NCSC-2025-0061]1.00]]M/H] Risico’s vastgesteld in Siemens-goederen

Kenmerken

• Missing Critical Step in Authentication
• Observable Discrepancy
• Improper Access Control
• Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
• Deserialization of Untrusted Data
• Improper Check for Unusual or Exceptional Conditions
• Improper Verification of Cryptographic Signature
• Incorrect Pointer Scaling
• Covert Timing Channel
• Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
• Unchecked Return Value
• Insufficient Session Expiration
• Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
• Inadequate Encryption Strength
• Integer Overflow or Wraparound
• Incorrect Provision of Specified Functionality
• Direct Request (‘Forced Browsing’)
• Allocation of Resources Without Limits or Throttling
• Uncontrolled Resource Consumption
• Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Request/Response Splitting’)
• Improper Validation of Integrity Check Value
• Improperly Controlled Sequential Memory Allocation
• Improper Resource Shutdown or Release
• Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
• Improper Restriction of Operations within the Bounds of a Memory Buffer
• Truncation of Security-relevant Information
• Use of Default Credentials
• Uncontrolled Search Path Element
• Missing Cryptographic Step
• Improper Input Validation
• Use After Free
• URL Redirection to Untrusted Site (‘Open Redirect’)
• Inefficient Regular Expression Complexity
• Use of Weak Hash
• Missing Release of Memory after Effective Lifetime
• Use of a Broken or Risky Cryptographic Algorithm
• Active Debug Code
• Improper Validation of Syntactic Correctness of Input
• Access of Resource Using Incompatible Type (‘Type Confusion’)
• Double Free
• Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
• Unchecked Input for Loop Condition
• Cleartext Storage of Sensitive Information
• Divide By Zero
• Heap-based Buffer Overflow
• NULL Pointer Dereference
• CWE-310
• Excessive Iteration
• Incorrect Permission Assignment for Critical Resource
• Incorrect Type Conversion or Cast
• Use of a Cryptographic Primitive with a Risky Implementation
• Improper Certificate Validation
• Out-of-bounds Write
• Permissive List of Allowed Inputs
• Interpretation Conflict
• Insertion of Sensitive Information Into Sent Data
• Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’)
• Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
• Exposure of Sensitive Information to an Unauthorized Actor
• Dependency on Vulnerable Third-Party Component
• Expected Behavior Violation
• Improper Null Termination
• Improper Restriction of Communication Channel to Intended Endpoints
• Improper Restriction of XML External Entity Reference
• Externally Controlled Reference to a Resource in Another Sphere
• Out-of-bounds Read
• Observable Timing Discrepancy