VDB
GCVE-110-NCSC-2024-246
GCVE-110-NCSC-2024-246
Advisory PublishedCVSS 7.8/10
Siemens heeft kwetsbaarheden verholpen in diverse producten, zoals SCALANCE, SICAM, Tecnomatix, SITOP en PowerSys.
Weaknesses (CWE)
CWE-416Use After FreeCWE-20Improper Input ValidationCWE-1220Insufficient Granularity of Access ControlCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-787Out-of-bounds WriteCWE-400Uncontrolled Resource ConsumptionCWE-311Missing Encryption of Sensitive DataCWE-476NULL Pointer DereferenceCWE-404Improper Resource Shutdown or ReleaseCWE-401Missing Release of Memory after Effective LifetimeCWE-379Creation of Temporary File in Directory with Insecure PermissionsCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds ReadCWE-349Acceptance of Extraneous Untrusted Data With Trusted DataCWE-321Use of Hard-coded Cryptographic KeyCWE-328Use of Weak HashCWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')CWE-567Unsynchronized Access to Shared Data in a Multithreaded ContextCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-170Improper Null TerminationCWE-269Improper Privilege ManagementCWE-613Insufficient Session ExpirationCWE-352Cross-Site Request Forgery (CSRF)CWE-522Insufficiently Protected CredentialsCWE-749Exposed Dangerous Method or FunctionCWE-319Cleartext Transmission of Sensitive InformationCWE-614Sensitive Cookie in HTTPS Session Without 'Secure' AttributeCWE-330Use of Insufficiently Random ValuesCWE-704Incorrect Type Conversion or CastCWE-287Improper AuthenticationCWE-121Stack-based Buffer OverflowCWE-326Inadequate Encryption StrengthCWE-123Write-what-where ConditionCWE-415Double FreeCWE-681Incorrect Conversion between Numeric TypesCWE-190Integer Overflow or WraparoundCWE-667Improper LockingCWE-664Improper Control of a Resource Through its LifetimeCWE-833DeadlockCWE-295Improper Certificate ValidationCWE-754Improper Check for Unusual or Exceptional Conditions
Risk Scores
CVSS 3.1
7.8/10
High · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| siemens | tecnomatix_plant_simulation | — | — |
Aliases
CVE-2021-47178CVE-2022-1015CVE-2022-2097CVE-2022-3435CVE-2022-3545CVE-2022-3623CVE-2022-36323CVE-2022-3643CVE-2022-39189CVE-2022-40225CVE-2022-40303CVE-2022-40304CVE-2022-41742CVE-2022-42328CVE-2022-42329CVE-2022-4304CVE-2022-4450CVE-2022-44792CVE-2022-44793CVE-2022-45886CVE-2022-45887CVE-2022-45919CVE-2022-46144CVE-2023-0160CVE-2023-0215CVE-2023-0286CVE-2023-0464CVE-2023-0465CVE-2023-0466CVE-2023-1017CVE-2023-2124CVE-2023-21255CVE-2023-21808CVE-2023-2269CVE-2023-24895CVE-2023-24897CVE-2023-24936CVE-2023-26552CVE-2023-26553CVE-2023-26554CVE-2023-27321CVE-2023-28260CVE-2023-28319CVE-2023-28484CVE-2023-29331CVE-2023-29469CVE-2023-32032CVE-2023-33126CVE-2023-33127CVE-2023-33128CVE-2023-33135CVE-2023-33170CVE-2023-3446CVE-2023-35390CVE-2023-35391CVE-2023-35788CVE-2023-35823CVE-2023-35824CVE-2023-35828CVE-2023-35829CVE-2023-36038CVE-2023-36049CVE-2023-36435CVE-2023-36558CVE-2023-36792CVE-2023-36793CVE-2023-36794CVE-2023-36796CVE-2023-36799CVE-2023-3817CVE-2023-38171CVE-2023-38178CVE-2023-38180CVE-2023-38380CVE-2023-38533CVE-2023-39615CVE-2023-41910CVE-2023-44317CVE-2023-44318CVE-2023-44319CVE-2023-44373CVE-2023-44374CVE-2023-44487CVE-2023-49691CVE-2023-50763CVE-2023-52474CVE-2023-5678CVE-2024-0775CVE-2024-31484CVE-2024-33500CVE-2024-35206CVE-2024-35207CVE-2024-35208CVE-2024-35209CVE-2024-35210CVE-2024-35211CVE-2024-35212CVE-2024-35292CVE-2024-35303CVE-2024-36266
References
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.