cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-46280,https://securityvulnerability.io/vulnerability/CVE-2023-46280,Out of Bounds Read Vulnerability in SIMATIC and TIA Portal Products by Siemens,"An out of bounds read vulnerability has been identified in multiple Siemens products, including the SIMATIC and TIA Portal series. This flaw can potentially lead to the crashing of the Windows kernel, resulting in a Blue Screen of Death (BSOD) error. Attackers could exploit this vulnerability to destabilize systems, impacting operational efficiency and safety within industrial environments. It is crucial for users of these products to be aware of this vulnerability and to implement necessary mitigations as outlined by Siemens.",Siemens,"Security Configuration Tool (sct),Simatic Automation Tool,Simatic Batch V9.1,Simatic Net Pc Software V16,Simatic Net Pc Software V17,Simatic Net Pc Software V18,Simatic Net Pc Software V19,Simatic Pcs 7 V9.1,Simatic Pdm V9.2,Simatic Route Control V9.1,Simatic S7-pct,Simatic Step 7 V5,Simatic Wincc Oa V3.17,Simatic Wincc Oa V3.18,Simatic Wincc Oa V3.19,Simatic Wincc Runtime Advanced,Simatic Wincc Runtime Professional V16,Simatic Wincc Runtime Professional V17,Simatic Wincc Runtime Professional V18,Simatic Wincc Runtime Professional V19,Simatic Wincc V7.4,Simatic Wincc V7.5,Simatic Wincc V8.0,Sinamics Startdrive,Sinec Nms,Sinumerik One Virtual,Sinumerik Plc Programming Tool,Tia Portal Cloud Connector,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T10:01:52.069Z,0
CVE-2023-46281,https://securityvulnerability.io/vulnerability/CVE-2023-46281,CORS Misconfiguration in Siemens Web Interfaces,"A vulnerability exists in the web interfaces of several Siemens products, where an overly permissive CORS policy could allow an attacker to exploit this misconfiguration. By manipulating CORS settings, an attacker could deceive legitimate users into triggering unintended actions, which may compromise the security of the user's session or expose sensitive data.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",8.8,HIGH,0.0018500000005587935,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46282,https://securityvulnerability.io/vulnerability/CVE-2023-46282,Reflected Cross-Site Scripting Vulnerability in Siemens Automation Products,"A reflected cross-site scripting vulnerability has been found in various Siemens automation products, including the Opcenter Execution Foundation and the Totally Integrated Automation Portal. This flaw allows attackers to inject arbitrary JavaScript code into the web interface, which could subsequently be executed by another user, potentially compromising their session and leading to unauthorized actions. The affected versions span multiple platforms, necessitating immediate attention for users of these critical systems.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",6.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46285,https://securityvulnerability.io/vulnerability/CVE-2023-46285,Input Validation Vulnerability in Siemens Automation Products,"An improper input validation vulnerability exists in various Siemens automation products. This flaw can be exploited by sending specially crafted messages to the service running on port 4004/tcp, potentially leading to a Denial-of-Service condition. Notably, the affected services are designed to auto-restart once a failure is detected, which may make detection of the attack more challenging.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46283,https://securityvulnerability.io/vulnerability/CVE-2023-46283,Out of Bounds Write Vulnerability in Opcenter and TIA Portal by Siemens,"A vulnerability exists in various Siemens software products that allows for an out of bounds write, potentially leading an attacker to crash the application while processing specific requests on a designated TCP port. Following the crash, the affected service is configured to automatically restart, which could be exploited by an attacker for further malicious actions. It's crucial for users of Opcenter Execution Foundation, TIA Portal, and related products to ensure they are running the latest versions to mitigate this risk.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-46284,https://securityvulnerability.io/vulnerability/CVE-2023-46284,Out of Bounds Write Vulnerability in Siemens Automation Products,"A significant out of bounds write vulnerability exists in various Siemens automation products, including Opcenter Execution Foundation and the Totally Integrated Automation Portal. This vulnerability arises when specific requests are processed on designated TCP ports (4002 and 4004), leading to a potential application crash. The affected services are designed to auto-restart following a crash, which may allow an attacker to exploit the application further. Timely updates to the latest versions are crucial for mitigating this risk.",Siemens,"Opcenter Execution Foundation,Opcenter Quality,Simatic Pcs Neo,Sinec Nms,Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-30757,https://securityvulnerability.io/vulnerability/CVE-2023-30757,Know-How Protection Flaw in Siemens Totally Integrated Automation Portal Products,"A critical vulnerability exists within Siemens Totally Integrated Automation Portal products that impacts the know-how protection feature. When project files are updated, the encryption for existing program blocks is not properly refreshed, permitting attackers with access to the project files to retrieve older, unprotected versions of the project. This unauthorized access occurs without requiring the know-how protection password, posing a significant risk to the confidentiality and integrity of sensitive automation data.",Siemens,"Totally Integrated Automation Portal (tia Portal) V14,Totally Integrated Automation Portal (tia Portal) V15,Totally Integrated Automation Portal (tia Portal) V15.1,Totally Integrated Automation Portal (tia Portal) V16,Totally Integrated Automation Portal (tia Portal) V17,Totally Integrated Automation Portal (tia Portal) V18,Totally Integrated Automation Portal (tia Portal) V19,Totally Integrated Automation Portal (tia Portal) V20",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0