Siemens Security Vulnerabilities (CVEs)
Track 563 security vulnerabilities affecting Siemens products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows remote code execution through specially crafted JT files in Siemens JT2Go and Teamcenter Visualization software. Attackers c...
Dec 14, 2021A buffer overflow vulnerability in the web application of Siemens SICAM Q100 power meters allows remote attackers with engineer or admin privileges to...
Dec 14, 2021This vulnerability allows attackers to perform zip path traversal attacks through an unsafe unzipping pattern in Teamcenter Active Workspace. Successf...
Dec 14, 2021CVE-2021-42024 is an out-of-bounds write vulnerability in Simcenter STAR-CCM+ Viewer that allows remote code execution when parsing malicious scene fi...
Dec 14, 2021CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by explo...
Dec 10, 2021This vulnerability in WIBU CodeMeter Runtime allows local attackers to overwrite arbitrary files via a crafted symbolic link attack. It affects system...
Nov 14, 2021This vulnerability affects Climatix POL909 building automation controllers. It allows unauthenticated attackers to intercept unencrypted web traffic, ...
Nov 9, 2021This CVE describes a path traversal vulnerability in Siemens Siveillance Video DLNA Server that allows unauthenticated remote attackers to read arbitr...
Nov 9, 2021This vulnerability in Siemens industrial control systems allows attackers to send malformed UDP packets with unchecked payload lengths, potentially ca...
Nov 9, 2021This vulnerability in Siemens Capital Embedded AR Classic products allows attackers to cause denial-of-service conditions by sending specially crafted...
Nov 9, 2021This vulnerability affects Siemens Capital Embedded AR Classic products where the DHCP client fails to validate vendor option lengths in DHCP ACK mess...
Nov 9, 2021This vulnerability affects Siemens building automation controllers and related products. It allows attackers to exploit a DHCP client flaw where the h...
Nov 9, 2021This vulnerability allows attackers to exploit a stack-based buffer overflow in the FTP server of Siemens building automation controllers by sending o...
Nov 9, 2021This vulnerability affects Siemens building automation controllers and related products. It allows attackers to exploit a buffer overflow in the FTP s...
Nov 9, 2021This vulnerability in Siemens industrial control systems allows attackers to send specially crafted TCP packets with unchecked payload lengths. Exploi...
Nov 9, 2021This is a critical path traversal vulnerability (CWE-22) in Siemens SIMATIC PCS 7 and WinCC systems that allows attackers to bypass directory restrict...
Nov 9, 2021CVE-2021-41990 is an integer overflow vulnerability in the gmp plugin of strongSwan VPN software. Attackers can trigger this by sending a specially cr...
Oct 18, 2021This CVE allows remote attackers to execute arbitrary commands on affected HPE Aruba Instant Access Points (IAPs) without authentication. The vulnerab...
Oct 12, 2021This CVE allows remote attackers to execute arbitrary commands on affected HPE Aruba Instant Access Points (IAPs) without authentication. The vulnerab...
Oct 12, 2021A remote buffer overflow vulnerability in HPE Aruba Instant Access Points (IAP) allows unauthenticated attackers to execute arbitrary code or cause de...
Oct 12, 2021CVE-2021-33728 is a Java deserialization vulnerability in Siemens SINEC NMS that allows authenticated attackers to execute arbitrary code with root pr...
Oct 12, 2021This vulnerability allows a privileged authenticated attacker to execute arbitrary commands in the local database of SINEC NMS by sending crafted requ...
Oct 12, 2021CVE-2021-33732 is a SQL injection vulnerability in Siemens SINEC NMS that allows authenticated privileged attackers to execute arbitrary commands on t...
Oct 12, 2021This vulnerability allows authenticated attackers with administrative privileges to execute arbitrary SQL commands on the SINEC Network Management Sys...
Oct 12, 2021CVE-2021-33736 is a SQL injection vulnerability in Siemens SINEC NMS that allows authenticated attackers with administrative privileges to execute arb...
Oct 12, 2021This vulnerability affects Siemens RUGGEDCOM ROX industrial network devices, allowing attackers to cause permanent denial-of-service by exploiting imp...
Oct 12, 2021This vulnerability in SIMATIC Process Historian allows unauthenticated attackers to manipulate historical process data through an interface lacking au...
Oct 12, 2021CVE-2021-33724 is an arbitrary file deletion vulnerability in Siemens SINEC NMS that allows attackers to delete files or directories at user-controlle...
Oct 12, 2021CVE-2021-33726 is a path traversal vulnerability in Siemens SINEC NMS that allows authenticated attackers to download arbitrary files from the server ...
Oct 12, 2021CVE-2021-22930 is a use-after-free vulnerability in Node.js that allows memory corruption attacks. An attacker could exploit this to execute arbitrary...
Oct 7, 2021This vulnerability allows attackers to corrupt SMRAM memory through insufficient validation of buffer pointers in SMM SWSMI handlers, potentially lead...
Oct 1, 2021This CVE describes a use-after-free vulnerability in Siemens NX and Solid Edge software when parsing OBJ files. An attacker could exploit this to exec...
Sep 28, 2021A use-after-free vulnerability in Solid Edge SE2021 allows attackers to execute arbitrary code by tricking users into opening malicious OBJ files. Thi...
Sep 28, 2021This vulnerability in Solid Edge SE2021 allows attackers to execute arbitrary code by exploiting a use-after-free bug when parsing malicious OBJ files...
Sep 28, 2021CVE-2021-39275 is a critical buffer overflow vulnerability in Apache HTTP Server's ap_escape_quotes() function that could allow remote code execution ...
Sep 16, 2021CVE-2021-37200 is a path traversal vulnerability in Siemens SINEC NMS that allows authenticated attackers to download arbitrary files from the underly...
Sep 14, 2021A use-after-free vulnerability in the IFC adapter of Siemens NX 1980 Series and Solid Edge SE2021 allows attackers to execute arbitrary code by tricki...
Sep 14, 2021This vulnerability affects Siemens SIPROTEC 5 relays with specific CPU variants. An unauthenticated remote attacker can send specially crafted webpack...
Sep 14, 2021This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Siemens Teamcenter PLM software. Attackers can manipulate user-supplied...
Sep 14, 2021This privilege escalation vulnerability in Siemens RUGGEDCOM ROX industrial routers allows attackers to gain root access on affected devices. It affec...
Sep 14, 2021This vulnerability allows unauthenticated attackers to execute arbitrary code on affected systems by exploiting insecure deserialization in Siemens Ce...
Sep 14, 2021An unauthenticated attacker can change any user's password in Siemens Industrial Edge Management systems, allowing impersonation of valid users. This ...
Sep 14, 2021A critical buffer overflow vulnerability in Siemens SIPROTEC 5 relays allows attackers to send specially crafted packets to port 4443/tcp, potentially...
Sep 14, 2021A denial-of-service vulnerability in Siemens SIMATIC CP industrial communication modules allows remote attackers to crash affected devices by sending ...
Sep 14, 2021This CVE describes a critical buffer overflow vulnerability in Siemens APOGEE and TALON building automation controllers. Unauthenticated remote attack...
Sep 14, 2021This vulnerability in Simcenter STAR-CCM+ Viewer allows attackers to execute arbitrary code by exploiting improper validation of scene files. It affec...
Sep 14, 2021A remote buffer overflow vulnerability in Aruba SD-WAN Software and Gateways allows attackers to execute arbitrary code or cause denial of service. Af...
Sep 7, 2021This CVE allows remote attackers to execute arbitrary commands on affected Aruba SD-WAN and gateway devices. The vulnerability stems from improper neu...
Sep 7, 2021This CVE allows remote attackers to execute arbitrary commands on Aruba SD-WAN and gateway devices running vulnerable ArubaOS versions. Attackers can ...
Sep 7, 2021This CVE allows remote attackers to execute arbitrary commands on Aruba SD-WAN and gateway devices through improper neutralization of special elements...
Sep 7, 2021Why Monitor Siemens Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 563+ known vulnerabilities affecting Siemens products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Siemens packages in under 60 seconds. No agents required - completely agentless scanning that works across Siemens deployments.
Free vulnerability database: Access detailed information about every Siemens CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Siemens CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
