dieboldnixdorf CVE Vulnerabilities & Metrics

Focus on dieboldnixdorf vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About dieboldnixdorf Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with dieboldnixdorf. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total dieboldnixdorf CVEs: 6
Earliest CVE date: 21 Aug 2020, 21:15 UTC
Latest CVE date: 08 Aug 2024, 18:15 UTC

Latest CVE reference: CVE-2023-40261

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 50.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 50.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical dieboldnixdorf CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.35

Max CVSS: 2.1

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS dieboldnixdorf CVEs

These are the five CVEs with the highest CVSS scores for dieboldnixdorf, sorted by severity first and recency.

CVE-2020-9062 dieboldnixdorf Published on 21 Aug 2020, 21:15 UTC (CVSS: 2.1)
Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.
CVE-2023-40261 dieboldnixdorf Published on 08 Aug 2024, 18:15 UTC (CVSS: 0)
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2023-24063 dieboldnixdorf Published on 08 Aug 2024, 18:15 UTC (CVSS: 0)
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2023-24062 dieboldnixdorf Published on 08 Aug 2024, 18:15 UTC (CVSS: 0)
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
CVE-2020-19559 dieboldnixdorf Published on 11 Sep 2023, 19:15 UTC (CVSS: 0)
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.

All CVEs for dieboldnixdorf

CVE-2023-40261 dieboldnixdorf vulnerability CVSS: 0 08 Aug 2024, 18:15 UTC

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

CVE-2023-24063 dieboldnixdorf vulnerability CVSS: 0 08 Aug 2024, 18:15 UTC

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

CVE-2023-24062 dieboldnixdorf vulnerability CVSS: 0 08 Aug 2024, 18:15 UTC

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

CVE-2020-19559 dieboldnixdorf vulnerability CVSS: 0 11 Sep 2023, 19:15 UTC

An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.

CVE-2023-36344 dieboldnixdorf vulnerability CVSS: 0 08 Aug 2023, 20:15 UTC

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.

CVE-2020-9062 dieboldnixdorf vulnerability CVSS: 2.1 21 Aug 2020, 21:15 UTC

Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.