VDB

GCVE-110-NCSC-2025-61

GCVE-110-NCSC-2025-61
Advisory PublishedCVSS 3.7/10
Vulnetix · Advisory published February 14, 2025
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses (CWE)

CWE-201Insertion of Sensitive Information Into Sent DataCWE-770Allocation of Resources Without Limits or ThrottlingCWE-190Integer Overflow or WraparoundCWE-125Out-of-bounds ReadCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-20Improper Input ValidationCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')CWE-787Out-of-bounds WriteCWE-489Active Debug CodeCWE-312Cleartext Storage of Sensitive InformationCWE-427Uncontrolled Search Path ElementCWE-1392Use of Default CredentialsCWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')CWE-326Inadequate Encryption StrengthCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-732Incorrect Permission Assignment for Critical ResourceCWE-284Improper Access ControlCWE-404Improper Resource Shutdown or ReleaseCWE-1286Improper Validation of Syntactic Correctness of InputCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-416Use After FreeCWE-923Improper Restriction of Communication Channel to Intended EndpointsCWE-415Double FreeCWE-122Heap-based Buffer OverflowCWE-476NULL Pointer DereferenceCWE-610Externally Controlled Reference to a Resource in Another SphereCWE-704Incorrect Type Conversion or CastCWE-295Improper Certificate ValidationCWE-401Missing Release of Memory after Effective LifetimeCWE-400Uncontrolled Resource ConsumptionCWE-325Missing Cryptographic StepCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-328Use of Weak HashCWE-183Permissive List of Allowed InputsCWE-843Access of Resource Using Incompatible Type ('Type Confusion')CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-369Divide By ZeroCWE-203Observable DiscrepancyCWE-425Direct Request ('Forced Browsing')CWE-252Unchecked Return ValueCWE-502Deserialization of Untrusted DataCWE-222Truncation of Security-relevant InformationCWE-304Missing Critical Step in AuthenticationCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-606Unchecked Input for Loop ConditionCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-310-CWE-613Insufficient Session Expiration

Risk Scores

CVSS 3.1
3.7/10
Low · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C

Affected Products

VendorProductVersionsPlatforms
siemenssiprotec
siemensteamcenter
siemensscalance
siemensapogee_pxc_series__p2_ethernet_
siemens_simatic
siemenssimatic
siemens_simatic_s7
siemensopcenter_intelligence
siemenssimatic_s7
siemensruggedcom
siemensapogee_pxc_series__bacnet_

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›