CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-51744
https://notcve.org/view.php?id=CVE-2023-51744
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V14.3.0.6), Teamcenter Visualization V13.3 (Todas las versiones < V13.3.0.13), Teamcenter Visualization V14.1 (Todas las versiones < V14.1.0.12), Teamcenter Visualization V14.2 (todas las versiones • https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-51439
https://notcve.org/view.php?id=CVE-2023-51439
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. Se ha identificado una vulnerabilidad en JT2Go (Todas las versiones < V14.3.0.6), Teamcenter Visualization V13.3 (Todas las versiones < V13.3.0.13), Teamcenter Visualization V14.1 (Todas las versiones < V14.1.0.12), Teamcenter Visualization V14.2 (todas las versiones • https://cert-portal.siemens.com/productcert/pdf/ssa-794653.pdf • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-51438
https://notcve.org/view.php?id=CVE-2023-51438
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. Se ha identificado una vulnerabilidad en SIMATIC IPC1047E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows), SIMATIC IPC647E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows), SIMATIC IPC847E (todas las versiones con maxView Storage Manager < V4.14.00.26068 en Windows). En instalaciones predeterminadas de maxView Storage Manager donde el servidor Redfish® está configurado para la administración remota del sistema, se ha identificado una vulnerabilidad que puede proporcionar acceso no autorizado. • https://cert-portal.siemens.com/productcert/pdf/ssa-702935.pdf • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49621
https://notcve.org/view.php?id=CVE-2023-49621
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. Se ha identificado una vulnerabilidad en SIMATIC CN 4100 (todas las versiones < V2.7). El estado del sistema de "intermediate installation" de la aplicación afectada utiliza la credencial predeterminada con privilegios de administrador. • https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf • CWE-1392: Use of Default Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49252
https://notcve.org/view.php?id=CVE-2023-49252
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. Se ha identificado una vulnerabilidad en SIMATIC CN 4100 (todas las versiones < V2.7). La aplicación afectada permite el cambio de configuración de IP sin autenticación en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf • CWE-20: Improper Input Validation •