Siemens Security Vulnerabilities (CVEs)
Track 563 security vulnerabilities affecting Siemens products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2022-0847 (Dirty Pipe) is a Linux kernel vulnerability that allows unprivileged local users to write to read-only files in the page cache, enablin...
Mar 10, 2022This vulnerability in Siemens RUGGEDCOM industrial networking devices allows attackers to exploit a TFTP functionality flaw where file names lack prop...
Mar 8, 2022This vulnerability allows authenticated attackers with administrative privileges to execute arbitrary SQL commands on the local database of affected S...
Mar 8, 2022This vulnerability allows local attackers to escalate privileges to root on affected SINUMERIK industrial control systems. The sc SUID binary contains...
Mar 8, 2022CVE-2022-25311 is a privilege escalation vulnerability in Siemens SINEC NMS and SINEMA Server where authenticated low-privileged users can gain higher...
Mar 8, 2022This vulnerability allows attackers in a privileged position to execute cross-site scripting (XSS) attacks on affected Siemens RUGGEDCOM industrial ne...
Mar 8, 2022A timing attack vulnerability in third-party components of Siemens RUGGEDCOM industrial networking devices could allow attackers to retrieve private e...
Mar 8, 2022This vulnerability in Simcenter Femap allows remote code execution through specially crafted NEU files. An attacker could execute arbitrary code with ...
Feb 22, 2022CVE-2022-25314 is an integer overflow vulnerability in Expat's copyString function that can lead to heap buffer overflow. This allows attackers to pot...
Feb 18, 2022CVE-2022-25315 is an integer overflow vulnerability in Expat's storeRawNames function that can lead to heap buffer overflow. This allows attackers to ...
Feb 18, 2022CVE-2022-25235 is a critical vulnerability in Expat (libexpat) XML parser where improper UTF-8 character validation allows attackers to bypass securit...
Feb 16, 2022This vulnerability allows remote code execution through an out-of-bounds write in Siemens JT2Go, Solid Edge, and Teamcenter Visualization software whe...
Feb 9, 2022A memory corruption vulnerability in Siemens JT2Go, Solid Edge, and Teamcenter Visualization products allows attackers to execute arbitrary code by tr...
Feb 9, 2022This vulnerability allows remote code execution through specially crafted NEU files in Simcenter Femap. An attacker could execute arbitrary code with ...
Feb 9, 2022This vulnerability allows remote code execution through memory corruption when Simcenter Femap parses malicious NEU files. Attackers can execute arbit...
Feb 9, 2022This vulnerability allows remote code execution via a stack-based buffer overflow when parsing NEU files in Simcenter Femap. Attackers can execute arb...
Feb 9, 2022This vulnerability allows remote code execution through memory corruption when Simcenter Femap parses malicious NEU files. Attackers could execute arb...
Feb 9, 2022This vulnerability allows remote code execution through specially crafted NEU files in Simcenter Femap engineering software. Attackers can exploit an ...
Feb 9, 2022This vulnerability allows remote code execution through specially crafted NEU files in Simcenter Femap engineering software. Attackers can exploit an ...
Feb 9, 2022An unauthenticated attacker can cause denial-of-service on Siemens SIMATIC industrial control systems by sending specially crafted packets to port 102...
Feb 9, 2022This vulnerability allows authenticated attackers on affected Siemens SIMATIC PCS 7 and WinCC systems to obtain password hashes via a public API. Atta...
Feb 9, 2022This vulnerability allows unauthenticated attackers to cause denial-of-service conditions in Siemens industrial control systems by sending specially c...
Feb 9, 2022This vulnerability allows attackers to access System Management Mode (SMM) and execute arbitrary code in Insyde InsydeH2O UEFI firmware. It affects sy...
Feb 3, 2022This vulnerability allows attackers to write predictable data to SMRAM (System Management Mode RAM) through a memory corruption flaw in InsydeH2O firm...
Feb 3, 2022This vulnerability in Insyde InsydeH2O Kernel allows attackers to use invalid buffer addresses with the EFI_SMM_COMMUNICATION_PROTOCOL Communicate() f...
Feb 3, 2022This vulnerability allows attackers to execute arbitrary code in System Management Mode (SMM) by exploiting a flaw in InsydeH2O UEFI firmware's System...
Feb 3, 2022CVE-2021-4034 (PwnKit) is a local privilege escalation vulnerability in polkit's pkexec utility that allows unprivileged local users to gain root priv...
Jan 28, 2022CVE-2022-23990 is an integer overflow vulnerability in Expat (libexpat) XML parser library that can lead to denial of service or arbitrary code execut...
Jan 26, 2022CVE-2022-23852 is a signed integer overflow vulnerability in Expat (libexpat) XML parser that can lead to buffer overflow. When XML_CONTEXT_BYTES is c...
Jan 24, 2022An improper input validation vulnerability in the web server of Siemens SIPROTEC 5 devices allows unauthenticated attackers to access device informati...
Jan 11, 2022This vulnerability allows unauthenticated attackers to access privileged logfiles and diagnostic data on Siemens CP-8000 and CP-8021/8022 master modul...
Jan 11, 2022This vulnerability allows SQL injection attacks in Siemens COMOS web components, enabling attackers to execute arbitrary SQL statements. Affected syst...
Jan 11, 2022CVE-2022-22826 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by provi...
Jan 10, 2022CVE-2022-22822 is an integer overflow vulnerability in Expat's XML parser that can lead to heap buffer overflow. This allows attackers to execute arbi...
Jan 10, 2022CVE-2022-22824 is an integer overflow vulnerability in Expat's defineAttribute function in xmlparse.c. This allows attackers to cause heap-based buffe...
Jan 10, 2022CVE-2021-46143 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by provi...
Jan 6, 2022CVE-2021-45046 is an incomplete fix for the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j 2.15.0 that allows attackers to execute arbitrary...
Dec 14, 2021This vulnerability allows unauthenticated remote attackers to subscribe to arbitrary message broker queues in Siemens SiPass and Siveillance Identity ...
Dec 14, 2021This vulnerability allows unauthenticated remote attackers to read, modify, or delete activity feed entries in Siemens SiPass integrated and Siveillan...
Dec 14, 2021This vulnerability allows remote code execution via stack-based buffer overflow when parsing malicious JT files in Siemens JT Utilities and JTTK libra...
Dec 14, 2021This vulnerability allows remote code execution through specially crafted JT files in Siemens JT Utilities and JTTK products. An attacker could execut...
Dec 14, 2021This vulnerability allows remote code execution through specially crafted JT files in Siemens JT Utilities and JTTK products. Attackers can exploit an...
Dec 14, 2021This vulnerability allows attackers to read memory beyond allocated buffers when parsing malicious JT files using JT Utilities or JTTK libraries. It a...
Dec 14, 2021This vulnerability allows remote code execution through specially crafted JT files in Siemens JT Utilities and JTTK products. Attackers can exploit an...
Dec 14, 2021This vulnerability allows remote code execution through specially crafted JT files in Siemens JT Utilities and JTTK products. Attackers can exploit an...
Dec 14, 2021This vulnerability allows remote code execution through specially crafted JT files in Siemens JT Utilities and JTTK libraries. Attackers can exploit a...
Dec 14, 2021This vulnerability allows remote code execution via specially crafted JT files in Siemens JT Utilities and JTTK libraries. Attackers can exploit a use...
Dec 14, 2021This vulnerability allows remote code execution through specially crafted JT files in Siemens JT Utilities and JTTK libraries. Attackers can exploit a...
Dec 14, 2021This vulnerability allows remote code execution through specially crafted PDF files in Siemens JT2Go and Teamcenter Visualization software. Attackers ...
Dec 14, 2021This vulnerability allows remote code execution through specially crafted TIFF files in Siemens JT2Go and Teamcenter Visualization software. Attackers...
Dec 14, 2021Why Monitor Siemens Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 563+ known vulnerabilities affecting Siemens products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Siemens packages in under 60 seconds. No agents required - completely agentless scanning that works across Siemens deployments.
Free vulnerability database: Access detailed information about every Siemens CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Siemens CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
