Vendor Siemens


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.


The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (307): 7KM PAC Switched Ethernet PROFINET Expansion Module (1), 7KT PAC1200 Data Manager (1), 3568i WAP (1), APOGEE Insight (1), APOGEE PXC (2), Automation License Manager (9), CCID (1), CCIS (1), CCMD (1), CCMW (1), CCPW (1), CFIS (1), COMOS (4), COMPAS Mobile Application (1), CP1604 (1), CP1616 (1), Camstar Enterprise Platform (3), Climatix BACnet (1), Cp 1604 (1), DCA Vantage Analyzer (2), DIGSI 4 (2), DIGSI 5 (1), Desigo Insight (3), Desigo PX Web Module (1), EN100 Ethernet Module (6), EN100 Ethernet Module DNP3 (3), EN100 Ethernet Module IEC104 (3), EN100 Ethernet Module IEC 61850 (3), EN100 Ethernet Module Modbus TCP (3), EN100 Ethernet Module PROFINET IO (3), EN100 Module (1), Enterprise OpenScape Branch (4), Gigaset C450 Ip (1), Gigaset SE361 WLAN router (3), Gigaset Se461 Wimax Router (1), Gigaset WLAN Camera (1), HMI Mobile Panel (1), HMI Multi Panel (1), HiNet LP (1), HomeControl for Room Automation (1), IE-WSN-PA Link WirelessHART Gateway (1), IEC 61850 (1), IP (1), JT2Go (30), KTK ATE530S (1), L (3), LOGO! (2), LOGO!8 (2), LOGO!8 BM (4), LOGO! 8 BM (10), LOGO! Soft Comfort (4), License Management Utility (1), Mendix (1), Nucleus NET (1), Nucleus ReadyStart (1), OZW672 (3), OZW772 (4), OZW OZW672 (1), Opcenter Execution Core (4), Opcenter Execution Discrete (3), Opcenter Execution Foundation (3), Opcenter Execution Process (3), Opcenter Intelligence (3), Opcenter Quality (3), Opcenter RD (3), OpenPCS (1), OpenPCS 7 (1), PCS neo (1), PLM (1), Phone (3), Polarion (3), Polarion Subversion Webclient (2), ProcessSuite (1), Programmable Logic Controller (1), R3964 (1), RAPIDLab 1200 (2), RAPIDPoint 400 (2), RAPIDPoint 500 (2), RFID 181-EIP (1), ROX II (2), ROX I OS (1), RUGGEDCOM NMS (2), RUGGEDCOM RM1224 (2), RUGGEDCOM ROX I (5), Reliant Unix (2), RuggedCom ROS (3), RuggedCom WiMAX (1), Ruggedcom (3), Ruggedcom Rugged Operating System (4), SANTIS 50 (1), SCALANCE (2), SCALANCE M-800 (3), SCALANCE S602 (4), SCALANCE S612 (4), SCALANCE S615 (3), SCALANCE S623 (4), SCALANCE S627-2M (4), SCALANCE SC-600 (3), SCALANCE SC-600 Family (1), SCALANCE W740 (1), SCALANCE W780 (1), SCALANCE X-200 (7), SCALANCE X-200IRT (8), SCALANCE X-200RNA (2), SCALANCE X-300 (6), SCALANCE X-408 (2), SCALANCE X-414-3E (1), SCALANCE X-443-1 (1), SCALANCE X300WG (1), SCALANCE XB-200 (1), SCALANCE XC-200 (1), SCALANCE XF-200BA (1), SCALANCE XM400 (1), SCALANCE XP-200 (1), SCALANCE XR-300WG (1), SCALANCE XR500 (1), SCALANCE Xx200 Family (1), SIAMTIC RF185C (1), SICAM A8000 CP-802X (1), SICAM A8000 CP-8000 (2), SICAM A8000 CP-8021 (1), SICAM A8000 CP-8022 (1), SICAM A8000 CP-8050 (1), SICAM MIC (1), SICAM MMU (9), SICAM PAS (6), SICAM PAS-PQS (1), SICAM PQ Analyzer (1), SICAM RTUs SM-2556 COM Module (3), SICAM SCC (1), SICAM SGU (9), SICAM T (9), SICAM WEB firmware for SICAM A8000 RTU (1), SIDOOR ATD430W (1), SIDOOR ATE530S COATED (1), SIDOOR ATE531S (1), SIMARIS Configuration (1), SIMATIC (9), SIMATIC BATCH (1), SIMATIC CP 44x-1 RNA (1), SIMATIC CP 343-1 (3), SIMATIC CP343-1 Advanced (1), SIMATIC CP 443-1 (2), SIMATIC CP443-1 (1), SIMATIC CP443-1 Advanced (1), SIMATIC CP 443-1 Advanced (1), SIMATIC CP443-1 OPC (1), SIMATIC CP443-1 OPC UA (1), SIMATIC CP 1543-1 (2), SIMATIC ET (1), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (1), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (1), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (1), SIMATIC ET200MP IM155-5 PN HF (1), SIMATIC ET 200SP (1), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (1), SIMATIC ET 200SP Open Controller CPU 1515SP PC (3), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (4), SIMATIC HMI Basic Panel (3), SIMATIC HMI Comfort Outdoor Panel (6), SIMATIC HMI Comfort Panel (12), SIMATIC HMI KTP700F Mobile Arctic (1), SIMATIC HMI KTP Mobile Panel (7), SIMATIC HMI Mobile Panel (3), SIMATIC HMI United Comfort Panel (1), SIMATIC HMI panel (12), SIMATIC IPC DiagMonitor (1), SIMATIC IT LMS (1), SIMATIC IT Production Suite (1), SIMATIC IT UADM (1), SIMATIC IT UA Discrete Manufacturing (1), SIMATIC Ident MV420 (2), SIMATIC Ident MV440 (2), SIMATIC Logon (2), SIMATIC MV400 (2), SIMATIC NET PC-Software (3), SIMATIC NET PC Software (1), SIMATIC Notifier Server for Windows (3), SIMATIC PCS7 (11), SIMATIC PCS 7 (10), SIMATIC PCS neo (3), SIMATIC PDM (2), SIMATIC Prosave (1), SIMATIC RF-MANAGER 2008 (1), SIMATIC RF180C (1), SIMATIC RF182C (1), SIMATIC RF188C (1), SIMATIC RF600R (1), SIMATIC RTLS Locating Manager (3), SIMATIC S7 (1), SIMATIC S7 1200 Cpu (1), SIMATIC S7 Cpu-1211c (5), SIMATIC S7 Cpu 1200 (2), SIMATIC S7-200 SMART CPU (1), SIMATIC S7-300 (4), SIMATIC S7-300 CPU (4), SIMATIC S7-300 Cpu (1), SIMATIC S7-300 PN (2), SIMATIC S7-300 PN-DP CPU (1), SIMATIC S7-400 (6), SIMATIC S7-400 CPU (1), SIMATIC S7-400 Cpu 414-3 Pn (1), SIMATIC S7-400 Cpu 414f-3 Pn (1), SIMATIC S7-400 PN (2), SIMATIC S7-400 PN-DP V7 (2), SIMATIC S7-400 PN-DP V7 CPU (1), SIMATIC S7-400H (3), SIMATIC S7-400H V6 (2), SIMATIC S7-410 (2), SIMATIC S7-1200 (4), SIMATIC S7-1200 CPU (4), SIMATIC S7-1200 PLC (3), SIMATIC S7-1200 Plc (1), SIMATIC S7-1500 (4), SIMATIC S7-1500 CPU (8), SIMATIC S7-1500 Cpu (9), SIMATIC S7-1500 Software Controller (3), SIMATIC S7-1518-4 Pn (1), SIMATIC S7-PLCSIM (3), SIMATIC S7-PLCSIM Advanced (2), SIMATIC STEP 7 (9), SIMATIC Step 7 (5), SIMATIC TDC CP51M1 (1), SIMATIC Tiaportal (2), SIMATIC WinCC (18), SIMATIC WinCC Flexible (1), SIMATIC WinCC OA (1), SIMATIC WinCC OA Operator iOS App (1), SIMATIC WinCC Professional (1), SIMATIC WinCC Runtime Advanced (2), SIMATIC WinCC Runtime Professional (1), SIMATIC WinCC Sm@rtClient (6), SIMATIC Wincc Open Architecture (4), SIMATIC Wincc Runtime (2), SIMOCODE ES (3), SINAMICS (3), SINAMICS PERFECT HARMONY GH180 (3), SINAMICS STARTER (2), SINEC (1), SINEC NMS (1), SINEMA (1), SINEMA Remote Connect Server (8), SINEMA Server (6), SINUMERIK (1), SINUMERIK 828D (10), SINUMERIK 840D sl (12), SINUMERIK Integrate Operate Client (1), SIPLUS NET (1), SIPORT MP (2), SIPROTEC (3), SIPROTEC 4 (1), SIPROTEC 5 (3), SIPROTEC Compact (4), SM-2558 (1), SPC4000 (1), SPC5000 (1), SPC6000 (1), SPCanywhere (5), SPPA-T3000 Application Server (18), SPPA-T3000 MS3000 Migration Server (35), Scalance S (2), Scalance W788-1pro (2), Scalance X-200 (4), Scalance X-200 IRT (3), Scalance X-200irt (1), Scalance X-204RNA (1), Scalance X-300 (5), Scalance X-408 (3), Scalance X-414 (1), Scalance X204irt (3), Scalance XC-200 (1), Scalance XF-200 (1), Scalance XP-200 (1), SiNVR 3 Central Control Server (17), SiNVR 3 Video Server (17), SiPass integrated (5), Simatic RF192C (1), Sinamics S120 (1), Siveillance Video Client (1), Soft Starter ES (3), Solid Edge (6), Solid Edge SE2020 (4), Solid Edge SE2021 (4), Spectrum Power (4), Spectrum Power 3 (1), Spectrum Power 4 (1), Spectrum Power 5 (1), Spectrum Power 7 (1), SpeedStream 5200 (1), SpeedStream 6520 (1), Speedstream Wireless Router (2), Synco OZW Web Server (1), TALON TC BACnet (2), TD Keypad Designer (1), TIA Portal (1), TIM 1531 IRC (1), Teamcenter Visualization (30), Tecnomatix FactoryLink (2), ViewPort for Web Office Portal (1), WebTransactions (2), WinAC RTX (1), WinCC (19), Wincc Tia Portal (7), XHQ (7), XHQ Server (1), dp (2), dp Cpu (1)

Link to Vendor Website:

04/17/20215.55.5Siemens Mendix User Role privileges managementUnknownNot DefinedOfficial Fix0.91CVE-2021-27394
03/16/20216.66.6Siemens Solid Edge SE2020/Solid Edge SE2021 PAR File Parser out-of-bounds readUnknownNot DefinedNot Defined0.08CVE-2021-27381
03/16/20216.66.6Siemens Solid Edge SE2020/Solid Edge SE2021 PAR File Parser out-of-bounds writeUnknownNot DefinedNot Defined0.00CVE-2021-27380
03/16/20215.35.1Siemens SCALANCE SC-600 SSH Authentication excessive authenticationUnknownNot DefinedOfficial Fix0.00CVE-2021-25676
03/16/20214.54.5Siemens SIMATIC S7-PLCSIM divide by zeroSCADA SoftwareNot DefinedNot Defined0.07CVE-2021-25675
03/16/20214.54.5Siemens SIMATIC S7-PLCSIM null pointer dereferenceSCADA SoftwareNot DefinedNot Defined0.07CVE-2021-25674
03/16/20214.54.5Siemens SIMATIC S7-PLCSIM infinite loopSCADA SoftwareNot DefinedNot Defined0.08CVE-2021-25673
03/16/20217.57.2Siemens RUGGEDCOM RM1224 STP BPDU Frame stack-based overflowUnknownNot DefinedOfficial Fix0.07CVE-2021-25667
03/16/20215.95.7Siemens Solid Edge SE2020/Solid Edge SE2021 SEECTCXML File xml external entity referenceUnknownNot DefinedOfficial Fix0.07CVE-2020-28387
03/16/20216.66.4Siemens Solid Edge SE2020/Solid Edge SE2021 DFT File Parser out-of-bounds writeUnknownNot DefinedOfficial Fix0.08CVE-2020-28385
03/16/20216.46.1Siemens SIMATIC MV400 TCP Stack denial of serviceSCADA SoftwareNot DefinedOfficial Fix0.08CVE-2020-25241
03/16/20216.96.6Siemens SINEMA Remote Connect Server URL authorizationUnknownNot DefinedOfficial Fix0.07CVE-2020-25240
03/16/20217.57.2Siemens SINEMA Remote Connect Server UMC Authorization Server authorizationUnknownNot DefinedOfficial Fix0.07CVE-2020-25239
03/16/20214.54.5Siemens LOGO! 8 BM exceptional conditionUnknownNot DefinedNot Defined0.06CVE-2020-25236
03/11/20216.56.3Siemens SIMATIC MV400 ISN Generator initializationSCADA SoftwareNot DefinedOfficial Fix0.00CVE-2020-27632
02/10/20214.34.1Siemens SCALANCE W740/SCALANCE W780 ARP allocation of resourcesUnknownNot DefinedOfficial Fix0.04CVE-2021-25666
02/10/20214.54.3Siemens JT2Go/Teamcenter Visualization RAS File out-of-bounds readUnknownNot DefinedOfficial Fix0.00CVE-2020-28394
02/10/20217.06.7Siemens SIMARIS Configuration Folder default permissionUnknownNot DefinedNot Defined0.08CVE-2020-28392
02/10/20214.54.3Siemens Nucleus NET/Nucleus ReadyStart ISN predictable valueUnknownNot DefinedOfficial Fix0.08CVE-2020-28388
02/10/20215.35.1Siemens JT2Go/Teamcenter Visualization PLT File out-of-bounds readUnknownNot DefinedOfficial Fix0.00CVE-2020-27008
02/10/20215.35.1Siemens JT2Go/Teamcenter Visualization HPG File out-of-bounds readUnknownNot DefinedOfficial Fix0.00CVE-2020-27007
02/10/20216.66.4Siemens JT2Go/Teamcenter Visualization PCT File memory corruptionUnknownNot DefinedOfficial Fix0.06CVE-2020-27006
02/10/20216.66.4Siemens JT2Go/Teamcenter Visualization TGA File out-of-bounds writeUnknownNot DefinedOfficial Fix0.00CVE-2020-27005
02/10/20215.35.1Siemens JT2Go/Teamcenter Visualization CGM File out-of-bounds readUnknownNot DefinedOfficial Fix0.08CVE-2020-27004
02/10/20216.05.8Siemens JT2Go/Teamcenter Visualization TIFF File null pointer dereferenceUnknownNot DefinedOfficial Fix0.00CVE-2020-27003

Do you know our Splunk app?

Download it now for free!