Siemens Sinema_server
17 CVEs affecting Siemens Sinema_server. Latest disclosed: 2023-10-10. Critical: 3, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-10940 | Critical | 9.9 | 2020-01-16 | A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid ses… |
CVE-2021-39275 | Critical | 9.8 | 2021-09-16 | ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party… |
CVE-2021-40438 | Critical | 9.0 | 2021-09-16 | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4… |
CVE-2023-35796 | High | 8.3 | 2023-10-10 | A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieve… |
CVE-2020-25237 | High | 8.1 | 2021-02-09 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to… |
CVE-2016-6486 | High | 7.8 | 2016-08-08 | Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. |
CVE-2021-34798 | High | 7.5 | 2021-09-16 | Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. |
CVE-2019-6575 | High | 7.5 | 2019-04-17 | A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All ver… |
CVE-2022-25311 | High | 7.3 | 2022-03-08 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affe… |
CVE-2020-7580 | Medium | 6.7 | 2020-06-10 | A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC… |
CVE-2017-6865 | Medium | 6.5 | 2017-05-11 | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Softwa… |
CVE-2016-7165 | Medium | 6.4 | 2016-11-15 | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC… |
CVE-2021-3449 | Medium | 5.9 | 2021-03-25 | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the… |
CVE-2019-10941 | Medium | 5.3 | 2021-09-14 | A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user ident… |
CVE-2014-2733 | | 2014-04-19 | Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (… | |
CVE-2014-2732 | | 2014-04-19 | Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary fil… | |
CVE-2014-2731 | | 2014-04-19 | Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via H… |