CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30176
https://notcve.org/view.php?id=CVE-2025-30176
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-125: Out-of-bounds Read •
CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30175
https://notcve.org/view.php?id=CVE-2025-30175
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-787: Out-of-bounds Write •
CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30174
https://notcve.org/view.php?id=CVE-2025-30174
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-49775
https://notcve.org/view.php?id=CVE-2024-49775
16 Dec 2024 — A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All v... • https://cert-portal.siemens.com/productcert/html/ssa-928984.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47808
https://notcve.org/view.php?id=CVE-2024-47808
12 Nov 2024 — A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system. This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system. • https://cert-portal.siemens.com/productcert/html/ssa-331112.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-33698
https://notcve.org/view.php?id=CVE-2024-33698
10 Sep 2024 — A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions),... • https://cert-portal.siemens.com/productcert/html/ssa-039007.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41941
https://notcve.org/view.php?id=CVE-2024-41941
13 Aug 2024 — A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization. • https://cert-portal.siemens.com/productcert/html/ssa-784301.html • CWE-863: Incorrect Authorization •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41940
https://notcve.org/view.php?id=CVE-2024-41940
13 Aug 2024 — A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. • https://cert-portal.siemens.com/productcert/html/ssa-784301.html • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41939
https://notcve.org/view.php?id=CVE-2024-41939
13 Aug 2024 — A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. • https://cert-portal.siemens.com/productcert/html/ssa-784301.html • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41938
https://notcve.org/view.php?id=CVE-2024-41938
13 Aug 2024 — A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. • https://cert-portal.siemens.com/productcert/html/ssa-784301.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •