Publication Date:
Last Update:
Current Version: V1.5
CVSS v3.1 Base Score: 9.1
CVSS v4.0 Base Score: 6.3
Un-/Collapse All
Affected Product and Versions Remediation

All versions
affected by all CVEs
CVE-2021-4090
CVE-2021-38202
CVE-2021-47002
CVE-2021-47107
CVE-2021-47316
CVE-2022-43945
CVE-2022-48827
CVE-2022-48828
CVE-2022-48829
CVE-2023-1652
CVE-2023-5678
CVE-2023-6121
CVE-2023-6817
CVE-2023-6931
CVE-2023-6932
CVE-2023-45898
CVE-2023-52447
CVE-2024-0584
CVE-2024-0727
CVE-2024-2511
CVE-2024-5535
CVE-2024-9143
CVE-2024-22099
CVE-2024-23848
CVE-2024-26629
CVE-2024-26651
CVE-2024-26659
CVE-2024-26787
CVE-2024-26816
CVE-2024-26820
CVE-2024-26851
CVE-2024-26852
CVE-2024-26855
CVE-2024-26859
CVE-2024-26861
CVE-2024-26863
CVE-2024-26870
CVE-2024-26872
CVE-2024-26875
CVE-2024-26877
CVE-2024-26878
CVE-2024-26880
CVE-2024-26882
CVE-2024-26883
CVE-2024-26884
CVE-2024-26889
CVE-2024-26891
CVE-2024-26894
CVE-2024-26895
CVE-2024-26897
CVE-2024-26898
CVE-2024-26901
CVE-2024-26903
CVE-2024-26906
CVE-2024-26907
CVE-2024-27024
CVE-2024-27025
CVE-2024-27038
CVE-2024-27047
CVE-2024-27052
CVE-2024-27053
CVE-2024-27065
CVE-2024-27076
CVE-2024-27077
CVE-2024-27078
CVE-2024-27419
CVE-2024-27431
CVE-2024-27436
CVE-2024-33621
CVE-2024-33847
CVE-2024-34027
CVE-2024-35828
CVE-2024-35845
CVE-2024-35902
CVE-2024-36270
CVE-2024-36286
CVE-2024-36288
CVE-2024-36484
CVE-2024-36489
CVE-2024-36894
CVE-2024-36902
CVE-2024-36904
CVE-2024-36905
CVE-2024-36916
CVE-2024-36929
CVE-2024-36939
CVE-2024-36940
CVE-2024-36959
CVE-2024-36974
CVE-2024-36978
CVE-2024-37356
CVE-2024-38381
CVE-2024-38547
CVE-2024-38552
CVE-2024-38558
CVE-2024-38559
CVE-2024-38560
CVE-2024-38565
CVE-2024-38567
CVE-2024-38578
CVE-2024-38579
CVE-2024-38589
CVE-2024-38596
CVE-2024-38598
CVE-2024-38599
CVE-2024-38612
CVE-2024-38615
CVE-2024-38619
CVE-2024-38635
CVE-2024-38659
CVE-2024-38662
CVE-2024-38780
CVE-2024-39468
CVE-2024-39482
CVE-2024-39489
CVE-2024-39502
CVE-2024-39503
CVE-2024-39509
CVE-2024-40905
CVE-2024-40912
CVE-2024-40934
CVE-2024-40941
CVE-2024-40942
CVE-2024-40945
CVE-2024-40958
CVE-2024-40959
CVE-2024-40960
CVE-2024-40961
CVE-2024-40971
CVE-2024-40978
CVE-2024-40980
CVE-2024-40984
CVE-2024-40993
CVE-2024-40995
CVE-2024-41000
CVE-2024-41004
CVE-2024-41005
CVE-2024-41006
CVE-2024-42070
CVE-2024-42082
CVE-2024-42090
CVE-2024-42093
CVE-2024-42094
CVE-2024-42096
CVE-2024-42097
CVE-2024-42272
CVE-2024-44987
CVE-2024-44989
CVE-2024-44990
CVE-2024-45016
CVE-2024-45018
CVE-2024-46679
CVE-2024-46743
CVE-2024-46744
CVE-2024-46745
CVE-2024-46750
CVE-2024-46759
CVE-2024-46783
CVE-2024-47660
CVE-2024-49977
CVE-2024-50121
CVE-2024-50299
CVE-2024-50301
CVE-2024-50302
CVE-2024-53101
Currently no fix is available
  • Only build and run applications from trusted sources

Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE CWE-121: Stack-based Buffer Overflow
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-131: Incorrect Calculation of Buffer Size
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE CWE-253: Incorrect Check of Function Return Value
CVSS v3.1 Base Score 6.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE CWE-606: Unchecked Input for Loop Condition
CVSS v3.1 Base Score 4.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 3.9
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 3.7
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS v3.1 Base Score 4.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS v4.0 Base Score 6.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 6.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-393: Return of Wrong Status Code
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CWE CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-908: Use of Uninitialized Resource
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE CWE-908: Use of Uninitialized Resource
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 9.1
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CWE CWE-1287: Improper Validation of Specified Type of Input
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 8.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE CWE-1287: Improper Validation of Specified Type of Input
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-1287: Improper Validation of Specified Type of Input
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-369: Divide By Zero
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE CWE-787: Out-of-bounds Write
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-237: Improper Handling of Structural Elements
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-391: Unchecked Error Condition
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-415: Double Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-668: Exposure of Resource to Wrong Sphere
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.6
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-667: Improper Locking
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-459: Incomplete Cleanup
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-667: Improper Locking
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-401: Missing Release of Memory after Effective Lifetime
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CWE CWE-404: Improper Resource Shutdown or Release
CVSS v3.1 Base Score 4.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS v3.1 Base Score 6.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 4.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 6.2
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE CWE-190: Integer Overflow or Wraparound
CVSS v3.1 Base Score 5.9
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 4.9
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS v3.1 Base Score 4.4
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CWE CWE-404: Improper Resource Shutdown or Release
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-401: Missing Release of Memory after Effective Lifetime
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-770: Allocation of Resources Without Limits or Throttling
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-833: Deadlock
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 4.7
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 7.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-456: Missing Initialization of a Variable
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-908: Use of Uninitialized Resource
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-400: Uncontrolled Resource Consumption
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-413: Improper Resource Locking
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-124: Buffer Underwrite ('Buffer Underflow')
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-229: Improper Handling of Values
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-413: Improper Resource Locking
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-20: Improper Input Validation
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-416: Use After Free
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-131: Incorrect Calculation of Buffer Size
CVSS v3.1 Base Score 7.1
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE CWE-125: Out-of-bounds Read
CVSS v3.1 Base Score 7.8
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE CWE-908: Use of Uninitialized Resource

For the following products, the impact of the vulnerability is different.


CVSS v3.1 Base Score 3.3
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS v4.0 Base Score 4.8
CVSS v4.0 Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE CWE-456: Missing Initialization of a Variable

https://www.siemens.com/cert/advisories
V1.0 (2024-04-09): Publication Date
V1.1 (2024-05-14): Added CVE-2024-2511
V1.2 (2024-07-09): Added CVE-2024-5535
V1.3 (2024-11-12): Added CVE-2024-9143
V1.4 (2025-03-11): Added CVE-2024-36484, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905, CVE-2024-36916, CVE-2024-36929, CVE-2024-36939, CVE-2024-36940, CVE-2024-36959, CVE-2024-44987, CVE-2024-44989, CVE-2024-44990, CVE-2024-45016, CVE-2024-45018, CVE-2024-46679, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46750, CVE-2024-46759, CVE-2024-46783, CVE-2024-47660, CVE-2024-50299, CVE-2024-50301, CVE-2024-53101
V1.5 (2025-04-08): Added CVE-2024-50302 (incl. product-specific impact description) and multiple other CVEs