CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10941
https://notcve.org/view.php?id=CVE-2019-10941
14 Sep 2021 — A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges. Se ha identificado una vulnerabilidad en SINEMA Server (Todas las versiones anteriores a V14 SP3). Una falta de autenticación para la funcionali... • https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2020-25237 – Siemens SINEC NMS FirmwareFileUtils extractToFolder Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-25237
09 Feb 2021 — A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054) Se ha identificado ... • https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10940
https://notcve.org/view.php?id=CVE-2019-10940
16 Jan 2020 — A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability... • https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 6.9EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7165
https://notcve.org/view.php?id=CVE-2016-7165
15 Nov 2016 — A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (... • http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2732
https://notcve.org/view.php?id=CVE-2014-2732
19 Apr 2014 — Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. Múltiples vulnerabilidades de salto de directorio en el servidor web integrado en Siemens SINEMA Server anterior a 12 SP1 permiten a atacantes remotos acceder a archivos arbitrarios a través de trafico HTTP hacia opuerto (1) 4999 o (2) 80. • http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-2731
https://notcve.org/view.php?id=CVE-2014-2731
19 Apr 2014 — Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. Múltiples vulnerabilidades no especificadas en el servidor web integrado en el servidor Siemens SINEMA anterior a 12 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de trafico HTTP hacia puerto (1) 4999 o (2) 80. • http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2733
https://notcve.org/view.php?id=CVE-2014-2733
19 Apr 2014 — Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80. El servidor Siemens SINEMA anterior a 12 SP1 permite a atacantes remotos causar una denegación de servicio (interrupción de interfaz web) a través de solicitudes HTTP manipuladas hacia puerto (1) 4999 o (2) 80. • http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01 • CWE-20: Improper Input Validation •