CPE Details
Siemens SINUMERIK ONE Firmware
-
2022-06-01
13h41 +00:00
13h41 +00:00
2022-06-03
11h02 +00:00
11h02 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:siemens:sinumerik_one_firmware:-:*:*:*:*:*:*:*
Informations
Vendor
siemensProduct
sinumerik_one_firmwareVersion
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. | 7.5 |
High |
||
| The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. | 6.5 |
Medium |
||
| A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root. | 7.8 |
High |
||
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | 7.5 |
High |
||
| Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
Medium |
2025©
tesweb SA
