24 matches found
CVE-2021-20093
CVE-2021-20093 affects Wibu-Systems CodeMeter Runtime (CodeMeter, CmWAN/CodeMeter Network Server) prior to v7.21a. The issue is a buffer over-read (CWE-126) in the CodeMeter Runtime network server that can be exploited by an unauthenticated remote attacker to disclose heap memory contents or cras...
CVE-2022-27194
CVE-2022-27194 affects Siemens SIMATIC PCS neo (Administration Console), SINETPLAN, and TIA Portal (V15–V17). The issue arises from improper handling of specially crafted packets sent to port 8888/TCP, leading to a remote Denial-of-Service that requires manual device restart. Mitigations document...
CVE-2020-7580
CVE-2020-7580 affects Siemens products (e.g., SIMATIC Automation Tool, STEP 7/TIA Portal, WinCC OA, ProSave, S7-1500 controllers, etc.). Root cause: a common component calls a helper binary with SYSTEM privileges while the call path is not quoted (unquoted search path/element CWE-428). This could...
CVE-2023-46285
The CVE-2023-46285 issue is an improper input validation flaw in Siemens/SAP Opcenter and TIAP/TIA components that can trigger a denial-of-service by sending crafted traffic to port 4004/tcp. Affected products include Opcenter Execution Foundation (< V2407), Opcenter Quality (< V2312), SIMA...
CVE-2023-46284
Opcenter components and Siemens TIAP stack are affected by CVE-2023-46284, a buffer overflow (out-of-bounds write) in handling requests on ports 4002/tcp and 4004/tcp that can crash the target application (denial of service) with auto-restart of the service. Affected products/versions include: Op...
CVE-2023-46282
Siemens Opcenter/TIA Portal family is affected by a reflected XSS in the web UI across multiple products and versions: Opcenter Execution Foundation < V2407, Opcenter Quality < V2312, SIMATIC PCS N eo < V4.1, SINEC NMS < V2.0 SP1, and TIA Portal V14, V15.1, V16, V17 < V17 Update 8,...
CVE-2020-7581
CVE-2020-7581 affects Siemens/Opcenter components (Discrete/Foundation/Process, Intelligence, Quality, RD&L) and related SIMATIC/Soft Starter/PCS neo, STEP 7, SIMOCODE ES, and Notifier Server. Root cause: an internal component calls a helper binary with SYSTEM privileges during startup via an unq...
CVE-2023-46281
CVE-2023-46281 affects Siemens/Opcenter UMC across multiple products, due to an overly permissive cross-domain policy in the UMC Web-UI. Affected versions include Opcenter Execution Foundation < V2407, Opcenter Quality < V2312, SIMATIC PCS neo < V4.1, SINEC NMS < V2.0 SP1, and TIAs: P...
CVE-2023-46283
The CVE-2023-46283 issue affects Opcenter Execution Foundation (< V2407), Opcenter Quality (< V2312), SIMATIC PCS neo (< V4.1), SINEC NMS (
CVE-2021-41057
CVE-2021-41057 affects WIBU CodeMeter Runtime prior to 7.30a. A local attacker can abuse a crafted CmDongles symbolic link to overwrite the target file without permission checks, potentially crashing the CodeMeter Runtime Server and causing DoS. Public documentation confirms affected product is C...
CVE-2020-7587
CVE-2020-7587 affects Siemens Opcenter and SIMATIC software (e.g., Opcenter Execution Discrete/Foundation/Process, Opcenter Intelligence, Opcenter RD&L, SIMATIC IT LMS/Production Suite, SIMATIC Notifier, PCSneo, STEP 7, SIMOCODE ES, Soft Starter ES, IT Production products). The vulnerability set ...
CVE-2020-7588
CVE-2020-7588 affects Siemens/SIEMENS-related products (Opcenter Execution Discrete/Foundation/Process, Intelligence, Quality, RD&L, SIMATIC IT LMS/Production Suite, Notifier Server, PCS neo, STEP 7 TI A Portal, SIMOCODE ES, Soft Starter ES). Root cause per PT-2020-6696 and CISA/NVD details: insu...
CVE-2023-46097
SIMATIC PCS neo SQL Injection (CVE-2023-46097) affects all versions prior to V4.1. The PUD Manager does not properly neutralize user inputs, allowing an authenticated adjacent attacker to execute SQL statements in the underlying database. Evidence in connected sources confirms the vulnerability a...
CVE-2023-46098
CVE-2023-46098 affects SIMATIC PCSneo (all versions before V4.1). The issue is a permissive cross-domain policy (CORS) in the Information Server that could let an attacker trick a legitimate user into triggering unwanted behavior. Impact is high (C/H/I/H/A/H) per CVSS; exploitation would require ...
CVE-2023-46096
CVE-2023-46096 affects SIMATIC PCS neo (
CVE-2023-38558
Summary of CVE-2023-38558 : Siemens SIMATIC PCS neo Administration Console (V4.0 and V4.0 Update 1) contains an information-disclosure vulnerability that leaks Windows admin credentials to an attacker with local access, enabling impersonation of an admin and potential access to other Windows syst...
CVE-2023-46099
Siemens SIMATIC PCS neo (versions prior to V4.1) has a stored cross-site scripting vulnerability in the Administration Console. The issue allows an attacker with high privileges to inject JavaScript that is executed by other legitimate users. Affected component: Administration Console of SIMATIC ...
CVE-2025-40566
CVE-2025-40566 affects Siemens SIMATIC PCS neo: v4.1 up to but excluding Update 3, and v5.0 up to but excluding Update 1. The root cause is improper invalidation of user sessions on logout, allowing a remote, unauthenticated attacker who obtained a legitimate session token to reuse that session a...
CVE-2025-30175
CVE-2025-30175 affects Siemens SIMATIC PCS neo (V4.1–V5.0), SINEC NMS (
CVE-2025-30176
Summary (CVE-2025-30176) Affected Siemens products include SIMATIC PCS neo (V4.1–V5.0), SINEC NMS (< V4.0), SINEMA Remote Connect, TIA Portal (V17–V20), and the User Management Component (UMC) (
CVE-2025-40796
The CVE-2025-40796 entry affects Siemens SIMATIC PCS neo (V4.1, V5.0, V6.0 all versions) and the User Management Component (UMC) (all versions
CVE-2025-40797
CVE-2025-40797 affects Siemens SIMATIC PCS neo and its User Management Component (UMC). The UMC contains an out-of-bounds read vulnerability that can be triggered by an unauthenticated remote attacker, causing a denial of service. Affected products include PCS neo v4.1, v5.0, and v6.0 (all versio...
CVE-2025-40798
CVE-2025-40798 affects Siemens SIMATIC PCS neo versions 4.1, 5.0, 6.0 (all versions) and the embedded User Management Component (UMC) versions prior to 2.15.1.3. The vulnerability is an out-of-bounds read in the UMC that could allow an unauthenticated remote attacker to cause a denial of service....
CVE-2025-40795
The CVE-2025-40795 issue affects Siemens SIMATIC PCS neo versions 4.1, 5.0 and 6.0, and the integrated User Management Component (UMC)