2225 results (0.002 seconds)

CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0

14 Aug 2025 — A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. • https://cert-portal.siemens.com/productcert/html/ssa-395458.html • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-300: Channel Accessible by Non-Endpoint •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site scripting attacks. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-1164: Irrelevant Code •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-250: Execution with Unnecessary Privileges •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

12 Aug 2025 — A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack. • https://cert-portal.siemens.com/productcert/html/ssa-517338.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

12 Aug 2025 — A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process. • https://cert-portal.siemens.com/productcert/html/ssa-674084.html • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

12 Aug 2025 — A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692) • https://cert-portal.siemens.com/productcert/html/ssa-674084.html • CWE-787: Out-of-bounds Write •

CVSS: 8.6EPSS: 0%CPEs: 11EXPL: 0

12 Aug 2025 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-... • https://cert-portal.siemens.com/productcert/html/ssa-094954.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 8.5EPSS: 0%CPEs: 29EXPL: 0

12 Aug 2025 — A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), S... • https://cert-portal.siemens.com/productcert/html/ssa-493396.html • CWE-502: Deserialization of Untrusted Data •