VDB

GCVE-110-NCSC-2024-246

GCVE-110-NCSC-2024-246
Advisory PublishedCVSS 7.8/10
Vulnetix · Advisory published June 11, 2024
Siemens heeft kwetsbaarheden verholpen in diverse producten, zoals SCALANCE, SICAM, Tecnomatix, SITOP en PowerSys.

Weaknesses (CWE)

CWE-416Use After FreeCWE-20Improper Input ValidationCWE-1220Insufficient Granularity of Access ControlCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-787Out-of-bounds WriteCWE-400Uncontrolled Resource ConsumptionCWE-311Missing Encryption of Sensitive DataCWE-476NULL Pointer DereferenceCWE-404Improper Resource Shutdown or ReleaseCWE-401Missing Release of Memory after Effective LifetimeCWE-379Creation of Temporary File in Directory with Insecure PermissionsCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds ReadCWE-349Acceptance of Extraneous Untrusted Data With Trusted DataCWE-321Use of Hard-coded Cryptographic KeyCWE-328Use of Weak HashCWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')CWE-567Unsynchronized Access to Shared Data in a Multithreaded ContextCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-170Improper Null TerminationCWE-269Improper Privilege ManagementCWE-613Insufficient Session ExpirationCWE-352Cross-Site Request Forgery (CSRF)CWE-522Insufficiently Protected CredentialsCWE-749Exposed Dangerous Method or FunctionCWE-319Cleartext Transmission of Sensitive InformationCWE-614Sensitive Cookie in HTTPS Session Without 'Secure' AttributeCWE-330Use of Insufficiently Random ValuesCWE-704Incorrect Type Conversion or CastCWE-287Improper AuthenticationCWE-121Stack-based Buffer OverflowCWE-326Inadequate Encryption StrengthCWE-123Write-what-where ConditionCWE-415Double FreeCWE-681Incorrect Conversion between Numeric TypesCWE-190Integer Overflow or WraparoundCWE-667Improper LockingCWE-664Improper Control of a Resource Through its LifetimeCWE-833DeadlockCWE-295Improper Certificate ValidationCWE-754Improper Check for Unusual or Exceptional Conditions

Risk Scores

CVSS 3.1
7.8/10
High · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
siemenstecnomatix_plant_simulation

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›