CVSS: 6.9EPSS: 0%CPEs: 114EXPL: 0CVE-2024-23814
https://notcve.org/view.php?id=CVE-2024-23814
11 Feb 2025 — A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALA... • https://cert-portal.siemens.com/productcert/html/ssa-769027.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-37482
https://notcve.org/view.php?id=CVE-2023-37482
11 Feb 2025 — The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. • https://cert-portal.siemens.com/productcert/html/ssa-195895.html • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56841
https://notcve.org/view.php?id=CVE-2024-56841
14 Jan 2025 — A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification. Se ha identificado una vulnerabilidad en Mendix LDAP (todas las versiones anteriores a la V1.1.2). Las versiones afectadas del módulo son vulnerables a la inyección de LDAP. • https://cert-portal.siemens.com/productcert/html/ssa-314390.html • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53649
https://notcve.org/view.php?id=CVE-2024-53649
14 Jan 2025 — A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.80), SIPROTEC 5 7SA86 (CP300) (All versions >= V... • https://cert-portal.siemens.com/productcert/html/ssa-194557.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47100
https://notcve.org/view.php?id=CVE-2024-47100
14 Jan 2025 — A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7... • https://cert-portal.siemens.com/productcert/html/ssa-717113.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45385
https://notcve.org/view.php?id=CVE-2024-45385
14 Jan 2025 — A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Se ha identificado una vulnerabilidad en el sistema operativo Industrial Edge Management (IEM-OS) (todas las versiones). Los componentes afectados son vulnerables a ataques de cross-site scripting reflejado (XSS). • https://cert-portal.siemens.com/productcert/html/ssa-416411.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-49775
https://notcve.org/view.php?id=CVE-2024-49775
16 Dec 2024 — A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All v... • https://cert-portal.siemens.com/productcert/html/ssa-928984.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54095
https://notcve.org/view.php?id=CVE-2024-54095
10 Dec 2024 — A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-730188.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54094
https://notcve.org/view.php?id=CVE-2024-54094
10 Dec 2024 — A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-730188.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54093
https://notcve.org/view.php?id=CVE-2024-54093
10 Dec 2024 — A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-730188.html • CWE-122: Heap-based Buffer Overflow •