"A significant out of bounds write vulnerability exists in various Siemens automation products, including Opcenter Execution Foundation and the Totally Integrated Automation Portal. This vulnerability arises when specific requests are processed on designated TCP ports (4002 and 4004), leading to a potential application crash. The affected services are designed to auto-restart following a crash, which may allow an attacker to exploit the application further. Timely updates to the latest versions are crucial for mitigating this risk.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46285,https://securityvulnerability.io/vulnerability/CVE-2023-46285,Input Validation Vulnerability in Siemens Automation Products,"An improper input validation vulnerability exists in various Siemens automation products. This flaw can be exploited by sending specially crafted messages to the service running on port 4004/tcp, potentially leading to a Denial-of-Service condition. Notably, the affected services are designed to auto-restart once a failure is detected, which may make detection of the attack more challenging.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-30757,https://securityvulnerability.io/vulnerability/CVE-2023-30757,Know-How Protection Flaw in Siemens Totally Integrated Automation Portal Products,"A critical vulnerability exists within Siemens Totally Integrated Automation Portal products that impacts the know-how protection feature. When project files are updated, the encryption for existing program blocks is not properly refreshed, permitting attackers with access to the project files to retrieve older, unprotected versions of the project. This unauthorized access occurs without requiring the know-how protection password, posing a significant risk to the confidentiality and integrity of sensitive automation data.",Siemens,"Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19,Totally Integrated Automation Portal (tia Portal) V20",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-26293,https://securityvulnerability.io/vulnerability/CVE-2023-26293,Path Traversal Vulnerability in Siemens Totally Integrated Automation Portal,"A path traversal vulnerability has been discovered in Siemens' Totally Integrated Automation Portal, impacting various versions. This flaw could allow an attacker to write or modify arbitrary files within the engineering system. If users inadvertently open a compromised PC system configuration file, it may lead to unauthorized code execution, posing significant security risks.",Siemens,"Totally Integrated Automation Portal (tia Portal) V15,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.3,HIGH,0.0006200000061653554,false,,false,false,false,,false,false,2023-04-11T10:15:00.000Z,0
CVE-2021-42029,https://securityvulnerability.io/vulnerability/CVE-2021-42029,Privilege Escalation in Siemens SIMATIC STEP 7 Engineering Software,"A vulnerability has been identified in Siemens SIMATIC STEP 7 (TIA Portal) affecting versions V15, V16 prior to Update 5, and V17 prior to Update 2. This vulnerability allows an attacker with direct access to the impacted web server to escalate their privileges on the engineering system software. Improper access controls can enable malicious users to gain unauthorized access, posing significant security risks to affected systems.",Siemens,"Simatic Step 7 (tia Portal) V15,Simatic Step 7 (tia Portal) V16,Simatic Step 7 (tia Portal) V17",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2022-04-12T09:07:30.000Z,0
CVE-2019-10934,https://securityvulnerability.io/vulnerability/CVE-2019-10934,,"A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions < V16 Update 6), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known.",Siemens,"Tia Portal V14,Tia Portal V15,Tia Portal V16,Tia Portal V17",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2020-01-16T15:35:24.000Z,0