CVSS: 3.1EPSS: 0%CPEs: 12EXPL: 0CVE-2024-50560
https://notcve.org/view.php?id=CVE-2024-50560
12 Nov 2024 — A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (Al... • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-20: Improper Input Validation •
CVSS: 5.1EPSS: 0%CPEs: 12EXPL: 0CVE-2024-50559
https://notcve.org/view.php?id=CVE-2024-50559
12 Nov 2024 — A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (Al... • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2024-50558
https://notcve.org/view.php?id=CVE-2024-50558
12 Nov 2024 — A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (Al... • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2024-50557
https://notcve.org/view.php?id=CVE-2024-50557
12 Nov 2024 — A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (Al... • https://cert-portal.siemens.com/productcert/html/ssa-354112.html • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50313
https://notcve.org/view.php?id=CVE-2024-50313
12 Nov 2024 — A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism ... • https://cert-portal.siemens.com/productcert/html/ssa-914892.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50310
https://notcve.org/view.php?id=CVE-2024-50310
12 Nov 2024 — A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem. • https://cert-portal.siemens.com/productcert/html/ssa-654798.html • CWE-863: Incorrect Authorization •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47942
https://notcve.org/view.php?id=CVE-2024-47942
12 Nov 2024 — A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. • https://cert-portal.siemens.com/productcert/html/ssa-351178.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47941
https://notcve.org/view.php?id=CVE-2024-47941
12 Nov 2024 — A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-351178.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47940
https://notcve.org/view.php?id=CVE-2024-47940
12 Nov 2024 — A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-351178.html • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47808
https://notcve.org/view.php?id=CVE-2024-47808
12 Nov 2024 — A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system. • https://cert-portal.siemens.com/productcert/html/ssa-331112.html • CWE-732: Incorrect Permission Assignment for Critical Resource •