CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-50557
https://notcve.org/view.php?id=CVE-2024-50557
This could allow an unauthenticated remote attacker to execute arbitrary code on the device. • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-47942
https://notcve.org/view.php?id=CVE-2024-47942
The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. • https://cert-portal.siemens.com/productcert/html/ssa-351178.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-46890
https://notcve.org/view.php?id=CVE-2024-46890
This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-46888
https://notcve.org/view.php?id=CVE-2024-46888
This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device. • https://cert-portal.siemens.com/productcert/html/ssa-915275.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-44102
https://notcve.org/view.php?id=CVE-2024-44102
This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges. • https://cert-portal.siemens.com/productcert/html/ssa-454789.html • CWE-502: Deserialization of Untrusted Data •