CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30176
https://notcve.org/view.php?id=CVE-2025-30176
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-125: Out-of-bounds Read •
CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30175
https://notcve.org/view.php?id=CVE-2025-30175
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-787: Out-of-bounds Write •
CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30174
https://notcve.org/view.php?id=CVE-2025-30174
13 May 2025 — A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1... • https://cert-portal.siemens.com/productcert/html/ssa-614723.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42345
https://notcve.org/view.php?id=CVE-2024-42345
10 Sep 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment. • https://cert-portal.siemens.com/productcert/html/ssa-869574.html • CWE-384: Session Fixation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42344
https://notcve.org/view.php?id=CVE-2024-42344
10 Sep 2024 — A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data. • https://cert-portal.siemens.com/productcert/html/ssa-417159.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39876
https://notcve.org/view.php?id=CVE-2024-39876
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39875
https://notcve.org/view.php?id=CVE-2024-39875
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39874
https://notcve.org/view.php?id=CVE-2024-39874
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39873
https://notcve.org/view.php?id=CVE-2024-39873
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39872
https://notcve.org/view.php?id=CVE-2024-39872
09 Jul 2024 — A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level. • https://cert-portal.siemens.com/productcert/html/ssa-381581.html • CWE-378: Creation of Temporary File With Insecure Permissions •