Every CVE whose affected-product data names Siemens Sinema Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2019-10940 — CVSS 9.9 (critical): A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an…
CVE-2021-39275 — CVSS 9.8 (critical): ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these…
CVE-2014-2731 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute…
CVE-2023-35796 — CVSS 8.3 (high): A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP…
CVE-2020-25237 — CVSS 8.1 (high): A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2)…
CVE-2016-6486 — CVSS 7.8 (high): Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors.
CVE-2019-6575 — CVSS 7.5 (high): A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl…
CVE-2021-34798 — CVSS 7.5 (high): Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2022-25311 — CVSS 7.3 (high): A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All…
CVE-2020-7580 — CVSS 6.7 (medium): A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1…
CVE-2017-6865 — CVSS 6.5 (medium): A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0)…
CVE-2016-7165 — CVSS 6.4 (medium): A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0…
CVE-2021-3449 — CVSS 5.9 (medium): An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation…
CVE-2019-10941 — CVSS 5.3 (medium): A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires…
CVE-2014-2733 — CVSS 5.0 (medium): Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests…
CVE-2014-2732 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to…