Siemens Security Vulnerabilities (CVEs)
Track 563 security vulnerabilities affecting Siemens products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Tecnomatix Plant Simulation allows remote code execution via a specially crafted SPP file, enabling an attacker to run arbitrary...
Feb 14, 2023This vulnerability allows remote code execution through specially crafted SPP files in Tecnomatix Plant Simulation. Attackers can exploit an out-of-bo...
Feb 14, 2023This vulnerability allows remote code execution via specially crafted SPP files in Tecnomatix Plant Simulation. Attackers can execute arbitrary code i...
Feb 14, 2023An out-of-bounds read vulnerability in Solid Edge allows attackers to execute arbitrary code by tricking users into opening malicious PAR files. This ...
Feb 14, 2023This vulnerability allows attackers to execute arbitrary code by exploiting an out-of-bounds read vulnerability in Solid Edge's PAR file parser. Attac...
Feb 14, 2023This vulnerability allows remote code execution through specially crafted PAR files in Solid Edge CAD software. Attackers can exploit an out-of-bounds...
Feb 14, 2023This vulnerability in Solid Edge allows attackers to execute arbitrary code by exploiting an out-of-bounds read when parsing malicious PAR files. It a...
Feb 14, 2023This vulnerability in Solid Edge allows attackers to execute arbitrary code by exploiting an out-of-bounds write when parsing malicious PAR files. Use...
Feb 14, 2023This vulnerability in Solid Edge CAD software allows attackers to execute arbitrary code by exploiting uninitialized pointer access when processing ma...
Feb 14, 2023This CVE describes a stack overflow vulnerability in Siemens JT Open, JT Utilities, and Parasolid software when parsing specially crafted JT files. An...
Feb 14, 2023This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation service. Attackers can exploit this Structured Except...
Feb 14, 2023A heap-based buffer overflow vulnerability in Solid Edge allows attackers to execute arbitrary code by tricking users into opening malicious PAR files...
Feb 14, 2023This vulnerability allows authenticated users on SiPass integrated access control systems to execute arbitrary commands with root privileges through i...
Feb 14, 2023This CVE describes an OS command injection vulnerability in Node.js that allows attackers to bypass host validation checks and perform DNS rebinding a...
Jul 14, 2022This vulnerability allows unauthenticated remote attackers to send arbitrary messages to the MQTT service in SIMATIC eaSie Core Package systems. Attac...
Jul 12, 2022This vulnerability affects multiple Siemens SCALANCE industrial network switches. An unauthenticated remote attacker can send specially crafted HTTP r...
Jul 12, 2022This vulnerability affects multiple Siemens SCALANCE industrial network switches. An unauthenticated remote attacker can send specially crafted HTTP G...
Jul 12, 2022This vulnerability affects Siemens CP-8000 and CP-8021/8022 master modules running firmware versions below CPC80 V16.30. An unauthenticated remote att...
Jul 12, 2022A remote attacker can exploit improper input validation in SIMATIC eaSie Core Package to cause denial of service. This affects all versions before V22...
Jul 12, 2022CVE-2022-32262 is a command injection vulnerability in SINEMA Remote Connect Server that allows attackers to execute arbitrary code through a vulnerab...
Jun 14, 2022SICAM GridEdge (Classic) versions before V2.6.6 lack proper CORS restrictions, allowing attackers to trick authenticated users into executing maliciou...
Jun 14, 2022This vulnerability allows unauthenticated attackers to create administrative user accounts in SICAM GridEdge Classic systems. All versions before V2.6...
Jun 14, 2022A memory corruption vulnerability in Siemens EN100 Ethernet modules allows attackers to cause denial of service by sending specially crafted HTTP pack...
Jun 14, 2022Teamcenter Java EE Server Manager HTML Adaptor contains hardcoded default credentials. Attackers with access to the application can exploit these cred...
Jun 14, 2022CVE-2022-32251 is an authentication bypass vulnerability in Siemens SINEMA Remote Connect Server that allows attackers to modify user permissions with...
Jun 14, 2022This vulnerability affects Siemens SCALANCE industrial network switches with OSPF enabled. An unauthenticated remote attacker can send specially craft...
Jun 14, 2022This vulnerability allows unauthenticated remote code execution on Siemens Healthineers medical imaging systems through insecure deserialization of un...
Jun 1, 2022This vulnerability in SICAM T devices allows unauthenticated attackers to perform reflected cross-site scripting (XSS) attacks by injecting malicious ...
May 20, 2022This vulnerability allows unauthenticated attackers to bypass authentication on SICAM T devices by capturing and replaying challenge-response pairs. A...
May 20, 2022This vulnerability in SICAM T devices allows unauthenticated attackers to upload malicious files that can execute cross-site scripting (XSS) attacks. ...
May 20, 2022CVE-2022-27653 is an out-of-bounds write vulnerability in Simcenter Femap that allows remote code execution when parsing malicious .NEU files. Attacke...
May 20, 2022This vulnerability allows attackers to execute arbitrary code by exploiting a double-free memory corruption flaw in the CGM_NIST_Loader.dll library wh...
May 20, 2022This vulnerability in SICAM T devices allows authenticated attackers to send malicious POST requests that bypass parameter validation. Attackers can c...
May 20, 2022This vulnerability in SICAM T devices allows unauthenticated attackers to send specially crafted GET/POST requests that bypass parameter validation. A...
May 20, 2022CVE-2022-30065 is a use-after-free vulnerability in BusyBox's awk applet that can be triggered by processing a specially crafted awk pattern. This vul...
May 18, 2022This vulnerability allows attackers to reuse captured authentication tokens beyond their intended expiration time in Siemens Desigo building automatio...
May 10, 2022A vulnerability in Siemens Desigo building automation controllers allows attackers to send a specially crafted BACnet protocol packet that causes the ...
May 10, 2022CVE-2022-1292 is a command injection vulnerability in the c_rehash script distributed with OpenSSL. It allows attackers to execute arbitrary commands ...
May 3, 2022This vulnerability affects Siemens SCALANCE W1788 industrial wireless access points. An attacker can send specially crafted multicast LLC frames to ca...
Apr 12, 2022This vulnerability in Simcenter Femap allows remote code execution via specially crafted .NEU files due to an out-of-bounds read. It affects all versi...
Apr 12, 2022This vulnerability allows remote code execution through specially crafted .NEU files in Simcenter Femap. Attackers can exploit an out-of-bounds write ...
Apr 12, 2022This vulnerability allows local unprivileged attackers to achieve privilege escalation in Siemens SIMATIC Energy Manager software. By exploiting impro...
Apr 12, 2022This vulnerability allows unauthenticated remote attackers to execute arbitrary code with SYSTEM privileges on affected SIMATIC Energy Manager systems...
Apr 12, 2022This vulnerability affects multiple Siemens SCALANCE industrial network switches. An unauthenticated remote attacker can send specially crafted HTTP r...
Apr 12, 2022This vulnerability affects Siemens SCALANCE industrial network switches. It allows unauthenticated remote attackers to brute-force session IDs and hij...
Apr 12, 2022This is a Cross-Site Request Forgery (CSRF) vulnerability in Siemens SCALANCE industrial network switches. Attackers can trick authenticated users int...
Apr 12, 2022This vulnerability affects multiple Siemens SCALANCE industrial network switches. An unauthenticated remote attacker can send specially crafted HTTP r...
Apr 12, 2022This vulnerability affects Siemens SCALANCE industrial network switches. It allows attackers to trigger device reboots by sending specially crafted SN...
Apr 12, 2022This vulnerability affects multiple Siemens SIMATIC S7-400 and S7-410 industrial controllers. An attacker can send specially crafted packets to TCP po...
Apr 12, 2022This vulnerability in zlib allows memory corruption during compression (deflating) when processing input with many distant matches. It affects any sof...
Mar 25, 2022Why Monitor Siemens Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 563+ known vulnerabilities affecting Siemens products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Siemens packages in under 60 seconds. No agents required - completely agentless scanning that works across Siemens deployments.
Free vulnerability database: Access detailed information about every Siemens CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Siemens CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
