Siemens Security Vulnerabilities (CVEs)
Track 546 security vulnerabilities affecting Siemens products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows unauthenticated attackers to access REST API endpoints in Polarion ALM's doorsconnector component, potentially enabling remo...
Feb 13, 2024This vulnerability allows unauthenticated remote attackers to gain full administrative access to Siemens Location Intelligence products by exploiting ...
Feb 13, 2024A memory corruption vulnerability in Simcenter Femap allows attackers to execute arbitrary code by tricking users into opening malicious Catia MODEL f...
Feb 13, 2024This vulnerability allows remote code execution through specially crafted SPP files in Tecnomatix Plant Simulation software. Attackers can exploit an ...
Feb 13, 2024A stack overflow vulnerability in Tecnomatix Plant Simulation allows attackers to execute arbitrary code by tricking users into opening malicious PSOB...
Feb 13, 2024SINEC NMS versions before V2.0 SP1 contain a vulnerability allowing arbitrary file upload via TFTP. Attackers can upload malicious firmware images or ...
Feb 13, 2024This vulnerability allows remote code execution through a specially crafted WRL file in Tecnomatix Plant Simulation. Attackers can execute arbitrary c...
Feb 13, 2024A stack overflow vulnerability in Tecnomatix Plant Simulation allows attackers to execute arbitrary code by tricking users into opening malicious WRL ...
Feb 13, 2024This vulnerability allows attackers to execute arbitrary code by exploiting an out-of-bounds read in Parasolid and Solid Edge when processing maliciou...
Feb 13, 2024This vulnerability affects Siemens SIMATIC CP 343-1 and SIPLUS NET CP 343-1 communication processors. An unauthenticated remote attacker can cause den...
Feb 13, 2024This vulnerability allows malicious local administrators to execute arbitrary operating system commands with root privileges by exploiting improper in...
Dec 12, 2023This CVE describes a buffer overflow vulnerability in multiple Siemens industrial automation products. An attacker can send specially crafted requests...
Dec 12, 2023This vulnerability allows attackers to cause denial-of-service by sending specially crafted messages to port 4004/tcp on affected Siemens industrial s...
Dec 12, 2023This vulnerability in SINEC INS allows malicious administrators to upload specially crafted certificates through the RADIUS configuration mechanism, b...
Dec 12, 2023This CVE describes an overly permissive CORS policy vulnerability in Siemens industrial software products. An attacker could exploit this by tricking ...
Dec 12, 2023A memory leak vulnerability in the webserver of multiple Siemens SIMATIC and SIPLUS industrial communication products allows attackers with network ac...
Dec 12, 2023This vulnerability affects multiple Siemens industrial control systems and allows attackers to send specially crafted HTTP(S) requests to exhaust syst...
Dec 12, 2023This vulnerability affects Siemens LOGO! programmable logic controllers (PLCs) and allows attackers to perform electromagnetic fault injection attacks...
Dec 12, 2023This vulnerability affects multiple Siemens industrial networking devices where improper validation of uploaded X509 certificates could allow attacker...
Nov 14, 2023A buffer overflow vulnerability in COMOS's Ptmcast executable allows attackers to execute arbitrary code or cause denial of service. This affects all ...
Nov 14, 2023A type confusion vulnerability in Tecnomatix Plant Simulation allows attackers to execute arbitrary code by tricking users into opening malicious IGS ...
Oct 10, 2023This vulnerability allows remote code execution through stack overflow when parsing malicious IGS files in Siemens Parasolid and Tecnomatix Plant Simu...
Oct 10, 2023This vulnerability allows authenticated remote attackers to perform directory traversal attacks on Siemens CP-8031 and CP-8050 MASTER MODULE devices v...
Oct 10, 2023CVE-2023-43625 is a critical remote code execution vulnerability in Simcenter Amesim's SOAP endpoint. Unauthenticated remote attackers can perform DLL...
Oct 10, 2023This vulnerability allows remote code execution through specially crafted SPP files in Tecnomatix Plant Simulation. Attackers can exploit an out-of-bo...
Oct 10, 2023This vulnerability allows remote code execution through specially crafted SPP files in Tecnomatix Plant Simulation. Attackers can exploit an out-of-bo...
Oct 10, 2023This vulnerability allows remote code execution through specially crafted SPP files in Tecnomatix Plant Simulation software. Attackers can exploit an ...
Oct 10, 2023This vulnerability in SINEMA Server V14 allows attackers to execute stored cross-site scripting attacks through improperly sanitized SNMP configuratio...
Oct 10, 2023This vulnerability allows attackers with knowledge of a hard-coded SSH private key to gain unauthorized access to Siemens CP-8031 and CP-8050 MASTER M...
Oct 10, 2023CVE-2022-30527 is an improper access control vulnerability in Siemens SINEC NMS where specific folders containing executables and libraries have overl...
Oct 10, 2023QMS Automotive application servers before version V12.39 expose sensitive server information in responses, potentially enabling direct database access...
Sep 12, 2023QMS Automotive versions before V12.39 store sensitive application data in insecure external storage via the QMS.Mobile module. This allows attackers w...
Sep 12, 2023This vulnerability in QMS Automotive's QMS.Mobile module allows attackers to bypass authorization checks, potentially accessing sensitive data, perfor...
Sep 12, 2023This vulnerability allows remote code execution through specially crafted X_T files in Parasolid and Simcenter Femap software. An attacker could execu...
Sep 12, 2023A memory corruption vulnerability in Tecnomatix Plant Simulation allows attackers to execute arbitrary code by tricking users into opening malicious S...
Sep 12, 2023A type confusion vulnerability in Siemens JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation allows remote code execution when parsing m...
Sep 12, 2023This CVE describes a use-after-free vulnerability in Siemens JT2Go, Teamcenter Visualization, and Tecnomatix Plant Simulation software. Attackers can ...
Sep 12, 2023QMS Automotive software versions before V12.39 store user credentials as plaintext in memory, allowing attackers who can perform memory dumps to extra...
Sep 12, 2023This CVE describes an integer overflow vulnerability in OPC UA implementations (ANSI C and C++) that causes infinite loops during certificate validati...
Sep 12, 2023This vulnerability allows remote code execution through heap-based buffer overflow when parsing malicious WRL files in Siemens JT2Go, Teamcenter Visua...
Sep 12, 2023A use-after-free vulnerability in Solid Edge SE2023 allows attackers to execute arbitrary code by tricking users into opening malicious DWG files. Thi...
Aug 8, 2023A denial-of-service vulnerability in the web server of multiple Siemens RUGGEDCOM industrial networking devices allows attackers to crash the web inte...
Aug 8, 2023This vulnerability in Solid Edge SE2023 allows attackers to execute arbitrary code by exploiting an out-of-bounds read when parsing malicious DFT file...
Aug 8, 2023An out-of-bounds read vulnerability in Solid Edge SE2023 allows attackers to execute arbitrary code by tricking users into opening malicious PAR files...
Aug 8, 2023This vulnerability in Solid Edge SE2023 allows attackers to execute arbitrary code by exploiting an out-of-bounds write buffer overflow when parsing m...
Aug 8, 2023This vulnerability in Solid Edge SE2023 allows attackers to execute arbitrary code by exploiting an out-of-bounds read when parsing malicious PSM file...
Aug 8, 2023This vulnerability allows attackers to execute arbitrary code by exploiting an out-of-bounds read vulnerability in Parasolid and Teamcenter Visualizat...
Aug 8, 2023This vulnerability allows remote code execution through specially crafted X_T files in Siemens Parasolid and Teamcenter Visualization software. An att...
Aug 8, 2023A local privilege escalation vulnerability in SICAM TOOLBOX II allows attackers to execute operating system commands with SYSTEM privileges. This affe...
Aug 8, 2023This vulnerability allows remote code execution through specially crafted SPP files in Tecnomatix Plant Simulation. Attackers can exploit an out-of-bo...
Aug 8, 2023Why Monitor Siemens Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 546+ known vulnerabilities affecting Siemens products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Siemens packages in under 60 seconds. No agents required - completely agentless scanning that works across Siemens deployments.
Free vulnerability database: Access detailed information about every Siemens CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Siemens CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
