Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-4833

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-14 Jun, 2018 | 16:00
Updated At-05 Aug, 2024 | 05:18
Rejected At-
Credits

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:14 Jun, 2018 | 16:00
Updated At:05 Aug, 2024 | 05:18
Rejected At:
â–¼CVE Numbering Authority (CNA)

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.

Affected Products
Vendor
Siemens AGSiemens
Product
RFID 181EIP
Versions
Affected
  • All versions
Vendor
Siemens AGSiemens
Product
RUGGEDCOM Win
Versions
Affected
  • V4.4, V4.5, V5.0, and V5.1
Vendor
Siemens AGSiemens
Product
SCALANCE X-200 switch family (incl. SIPLUS NET variants)
Versions
Affected
  • All versions < V5.2.3
Vendor
Siemens AGSiemens
Product
SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)
Versions
Affected
  • All versions < V5.4.1
Vendor
Siemens AGSiemens
Product
SCALANCE X-200RNA switch family
Versions
Affected
  • All versions < V3.2.6
Vendor
Siemens AGSiemens
Product
SCALANCE X-300 switch family (incl. SIPLUS NET variants)
Versions
Affected
  • All versions < V4.1.3
Vendor
Siemens AGSiemens
Product
SCALANCE X408
Versions
Affected
  • All versions < V4.1.3
Vendor
Siemens AGSiemens
Product
SCALANCE X414
Versions
Affected
  • All versions
Vendor
Siemens AGSiemens
Product
SIMATIC RF182C
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:14 Jun, 2018 | 16:29
Updated At:14 Dec, 2020 | 21:15

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.8MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Siemens AG
siemens
>>rfid_181-eip_firmware>>-
cpe:2.3:o:siemens:rfid_181-eip_firmware:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>rfid_181-eip>>-
cpe:2.3:h:siemens:rfid_181-eip:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_wimax>>-
cpe:2.3:h:siemens:ruggedcom_wimax:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_wimax_firmware>>4.4
cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.4:*:*:*:*:*:*:*
Siemens AG
siemens
>>ruggedcom_wimax_firmware>>4.5
cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.5:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x200_firmware>>Versions before 5.2.3(exclusive)
cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x200>>-
cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x200irt_firmware>>Versions before 5.4.1(exclusive)
cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x200irt>>-
cpe:2.3:h:siemens:scalance_x200irt:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x204rna_firmware>>-
cpe:2.3:o:siemens:scalance_x204rna_firmware:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x204rna>>-
cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x300_firmware>>-
cpe:2.3:o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x300>>-
cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x408_firmware>>-
cpe:2.3:o:siemens:scalance_x408_firmware:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x408>>-
cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x414_firmware>>-
cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_x414>>-
cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf182c_firmware>>-
cpe:2.3:o:siemens:simatic_rf182c_firmware:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_rf182c>>-
cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Primaryproductcert@siemens.com
CWE-20Secondarynvd@nist.gov
CWE ID: CWE-122
Type: Primary
Source: productcert@siemens.com
CWE ID: CWE-20
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdfproductcert@siemens.com
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
Source: productcert@siemens.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

271Records found
CVE-2021-25667
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.85% / 53.45%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 17:03
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xm400scalance_sc632-2cscalance_xc-200scalance_xp-200_firmwarescalance_sc622-2cscalance_sc642-2c_firmwareruggedcom_rm1224_firmwarescalance_s615_firmwarescalance_xc-200_firmwarescalance_xb-200scalance_m-800scalance_sc642-2cscalance_s615scalance_xf-200bascalance_xr500scalance_xr500_firmwareruggedcom_rm1224scalance_xm400_firmwarescalance_sc636-2c_firmwarescalance_sc636-2cscalance_xf-200ba_firmwarescalance_sc646-2c_firmwarescalance_xb-200_firmwarescalance_sc622-2c_firmwarescalance_sc646-2cscalance_m-800_firmwarescalance_x300wg_firmwarescalance_xp-200scalance_x300wgscalance_sc632-2c_firmwareSCALANCE XP-200SCALANCE XR500SCALANCE M-800SCALANCE XR-300WGSCALANCE S615SCALANCE XF-200BARUGGEDCOM RM1224SCALANCE XM400SCALANCE SC-600 FamilySCALANCE XB-200SCALANCE XC-200
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-12736
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-1.00% / 58.27%
||
7 Day CHG~0.00%
Published-26 Dec, 2017 | 04:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xr-500_firmwarescalance_xr300-wg_firmwareruggedcom_rosscalance_xp-200_firmwarescalance_xr-500scalance_xb-200scalance_xr300-wgscalance_xm-400ruggedcom_rsl910ruggedcomscalance_xc-200_firmwarescalance_xp-200scalance_xc-200scalance_xm-400_firmwarescalance_xb-200_firmwareRUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS900MNC-STND-XX-C01RUGGEDCOM RSG920P V4.XSCALANCE XB213-3 (ST, E/IP)RUGGEDCOM RS401NCSCALANCE XC208SCALANCE XR326-2C PoE WGRUGGEDCOM RSG2100PNC (32M) V4.XSCALANCE XC216-4C G EECRUGGEDCOM RS920LNCRUGGEDCOM RS910LRUGGEDCOM RS930WRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG2288NC V5.XSCALANCE XP208RUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600SCALANCE XP208GRUGGEDCOM i801NCRUGGEDCOM RS940GRUGGEDCOM RSG2100NC(32M) V4.XSCALANCE XP216EEC (V2)RUGGEDCOM i800NCRUGGEDCOM RS910RUGGEDCOM RSG908CSIPLUS NET SCALANCE XC208RUGGEDCOM RS8000NCRUGGEDCOM RS900NC(32M) V4.XSCALANCE XB205-3LD (SC, E/IP)SCALANCE XP216RUGGEDCOM RS920LSCALANCE XP208PoE EECRUGGEDCOM RMC8388 V4.XSCALANCE XB213-3LD (SC, PN)RUGGEDCOM RS8000HSCALANCE XF204-2BARUGGEDCOM RS900LNCRUGGEDCOM RS8000TRUGGEDCOM RS910NCSCALANCE XC216-4C G (EIP Def.)SCALANCE XF204 DNASCALANCE XR526-8C, 1x230VRUGGEDCOM RS900GSCALANCE XP216GSCALANCE XC206-2G PoE EEC (54 V DC)RUGGEDCOM RS900M-STND-XXRUGGEDCOM RS900WSCALANCE XC216RUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900MNC-STND-XXRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG910CSCALANCE XB206-2 (ST/BFOC)SCALANCE XC206-2 (ST/BFOC)SCALANCE XF204GRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS1600NCRUGGEDCOM RS969RUGGEDCOM RS900 (32M) V4.XSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)RUGGEDCOM RSG909RSCALANCE XP208EECSCALANCE XP216G PoE EECRUGGEDCOM RSG2100PRUGGEDCOM RS930LNCRUGGEDCOM RS416PSCALANCE XR524-8C, 24VSCALANCE XF204-2BA DNARUGGEDCOM RSG920P V5.XSCALANCE XC206-2 (SC)RUGGEDCOM RSG2200NCRUGGEDCOM RS8000HNCRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FSCALANCE XC208EECRUGGEDCOM RS416NCRUGGEDCOM RS930LRUGGEDCOM RSG907RSCALANCE XC208GSCALANCE XR524-8C, 2x230V (L3 int.)RUGGEDCOM RSG2300P V5.XSCALANCE XB216 (E/IP)SCALANCE XF204SCALANCE XR528-6MSCALANCE XP208G EECRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XSCALANCE XC206-2SFP GSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XB205-3 (ST, E/IP)SCALANCE XB206-2 SCSIPLUS NET SCALANCE XC216-4CSCALANCE XC208G PoERUGGEDCOM RS940GNCSCALANCE XC224-4C G (EIP Def.)RUGGEDCOM RS900GNCRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RS910LNCRUGGEDCOM RSG2288NC V4.XRUGGEDCOM RSG2488 V5.XSCALANCE XM408-8C (L3 int.)RUGGEDCOM RMC30SCALANCE XM408-8CSCALANCE XP208G PPSCALANCE XB213-3LD (SC, E/IP)SCALANCE XB205-3LD (SC, PN)SCALANCE XB205-3 (SC, PN)SCALANCE XP216POE EECRUGGEDCOM RS8000ANCRUGGEDCOM RMC8388NC V4.XRUGGEDCOM RS1600TSCALANCE XR552-12MRUGGEDCOM RS900G (32M) V5.XSCALANCE XP216 (V2)RUGGEDCOM RS400NCRUGGEDCOM RS900MNC-GETS-C01RUGGEDCOM RS900M-GETS-C01SCALANCE XP208 (Ethernet/IP)RUGGEDCOM RSG2488NC V4.XSCALANCE XB206-2 LDRUGGEDCOM RP110RUGGEDCOM i801SCALANCE XC208G (EIP def.)RUGGEDCOM RS416v2 V4.XSCALANCE XR528-6M (L3 int.)RUGGEDCOM RS416NCv2 V4.XSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE XR552-12M (2HR2, L3 int.)RUGGEDCOM RS8000TNCSCALANCE XB205-3 (ST, PN)SCALANCE XB208 (E/IP)RUGGEDCOM RSG2300P V4.XRUGGEDCOM RS416v2 V5.XSCALANCE XP216G EECRUGGEDCOM RS920WRUGGEDCOM M2200RUGGEDCOM RS900MNC-GETS-XXRUGGEDCOM RSG2300NC V5.XSCALANCE XP208G PoE EECRUGGEDCOM RS900GNC(32M) V4.XRUGGEDCOM RS900SCALANCE XR524-8C, 1x230VSCALANCE XC206-2G PoE (54 V DC)RUGGEDCOM RSG2100RUGGEDCOM M969NCRUGGEDCOM RS416PNCRUGGEDCOM RS1600FNCSCALANCE XB213-3 (ST, PN)RUGGEDCOM RS400RUGGEDCOM RS900NC(32M) V5.XSCALANCE XR526-8C, 24V (L3 int.)SIPLUS NET SCALANCE XC206-2RUGGEDCOM RS1600TNCRUGGEDCOM RS900G (32M) V4.XSCALANCE XC208G PoE (54 V DC)RUGGEDCOM M969RUGGEDCOM RS416PNCv2 V4.XSCALANCE XB206-2 STSIPLUS NET SCALANCE XC206-2SFPRUGGEDCOM M2200NCSCALANCE XC206-2G PoERUGGEDCOM RS8000ASCALANCE XB213-3 (SC, PN)RUGGEDCOM i803RUGGEDCOM RSG2100PNCSCALANCE XC216-3G PoE (54 V DC)RUGGEDCOM RSG920PNC V5.XSCALANCE XM416-4C (L3 int.)RUGGEDCOM RSG2100NCSCALANCE XR524-8C, 24V (L3 int.)SCALANCE XC224RUGGEDCOM RP110NCSCALANCE XR526-8C, 24VRUGGEDCOM RSG2200RUGGEDCOM RSG2488NC V5.XRUGGEDCOM RSL910NCRUGGEDCOM RS969NCRUGGEDCOM RS416SCALANCE XR528-6M (2HR2)SCALANCE XC206-2SFP EECSCALANCE XR552-12M (2HR2)RUGGEDCOM RST2228PRUGGEDCOM i800SCALANCE XM408-4CRUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RS416PNCv2 V5.XSCALANCE XC216-4C GSCALANCE XC216EECRUGGEDCOM RS416NCv2 V5.XSCALANCE XC216-3G PoESCALANCE XP216PoE EEC (V2)SCALANCE XR524-8C, 1x230V (L3 int.)RUGGEDCOM RSG2100 (32M) V4.XSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XB206-2LDSCALANCE XC224-4C G EECRUGGEDCOM RSL910SCALANCE XB208 (PN)SCALANCE XC206-2SFP G EECSCALANCE XP216 (Ethernet/IP)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE XR328-4C WG (28xGE, DC 24V)RUGGEDCOM RST916CRUGGEDCOM RS900GPRUGGEDCOM RS900GPNCSCALANCE XR324WG (24 x FE, AC 230V)RUGGEDCOM RSG2488 V4.XSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XR524-8C, 2x230VRUGGEDCOM i802SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)RUGGEDCOM RS900GNC(32M) V5.XSCALANCE XC216-4CSCALANCE XB216 (PN)SCALANCE XM416-4CSCALANCE XP216EECSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)RUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RSG2300NC V4.XRUGGEDCOM RSG920PNC V4.XSCALANCE XC224-4C GSCALANCE XR328-4C WG (28xGE, AC 230V)RUGGEDCOM i802NCRUGGEDCOM i803NCSCALANCE XB213-3 (SC, E/IP)RUGGEDCOM M2100SCALANCE XC208G EECRUGGEDCOM RSG2300PNC V4.XRUGGEDCOM RS900NCSCALANCE XR326-2C PoE WG (without UL)SCALANCE XM408-4C (L3 int.)RUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RMC30NCSCALANCE XR526-8C, 2x230VSCALANCE XB206-2 (SC)SCALANCE XC206-2SFPRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM M2100NCRUGGEDCOM RSG2100P (32M) V5.X
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CWE ID-CWE-665
Improper Initialization
CVE-2019-12257
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-84.18% / 99.66%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 17:49
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

Action-Not Available
Vendor-beldenwindrivern/aNetApp, Inc.Siemens AGSonicWall Inc.
Product-hirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018hirschmann_grs1042siprotec_5_firmwareruggedcom_win7000ruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwaree-series_santricity_os_controllervxworkshirschmann_msp40hirschmann_octopus_os3hirschmann_rsp30hirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_grs1020hirschmann_eesx30hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-4843
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 41.52%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 14:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_h_v6simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400_h_v6_firmwaresimatic_cp_343-1simatic_cp_443-1_firmwaresimatic_s7-400_pn\/dp_v7simatic_winac_rtx_2010_firmwaresimatic_s7-1500_firmwaresimatic_s7-400_pn\/dp_v6sinumerik_828d_firmwaresimatic_s7-1500simatic_cp_443-1sinumerik_828dsimatic_s7-300simatic_s7-400_pn\/dp_v6_firmwaresimatic_s7-410_firmwaresoftnet_pn-io_linux_firmwaresimatic_s7-410simatic_winac_rtx_2010softnet_pn-io_linuxsimatic_s7-300_firmwaresimatic_cp_343-1_firmwareSIMATIC CP 343-1 (incl. SIPLUS variants)SIMATIC WinAC RTX 2010SIMATIC ET 200S IM151-8 PN/DP CPUSIMATIC ET 200S IM151-8F PN/DP CPU SIMATIC S7-400 CPU 416F-3 PN/DP V7SIMATIC S7-410 CPU family (incl. SIPLUS variants)SIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC CP 443-1 AdvancedSINUMERIK 828DSIMATIC S7-300 CPU 315F-2 PN/DPSIPLUS NET CP 443-1 Advanced SIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-300 CPU 317TF-3 PN/DP SIMATIC S7-400 CPU 416-3 PN/DP V7SIMATIC S7-300 CPU 315-2 PN/DPSIMATIC CP 443-1SIPLUS S7-300 CPU 315-2 PN/DPSoftnet PROFINET IO for PC-based Windows systemsSIMATIC CP 343-1 Advanced (incl. SIPLUS variants)SIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 414F-3 PN/DP V7SIMATIC ET 200pro IM154-8F PN/DP CPUSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC S7-300 CPU 319-3 PN/DPSIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC WinAC RTX F 2010SIPLUS ET 200S IM151-8 PN/DP CPUSIPLUS NET CP 443-1SIMATIC S7-1500 Software ControllerSIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants)SIPLUS ET 200S IM151-8F PN/DP CPUSIPLUS S7-300 CPU 317-2 PN/DPSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC ET 200pro IM154-8 PN/DP CPUSIMATIC ET 200pro IM154-8FX PN/DP CPUSIMATIC S7-300 CPU 315T-3 PN/DPSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC S7-400 CPU 412-2 PN V7SIPLUS S7-300 CPU 314C-2 PN/DP
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5391
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-24.15% / 97.56%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.F5, Inc.Siemens AGLinux Kernel Organization, IncMicrosoft Corporation
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerenterprise_linux_server_euswindows_8.1big-ip_policy_enforcement_managerenterprise_linux_server_ausscalance_sc-600_firmwaresimatic_rf188_firmwareruggedcom_rm1224_firmwarebig-ip_local_traffic_managersimatic_net_cp_1243-7_lte_uswindows_10simatic_net_cp_1243-7_lte_us_firmwarescalance_w700_ieee_802.11a\/b\/g\/nsinema_remote_connect_serverenterprise_linux_workstationsimatic_net_cp_1243-1simatic_net_cp_1243-7_lte_eu_firmwaresimatic_rf185c_firmwarescalance_s615_firmwaresimatic_net_cp_1543sp-1enterprise_linux_desktopsimatic_net_cp_1543-1scalance_m-800_firmwaresimatic_net_cp_1242-7_firmwaresimatic_net_cp_1542sp-1_firmwarebig-ip_domain_name_systemsimatic_net_cp_1543sp-1_firmwarescalance_w1700_ieee_802.11ac_firmwareruggedcom_rox_iisimatic_net_cp_1542sp-1big-ip_edge_gatewaydebian_linuxlinux_kernelsimatic_net_cp_1543-1_firmwarescalance_sc-600simatic_net_cp_1242-7simatic_net_cp_1243-1_firmwarewindows_server_2008simatic_net_cp_1542sp-1_irc_firmwareenterprise_linux_serverwindows_server_2016windows_server_2012simatic_rf188big-ip_fraud_protection_serviceruggedcom_rox_ii_firmwarescalance_w700_ieee_802.11a\/b\/g\/n_firmwaresimatic_rf186c_firmwaresimatic_net_cp_1542sp-1_ircbig-ip_application_security_managerruggedcom_rm1224simatic_rf185cscalance_s615simatic_rf186cisimatic_net_cp_1243-8_ircbig-ip_access_policy_managersimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwaresimatic_rf188ci_firmwaresinema_remote_connect_server_firmwarewindows_rt_8.1big-ip_global_traffic_managerbig-ip_analyticssimatic_rf186cbig-ip_link_controllerscalance_w1700_ieee_802.11acwindows_7scalance_m-800enterprise_linux_server_tusbig-ip_advanced_firewall_managersimatic_rf188cisimatic_net_cp_1243-7_lte_euKernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4832
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.47% / 82.41%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serveropenpcs_7simatic_winccsimatic_pcs_7simatic_route_controlsimatic_net_pc_softwaresimatic_net_pcsimatic_wincc_runtime_professionalsimatic_batchSIMATIC NET PC Software V14SIMATIC BATCH V7.1 and earlierSIMATIC NET PC Software V15SIMATIC BATCH V8.1SIMATIC WinCC V7.3SIMATIC PCS 7 V9.0SIMATIC Route Control V8.0OpenPCS 7 V9.0OpenPCS 7 V8.2SIMATIC WinCC V7.4OpenPCS 7 V8.1SIMATIC BATCH V8.2SIMATIC WinCC Runtime Professional V14SPPA-T3000 Application ServerSIMATIC WinCC V7.2 and earlierSIMATIC Route Control V8.2SIMATIC WinCC Runtime Professional V13SIMATIC PCS 7 V8.0SIMATIC PCS 7 V7.1 and earlierSIMATIC PCS 7 V8.2SIMATIC Route Control V8.1OpenPCS 7 V7.1 and earlierSIMATIC Route Control V9.0SIMATIC BATCH V9.0SIMATIC PCS 7 V8.1OpenPCS 7 V8.0SIMATIC Route Control V7.1 and earlierSIMATIC BATCH V8.0
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4850
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.54% / 82.95%
||
7 Day CHG~0.00%
Published-16 May, 2018 | 17:00
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400hsimatic_s7-400h_firmwaresimatic_s7-400simatic_s7-400_firmwareSIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below, SIMATIC S7-400 (incl. F) CPU hardware version 5.0, SIMATIC S7-400H CPU hardware version 4.5 and below
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4851
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-1.46% / 70.07%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed.

Action-Not Available
Vendor-Siemens AG
Product-siclock_tc400siclock_tc400_firmwaresiclock_tc100_firmwaresiclock_tc100SICLOCK TC100, SICLOCK TC400
CWE ID-CWE-399
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2024-49775
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-9.3||CRITICAL
EPSS-1.52% / 71.33%
||
7 Day CHG+0.02%
Published-16 Dec, 2024 | 15:06
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.

Action-Not Available
Vendor-Siemens AG
Product-Opcenter IntelligenceSIMATIC PCS neo V4.0SIMATIC PCS neo V5.0SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V19Totally Integrated Automation Portal (TIA Portal) V16Opcenter Execution FoundationSIMATIC PCS neo V4.1Opcenter QualityTotally Integrated Automation Portal (TIA Portal) V17Opcenter RDnL
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-23796
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.31% / 22.86%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-27 Aug, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTecnomatix Plant Simulation V2201Tecnomatix Plant Simulation V2302
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34329
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-2.13% / 79.59%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13427)

Action-Not Available
Vendor-Siemens AG
Product-jt2gosolid_edgeteamcenter_visualizationJT2GoSolid Edge SE2021Teamcenter Visualization
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34319
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-1.57% / 72.25%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13404)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16559
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.99% / 78.02%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:38
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_firmwaresimatic_s7-1500SIMATIC S7-1500 CPU
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14023
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.9||MEDIUM
EPSS-3.67% / 88.23%
||
7 Day CHG~0.00%
Published-06 Nov, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_winccsimatic_pcs7Siemens SIMATIC PCS 7
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16556
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.54% / 71.76%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400_firmwaresimatic_s7-400h_v6simatic_s7-400simatic_s7-400_pn\/dp_v7simatic_s7-410_firmwaresimatic_s7-400h_firmwaresimatic_s7-410simatic_s7-400h_v6_firmwaresimatic_s7-400h SIMATIC S7-400 CPU 412-2 DP V7 SIMATIC S7-400 CPU 414F-3 PN/DP V7 SIMATIC S7-400 CPU 416-3 DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7 SIMATIC S7-400 CPU 416F-3 PN/DP V7 SIMATIC S7-400 CPU 416F-2 DP V7 SIMATIC S7-400 CPU 414-2 DP V7SIPLUS S7-400 CPU 416-3 V7SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SIMATIC S7-410 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 417-4 DP V7SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-2 DP V7 SIMATIC S7-400 CPU 414-3 PN/DP V7 SIMATIC S7-400 CPU 414-3 DP V7SIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-400 CPU 417-4 V7 SIMATIC S7-400 CPU 412-1 DP V7SIMATIC S7-400 CPU 412-2 PN V7
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25668
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-1.57% / 72.15%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x212-2ldscalance_x201-3p_irtscalance_xf204_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x204_irtscalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x212-2scalance_x202-2_irtscalance_x204-2ts_firmwarescalance_x208proscalance_xf204_firmwarescalance_x216_firmwarescalance_xf204-2ba_irtscalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf202-2p_irt_firmwarescalance_xf208_firmwarescalance_x208_firmwarescalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204_irt_pro_firmwarescalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_x202-2_irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_xf204scalance_x206-1ldscalance_x208pro_firmwarescalance_x224_firmwarescalance_xf204_irt_firmwareSCALANCE XF208SCALANCE X206-1LDSCALANCE X202-2P IRT PROSCALANCE XF204-2BA IRTSCALANCE X201-3P IRTSCALANCE X204-2FMSCALANCE X212-2 (incl. SIPLUS NET variant)SCALANCE X204-2TSSCALANCE X204-2LD TSSCALANCE X206-1SCALANCE XF204SCALANCE XF204-2 (incl. SIPLUS NET variant)SCALANCE X204-2 (incl. SIPLUS NET variant)SCALANCE X204 IRT PROSCALANCE X224SCALANCE X204-2LD (incl. SIPLUS NET variant)SCALANCE X208PROSCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE X200-4P IRTSCALANCE XF206-1SCALANCE XF201-3P IRTSCALANCE XF204 IRTSCALANCE XF202-2P IRTSCALANCE X208 (incl. SIPLUS NET variant)SCALANCE X202-2P IRT (incl. SIPLUS NET variant)SCALANCE X202-2 IRTSCALANCE X204 IRT
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-16558
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.99% / 78.02%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:38
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_firmwaresimatic_s7-1500SIMATIC S7-1500 CPU
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43439
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-9.9||CRITICAL
EPSS-1.49% / 70.71%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions < V2.50), SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA30-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA01-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA02-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA11-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA12-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA31-2AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-0AA0) (All versions < V3.10), SICAM P850 (7KG8501-0AA32-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA00-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA10-2AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-0AA0) (All versions < V3.10), SICAM P855 (7KG8550-0AA30-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA01-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA02-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA11-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA12-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA31-2AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-0AA0) (All versions < V3.10), SICAM P855 (7KG8551-0AA32-2AA0) (All versions < V3.10), SICAM T (All versions < V3.0). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-7kg9501-0aa31-2aa17kg9501-0aa31-2aa1_firmware7kg9501-0aa01-2aa1_firmware7kg9501-0aa01-2aa1SICAM P850SICAM TSICAM P855POWER METER SICAM Q100
CWE ID-CWE-20
Improper Input Validation
CVE-2026-23719
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.13% / 2.97%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 09:58
Updated-11 Feb, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-simcenter_nastransimcenter_femapSimcenter NastranSimcenter Femap
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-43545
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-9.9||CRITICAL
EPSS-1.35% / 68.01%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-7kg9501-0aa01-2aa1_firmware7kg9501-0aa01-2aa17kg9501-0aa31-2aa17kg9501-0aa31-2aa1_firmwareSICAM P850POWER METER SICAM Q100SICAM P855
CWE ID-CWE-20
Improper Input Validation
CVE-2018-13798
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.99% / 78.02%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 18:48
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.

Action-Not Available
Vendor-Siemens AG
Product-sicam_a8000_cp-8050sicam_a8000_cp-8050_firmwaresicam_a8000_cp-8000sicam_a8000_cp-802x_firmwaresicam_a8000_cp-802xsicam_a8000_cp-8000_firmwareSICAM A8000 CP-802XSICAM A8000 CP-8000, SICAM A8000 CP-802X, SICAM A8000 CP-8050SICAM A8000 CP-8050
CWE ID-CWE-20
Improper Input Validation
CVE-2018-11457
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.1||HIGH
EPSS-4.59% / 90.43%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_840d_sl_v4.7sinumerik_828d_v4.7_firmwaresinumerik_840d_sl_v4.7_firmwaresinumerik_840d_sl_v4.8_firmwaresinumerik_828d_v4.7sinumerik_840d_sl_v4.8SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-40227
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.77% / 50.79%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V17 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V17 Update 4), SIMATIC HMI KTP1200 Basic (All versions < V17 Update 5), SIMATIC HMI KTP400 Basic (All versions < V17 Update 5), SIMATIC HMI KTP700 Basic (All versions < V17 Update 5), SIMATIC HMI KTP900 Basic (All versions < V17 Update 5), SIPLUS HMI KTP1200 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP400 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP700 BASIC (All versions < V17 Update 5), SIPLUS HMI KTP900 BASIC (All versions < V17 Update 5). Affected devices do not properly validate input sent to certain services over TCP. This could allow an unauthenticated remote attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panelssiplus_hmi_ktp1200_basic_firmwaresiplus_hmi_ktp400_basicsimatic_hmi_comfort_panels_firmwaresimatic_hmi_ktp1200_basic_firmwaresimatic_hmi_comfort_panelssiplus_hmi_ktp700_basicsimatic_hmi_ktp_mobile_panels_firmwaresimatic_hmi_ktp900_basic_firmwaresiplus_hmi_ktp700_basic_firmwaresimatic_hmi_ktp400_basic_firmwaresiplus_hmi_ktp1200_basicsimatic_hmi_ktp700_basicsiplus_hmi_ktp400_basic_firmwaresimatic_hmi_ktp900_basicsimatic_hmi_ktp1200_basicsimatic_hmi_ktp400_basicsiplus_hmi_ktp900_basicsiplus_hmi_ktp900_basic_firmwaresimatic_hmi_ktp700_basic_firmwareSIPLUS HMI KTP1200 BASICSIMATIC HMI Comfort Panels (incl. SIPLUS variants)SIPLUS HMI KTP400 BASICSIMATIC HMI KTP900 BasicSIPLUS HMI KTP900 BASICSIMATIC HMI KTP1200 BasicSIMATIC HMI KTP700 BasicSIPLUS HMI KTP700 BASICSIMATIC HMI KTP Mobile PanelsSIMATIC HMI KTP400 Basic
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5874
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.53% / 87.73%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_net_pc-softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-32253
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-4.9||MEDIUM
EPSS-0.57% / 42.55%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:22
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-20
Improper Input Validation
CVE-2022-3160
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.44% / 34.72%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 00:16
Updated-07 Nov, 2023 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-SiemensSiemens AG
Product-jt2goteamcenter_visualizationTeamcenter Visualization V14.1JT2GoTeamcenter Visualization V13.3Teamcenter Visualization V14.0
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6867
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-4.9||MEDIUM
EPSS-1.92% / 77.28%
||
7 Day CHG~0.00%
Published-11 May, 2017 | 10:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_winccsimatic_wincc_\(tia_portal\)simatic_wincc_runtimeSiemens SIMATIC WinCC
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-31808
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.45%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 10:36
Updated-20 Mar, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), SiPass integrated ACC-AP (All versions < V2.85.43). Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-sipass_integrated_acc-apsipass_integrated_acc-ap_firmwaresipass_integrated_ac5102_\(acc-g2\)_firmwaresipass_integrated_ac5102_\(acc-g2\)SiPass integrated AC5102 (ACC-G2)SiPass integrated ACC-AP
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6865
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 36.94%
||
7 Day CHG~0.00%
Published-11 May, 2017 | 10:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover.

Action-Not Available
Vendor-Siemens AG
Product-simatic_winccsinaut_st7ccsinema_serverprimary_setup_toolsimatic_wincc_\(tia_portal\)simatic_step_7_\(tia_portal\)simatic_step_7_micro\/win_smartsmart_pc_accesspcs_7security_configuration_toolsimatic_net_pc-softwaresimatic_winac_rtx_2010simatic_winac_rtx_f_2010simatic_wincc_flexible_2008simatic_automation_toolsinumerik_808d_programming_toolSIMATIC WinAC RTX F 2010 SP2Security Configuration Tool (SCT)SIMATIC STEP 7 (TIA Portal) V13SIMATIC WinCC (TIA Portal) V14SIMATIC Automation ToolSIMATIC WinCC (TIA Portal) V13SIMATIC WinCC V7.2 and priorSIMATIC NET PC-SoftwareSIMATIC WinCC V7.3SIMATIC WinCC flexible 2008STEP 7 - Micro/WIN SMARTSIMATIC WinCC V7.4Primary Setup Tool (PST)SMART PC AccessSIMATIC PCS 7 V8.1SIMATIC STEP 7 V5.XSINEMA ServerSINUMERIK 808D Programming ToolSINAUT ST7CCSIMATIC WinAC RTX 2010 SP2SIMATIC PCS 7 V8.2SIMATIC STEP 7 (TIA Portal) V14
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29872
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-1.34% / 67.67%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:47
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-7kg8551-0aa12-0aa0_firmware7kg8550-0aa10-2aa07kg8501-0aa31-2aa07kg8500-0aa30-2aa07kg8551-0aa32-2aa07kg8551-0aa01-0aa0_firmware7kg8551-0aa12-2aa0_firmware7kg8550-0aa30-2aa07kg8501-0aa32-0aa07kg8551-0aa02-0aa07kg8501-0aa31-0aa07kg8501-0aa12-0aa0_firmware7kg8500-0aa30-0aa0_firmware7kg8501-0aa01-2aa0_firmware7kg8551-0aa12-0aa07kg8501-0aa02-0aa0_firmware7kg8551-0aa31-2aa0_firmware7kg8551-0aa32-0aa07kg8551-0aa02-2aa0_firmware7kg8501-0aa11-0aa07kg8551-0aa01-2aa07kg8500-0aa00-2aa07kg8551-0aa31-0aa0_firmware7kg8501-0aa01-0aa0_firmware7kg8551-0aa11-2aa0_firmware7kg8500-0aa30-0aa07kg8501-0aa11-0aa0_firmware7kg8500-0aa10-0aa07kg8550-0aa00-0aa07kg8500-0aa00-2aa0_firmware7kg8501-0aa32-2aa07kg8500-0aa00-0aa0_firmware7kg8501-0aa31-2aa0_firmware7kg8550-0aa30-2aa0_firmware7kg8551-0aa02-0aa0_firmware7kg8550-0aa00-2aa0_firmware7kg8501-0aa12-2aa07kg8551-0aa11-0aa07kg8501-0aa12-2aa0_firmware7kg8550-0aa30-0aa07kg8501-0aa11-2aa0_firmware7kg8501-0aa02-0aa07kg8551-0aa31-2aa07kg8551-0aa31-0aa07kg8500-0aa10-0aa0_firmware7kg8551-0aa12-2aa07kg8551-0aa11-2aa07kg8501-0aa11-2aa07kg8501-0aa32-2aa0_firmware7kg8500-0aa00-0aa07kg8551-0aa01-2aa0_firmware7kg8551-0aa32-2aa0_firmware7kg8550-0aa00-2aa07kg8550-0aa30-0aa0_firmware7kg8500-0aa30-2aa0_firmware7kg8551-0aa01-0aa07kg8550-0aa10-0aa07kg8500-0aa10-2aa07kg8501-0aa12-0aa07kg8550-0aa00-0aa0_firmware7kg8500-0aa10-2aa0_firmware7kg8501-0aa02-2aa07kg8551-0aa11-0aa0_firmware7kg8550-0aa10-0aa0_firmware7kg8551-0aa02-2aa07kg8551-0aa32-0aa0_firmware7kg8501-0aa01-2aa07kg8501-0aa02-2aa0_firmware7kg8501-0aa32-0aa0_firmware7kg8501-0aa31-0aa0_firmware7kg8501-0aa01-0aa07kg8550-0aa10-2aa0_firmwareSICAM T
CWE ID-CWE-141
Improper Neutralization of Parameter/Argument Delimiters
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29562
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-3.7||LOW
EPSS-0.56% / 42.39%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-12 Nov, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_mx5000reruggedcom_rox_rx1511ruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1512ruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524_firmwareruggedcom_rox_rx5000ruggedcom_rox_rx1501ruggedcom_rox_rx1536ruggedcom_rox_mx5000ruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1524ruggedcom_rox_rx1500_firmwareruggedcom_rox_mx5000re_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx5000_firmwareRUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1501RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX5000RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1512
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0264
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.2||HIGH
EPSS-0.41% / 32.39%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 17:40
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

Action-Not Available
Vendor-Palo Alto Networks, Inc.Siemens AG
Product-PAN-OSPrisma AccessCloud NGFWRUGGEDCOM APE1808
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-41976
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.77% / 50.74%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 07:54
Updated-23 Aug, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly validate input in specific VPN configuration fields. This could allow an authenticated remote attacker to execute arbitrary code on the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_mum856-1_\(eu\)ruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_mum856-1_\(b1\)_firmwarescalance_m874-2_firmwarescalance_m874-3scalance_m876-4_\(eu\)ruggedcom_rm1224_lte\(4g\)_euscalance_mum856-1_\(b1\)scalance_m812-1_\(annex_a\)scalance_m812-1_\(annex_b\)scalance_m876-4_\(nam\)scalance_m804pb_firmwarescalance_s615_lan-routerscalance_m874-3_firmwarescalance_m876-3_firmwarescalance_mum853-1_\(b1\)scalance_mum853-1_\(eu\)scalance_s615_eec_lan-routerscalance_s615_lan-router_firmwareruggedcom_rm1224_lte\(4g\)_namscalance_m876-3_\(rok\)_firmwarescalance_m874-3_3g-router_\(cn\)_firmwarescalance_mum853-1_\(b1\)_firmwarescalance_mum856-1_\(cn\)scalance_mum856-1_\(a1\)_firmwarescalance_mum856-1_\(a1\)scalance_mum856-1_\(row\)scalance_m876-3_\(rok\)scalance_mum856-1_\(eu\)_firmwarescalance_mum856-1_\(cn\)_firmwarescalance_m876-3scalance_m876-4_\(eu\)_firmwarescalance_m816-1_\(annex_b\)scalance_m876-4scalance_m876-4_firmwarescalance_mum853-1_\(a1\)_firmwarescalance_s615_eec_lan-router_firmwarescalance_m812-1_\(annex_a\)_firmwarescalance_m874-2scalance_mum856-1_\(row\)_firmwarescalance_m876-4_\(nam\)_firmwarescalance_m804pbscalance_m874-3_3g-router_\(cn\)scalance_m816-1_\(annex_b\)_firmwarescalance_m812-1_\(annex_b\)_firmwarescalance_m816-1_\(annex_a\)_firmwarescalance_mum853-1_\(eu\)_firmwarescalance_m826-2_shdsl-router_firmwarescalance_mum853-1_\(a1\)ruggedcom_rm1224_lte\(4g\)_eu_firmwarescalance_m816-1_\(annex_a\)scalance_m826-2_shdsl-routerSCALANCE M874-3 3G-Router (CN)SCALANCE M874-3SCALANCE M816-1 ADSL-Router familySCALANCE MUM856-1 (B1)SCALANCE M876-3 (ROK)SCALANCE MUM856-1 (A1)SCALANCE M804PBSCALANCE MUM856-1 (EU)SCALANCE MUM853-1 (B1)SCALANCE MUM853-1 (EU)SCALANCE S615 EEC LAN-RouterSCALANCE M874-2SCALANCE M876-4RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE M876-3SCALANCE M826-2 SHDSL-RouterSCALANCE MUM856-1 (CN)SCALANCE MUM856-1 (RoW)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE M812-1 ADSL-Router familySCALANCE M876-4 (EU)SCALANCE MUM853-1 (A1)SCALANCE M876-4 (NAM)SCALANCE S615 LAN-Routerscalance_m812-1_adsl-routerscalance_mum856-1_\(eu\)scalance_m876-3scalance_m816-1_adsl-routerscalance_m876-4scalance_m874-3scalance_mum856-1_\(b1\)scalance_m876-4_\(eu\)ruggedcom_rm1224_lte\(4g\)_euscalance_m876-4_\(nam\)scalance_s615_lan-routerscalance_m874-2scalance_m804pbscalance_m874-3_3g-router_\(cn\)scalance_mum853-1_\(b1\)scalance_mum853-1_\(eu\)scalance_s615_eec_lan-routerscalance_mum853-1_\(a1\)ruggedcom_rm1224_lte\(4g\)_namscalance_mum856-1_\(cn\)scalance_mum856-1_\(row\)scalance_mum856-1_\(a1\)scalance_m826-2_shdsl-routerscalance_m876-3_\(rok\)
CWE ID-CWE-20
Improper Input Validation
CVE-2024-41981
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.22% / 12.45%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 08:40
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Simcenter Femap V2401Simcenter Femap V2406Simcenter Femap V2306simcenter_nastran
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-11495
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.21% / 11.69%
||
7 Day CHG~0.00%
Published-08 Oct, 2025 | 20:02
Updated-12 May, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

Action-Not Available
Vendor-Siemens AGGNU
Product-binutilsBinutilsSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-38879
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.77% / 50.74%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 10:36
Updated-03 Nov, 2025 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.

Action-Not Available
Vendor-Siemens AG
Product-omnivise_t3000_application_serverOmnivise T3000 R8.2 SP4Omnivise T3000 R8.2 SP3Omnivise T3000 Application Server R9.2omnivise_t3000_application_serveromnivise_t3000
CWE ID-CWE-20
Improper Input Validation
CVE-2022-2347
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-7.7||HIGH
EPSS-0.58% / 43.15%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 12:50
Updated-12 May, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unchecked Download size in Uboot

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.

Action-Not Available
Vendor-denxUbootSiemens AG
Product-u-bootUbootRUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2069
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.62%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 00:00
Updated-16 Apr, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Datalogics APDFL library Heap-based Buffer Overflow

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization V13.3Teamcenter Visualization V14.0
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-35212
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.34% / 26.21%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 11:15
Updated-11 Feb, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries.

Action-Not Available
Vendor-Siemens AG
Product-sinec_traffic_analyzerSINEC Traffic Analyzersinec_traffic_analyzer
CWE ID-CWE-20
Improper Input Validation
CVE-2024-33489
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.24% / 14.71%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edgesolid_edge
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-3447
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-6||MEDIUM
EPSS-0.55% / 41.74%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 12:10
Updated-12 May, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

Action-Not Available
Vendor-Red Hat, Inc.QEMUSiemens AGNetApp, Inc.
Product-hci_compute_nodeqemuRed Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1511
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-7545
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.25% / 16.56%
||
7 Day CHG~0.00%
Published-13 Jul, 2025 | 21:44
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GNU Binutils objcopy.c copy_section heap-based overflow

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-Siemens AGGNU
Product-binutilsBinutilsSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 TM MFP - GNU/Linux subsystemSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-34771
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.30% / 21.41%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:03
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Action-Not Available
Vendor-Siemens AG
Product-Solid Edgesolid_edge
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-44694
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.62% / 44.88%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507ssimatic_s7-1200_cpu_12_1214fcsimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pc_firmwaresimatic_s7-1200_cpu_12_1214c_firmwaresimatic_s7-1200_cpu_12_1211csimatic_s7-1500_cpu_1508s_f_firmwaresimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1512spf-1simatic_s7-1500_cpu_1513-1simatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresimatic_s7-1200_cpu_12_1215csimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1500_cpu_1518-4_pn_firmwaresiplus_tim_1531_irc_firmwaresimatic_s7-1500_cpu_1518-4_dp_firmwaresimatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1508s_fsimatic_s7-1500_cpu_15prof-2_firmwaresimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517-3_pn_firmwaresimatic_s7-1500_cpu_1517-3_dpsimatic_s7-1200_cpu_12_1214csimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1214csiplus_tim_1531_ircsimatic_s7-1500_cpu_15prof-2simatic_s7-1500_cpu_1516tf-3simatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_151511f-1_firmwaresimatic_s7-1500_cpu_1507s_f_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1511t-1simatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaretim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1508s_firmwaresimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1200_cpu_12_1212fcsimatic_s7-1500_cpu_151511c-1simatic_s7-1500_cpu_1518tf-4_firmwaresiplus_s7-1200_cp_1243-1simatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1507s_fsimatic_s7-1500_cpu_1518simatic_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pcsimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_et_200sp_cp_1543sp-1_isec_firmwaresimatic_s7-1500_cpu_1518_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1214_fc_firmwaresiplus_s7-1200_cp_1243-1_railsimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_s7-1200_cpu_1215_fc_firmwaresimatic_s7-1200_cpu_12_1215fc_firmwaresimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_15pro-2simatic_s7-1500_cpu_1518-4_pnsimatic_s7-1200_cpu_12_1212c_firmwaresimatic_s7-1200_cpu_12_1212fc_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_15pro-2_firmwaresimatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1500_cpu_151511c-1_firmwaresimatic_s7-1200_cpu_12_1217csimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_12_1217c_firmwaresimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_151511f-1simatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsimatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1200_cpu_12_1215fcsiplus_et_200sp_cp_1543sp-1_isecsimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512csimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_railsimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_12_1214fc_firmwaresimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1517-3_dp_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1200_cpu_12_1212csimatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515tf-2siplus_s7-1200_cp_1243-1_rail_firmwaresimatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsiplus_s7-1200_cp_1243-1_firmwaresimatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1515t-2_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_s7-1500_cpu_1516-3_dp_firmwaresimatic_s7-1200_cpu_12_1215c_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1500_cpu_1516-3_pn_firmwaresimatic_s7-1200_cpu_12_1211c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-1500_cpu_1507s_firmwaresimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518t-4SIMATIC S7-1500 CPU 1512C-1 PNSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1510SP-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1517H-3 PNSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC Drive Controller CPU 1507D TFSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1513R-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1512SP F-1 PNTIM 1531 IRCSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 Software Controller V2SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1513-1 PNSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSIMATIC S7-1500 CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS S7-1500 CPU 1518HF-4 PNSIPLUS S7-1500 CPU 1513-1 PNSIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44695
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-4.9||MEDIUM
EPSS-0.72% / 49.03%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507ssimatic_s7-1200_cpu_12_1214fcsimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1siplus_s7-300_cpu_314siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pc_firmwaresimatic_s7-1200_cpu_12_1214c_firmwaresimatic_s7-1200_cpu_12_1211csimatic_s7-1500_cpu_1508s_f_firmwaresimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1512spf-1simatic_s7-1500_cpu_1513-1simatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresimatic_s7-1200_cpu_12_1215csimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1500_cpu_1518-4_pn_firmwaresiplus_tim_1531_irc_firmwaresimatic_s7-1500_cpu_1518-4_dp_firmwaresimatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1508s_fsimatic_s7-1500_cpu_15prof-2_firmwaresimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517-3_pn_firmwaresimatic_s7-1500_cpu_1517-3_dpsimatic_s7-1200_cpu_12_1214csimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1214csiplus_tim_1531_ircsimatic_s7-1500_cpu_15prof-2simatic_s7-1500_cpu_1516tf-3siplus_s7-300_cpu_315-2_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_151511f-1_firmwaresimatic_s7-1500_cpu_1507s_f_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1511t-1simatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaretim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1508s_firmwaresimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1200_cpu_12_1212fcsimatic_s7-1500_cpu_151511c-1simatic_s7-1500_cpu_1518tf-4_firmwaresiplus_s7-1200_cp_1243-1simatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1507s_fsiplus_s7-300_cpu_315-2_dpsimatic_s7-1500_cpu_1518simatic_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pcsimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_et_200sp_cp_1543sp-1_isec_firmwaresimatic_s7-1500_cpu_1518_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1214_fc_firmwaresiplus_s7-1200_cp_1243-1_railsimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_s7-1200_cpu_1215_fc_firmwaresimatic_s7-1200_cpu_12_1215fc_firmwaresimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_15pro-2simatic_s7-1500_cpu_1518-4_pnsimatic_s7-1200_cpu_12_1212c_firmwaresimatic_s7-1200_cpu_12_1212fc_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_15pro-2_firmwaresimatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1500_cpu_151511c-1_firmwaresimatic_s7-1200_cpu_12_1217csimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_12_1217c_firmwaresimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_151511f-1simatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsiplus_s7-300_cpu_317-2_pn\/dp_firmwaresimatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1200_cpu_12_1215fcsiplus_et_200sp_cp_1543sp-1_isecsimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512csimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresiplus_s7-300_cpu_314_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_railsimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_12_1214fc_firmwaresimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1517-3_dp_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1200_cpu_12_1212csiplus_s7-300_cpu_315-2_pn\/dpsimatic_s7-1500_cpu_1511f-1siplus_s7-300_cpu_317-2_pn\/dpsimatic_s7-1500_cpu_1515tf-2siplus_s7-1200_cp_1243-1_rail_firmwaresimatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsiplus_s7-1200_cp_1243-1_firmwaresimatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssiplus_s7-300_cpu_315-2_dp_firmwaresimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1515t-2_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_s7-1500_cpu_1516-3_dp_firmwaresimatic_s7-1200_cpu_12_1215c_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1500_cpu_1516-3_pn_firmwaresimatic_s7-1200_cpu_12_1211c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-1500_cpu_1507s_firmwaresimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518t-4SIMATIC S7-1500 CPU 1512C-1 PNSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1510SP-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1517H-3 PNSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC Drive Controller CPU 1507D TFSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1513R-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1512SP F-1 PNTIM 1531 IRCSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 Software Controller V2SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1513-1 PNSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSIMATIC S7-1500 CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS S7-1500 CPU 1518HF-4 PNSIPLUS S7-1500 CPU 1513-1 PNSIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44442
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.81% / 52.23%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 12:07
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995)

Action-Not Available
Vendor-Siemens AG
Product-jt_utilitiesjt_open_toolkitJTTKJT Utilities
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-52051
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7||HIGH
EPSS-0.18% / 7.21%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 13:53
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 9), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V17 (All versions < V17 Update 9), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-PLCSIM V18SIMATIC S7-PLCSIM V17SIMATIC STEP 7 V18SIMATIC STEP 7 Safety V18SIRIUS Soft Starter ES V18 (TIA Portal)SIMATIC STEP 7 V17SIMATIC WinCC Unified V18SIRIUS Safety ES V19 (TIA Portal)TIA Portal Cloud V17SIRIUS Soft Starter ES V19 (TIA Portal)TIA Portal Cloud V18SIRIUS Safety ES V18 (TIA Portal)SIMOCODE ES V19TIA Portal Cloud V19SINAMICS Startdrive V19SIMATIC WinCC V18SIMOCODE ES V18SIMATIC WinCC V17SIMATIC WinCC Unified V17SIMATIC STEP 7 Safety V19SIMOTION SCOUT TIA V5.4SINAMICS Startdrive V18SINAMICS Startdrive V17SIMOTION SCOUT TIA V5.6SIMOTION SCOUT TIA V5.5SIRIUS Soft Starter ES V17 (TIA Portal)SIRIUS Safety ES V17 (TIA Portal)SIMATIC STEP 7 V19SIMATIC WinCC Unified V19SIMATIC STEP 7 Safety V17SIMATIC WinCC Unified PC Runtime V18SIMATIC WinCC V19SIMOCODE ES V17SIMATIC WinCC Unified PC Runtime V19
CWE ID-CWE-20
Improper Input Validation
CVE-2021-41769
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.23%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 11:27
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83). An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information.

Action-Not Available
Vendor-Siemens AG
Product-6md857sa87_firmware6md867um856md89_firmware7sl87_firmware7sk85_firmware7ut867ss857sa877ke85_firmware7sd87_firmware6mu85_firmware6md896mu857st857vk877sd86_firmware7sl82_firmware7ut857sj81_firmware7ve85_firmware7st85_firmware7sl827sd867ke857sa86_firmware7sx8007ut86_firmware6md85_firmware7sk857sk827sx800_firmware7sd877sx85_firmware6md86_firmware7sk82_firmware7sa867sj827sj857sj86_firmware7sl86_firmware7sj817ut82_firmware7ut85_firmware7sj82_firmware7um85_firmware7ve857ut877vk87_firmware7sa827sj85_firmware7sl867sx857sd827ut87_firmware7ut827sj867sd82_firmware7sl877sa82_firmware7ss85_firmwareSIPROTEC 5 7SD82 devices (CPU variant CP100)SIPROTEC 5 6MD86 devices (CPU variant CP300)SIPROTEC 5 7VE85 devices (CPU variant CP300)SIPROTEC 5 7UT87 devices (CPU variant CP300)SIPROTEC 5 7ST85 devices (CPU variant CP300)SIPROTEC 5 7SL82 devices (CPU variant CP100)SIPROTEC 5 7UT82 devices (CPU variant CP100)SIPROTEC 5 6MU85 devices (CPU variant CP300)SIPROTEC 5 7SK82 devices (CPU variant CP100)SIPROTEC 5 7SK85 devices (CPU variant CP300)SIPROTEC 5 7UT86 devices (CPU variant CP300)SIPROTEC 5 7SA82 devices (CPU variant CP100)SIPROTEC 5 7VK87 devices (CPU variant CP300)SIPROTEC 5 7SD86 devices (CPU variant CP300)SIPROTEC 5 7SJ85 devices (CPU variant CP300)SIPROTEC 5 7SJ82 devices (CPU variant CP100)SIPROTEC 5 7SL87 devices (CPU variant CP300)SIPROTEC 5 7SX85 devices (CPU variant CP300)SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050)SIPROTEC 5 6MD85 devices (CPU variant CP300)SIPROTEC 5 7UM85 devices (CPU variant CP300)SIPROTEC 5 7SA86 devices (CPU variant CP300)SIPROTEC 5 7UT85 devices (CPU variant CP300)SIPROTEC 5 7SL86 devices (CPU variant CP300)SIPROTEC 5 7KE85 devices (CPU variant CP300)SIPROTEC 5 7SJ86 devices (CPU variant CP300)SIPROTEC 5 7SS85 devices (CPU variant CP300)SIPROTEC 5 7SD87 devices (CPU variant CP300)SIPROTEC 5 7SA87 devices (CPU variant CP300)SIPROTEC 5 6MD89 devices (CPU variant CP300)SIPROTEC 5 7SJ81 devices (CPU variant CP100)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-40365
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.12%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507ssimatic_s7-1200_cpu_12_1214fcsimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1siplus_s7-300_cpu_314siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pc_firmwaresimatic_s7-1200_cpu_12_1214c_firmwaresimatic_s7-1200_cpu_12_1211csimatic_s7-1500_cpu_1508s_f_firmwaresimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1512spf-1simatic_s7-1500_cpu_1513-1simatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresimatic_s7-1200_cpu_12_1215csimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1500_cpu_1518-4_pn_firmwaresiplus_tim_1531_irc_firmwaresimatic_s7-1500_cpu_1518-4_dp_firmwaresimatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1508s_fsimatic_s7-1500_cpu_15prof-2_firmwaresimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517-3_pn_firmwaresimatic_s7-1500_cpu_1517-3_dpsimatic_s7-1200_cpu_12_1214csimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1214csiplus_tim_1531_ircsimatic_s7-1500_cpu_15prof-2simatic_s7-1500_cpu_1516tf-3siplus_s7-300_cpu_315-2_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_151511f-1_firmwaresimatic_s7-1500_cpu_1507s_f_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1511t-1simatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaretim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1508s_firmwaresimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1200_cpu_12_1212fcsimatic_s7-1500_cpu_151511c-1simatic_s7-1500_cpu_1518tf-4_firmwaresiplus_s7-1200_cp_1243-1simatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1507s_fsiplus_s7-300_cpu_315-2_dpsimatic_s7-1500_cpu_1518simatic_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pcsimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_et_200sp_cp_1543sp-1_isec_firmwaresimatic_s7-1500_cpu_1518_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1214_fc_firmwaresiplus_s7-1200_cp_1243-1_railsimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_s7-1200_cpu_1215_fc_firmwaresimatic_s7-1200_cpu_12_1215fc_firmwaresimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_15pro-2simatic_s7-1500_cpu_1518-4_pnsimatic_s7-1200_cpu_12_1212c_firmwaresimatic_s7-1200_cpu_12_1212fc_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_15pro-2_firmwaresimatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1500_cpu_151511c-1_firmwaresimatic_s7-1200_cpu_12_1217csimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_12_1217c_firmwaresimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_151511f-1simatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsiplus_s7-300_cpu_317-2_pn\/dp_firmwaresimatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1200_cpu_12_1215fcsiplus_et_200sp_cp_1543sp-1_isecsimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512csimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresiplus_s7-300_cpu_314_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_railsimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_12_1214fc_firmwaresimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1517-3_dp_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1200_cpu_12_1212csiplus_s7-300_cpu_315-2_pn\/dpsimatic_s7-1500_cpu_1511f-1siplus_s7-300_cpu_317-2_pn\/dpsimatic_s7-1500_cpu_1515tf-2siplus_s7-1200_cp_1243-1_rail_firmwaresimatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsiplus_s7-1200_cp_1243-1_firmwaresimatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssiplus_s7-300_cpu_315-2_dp_firmwaresimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1515t-2_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_s7-1500_cpu_1516-3_dp_firmwaresimatic_s7-1200_cpu_12_1215c_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1500_cpu_1516-3_pn_firmwaresimatic_s7-1200_cpu_12_1211c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-1500_cpu_1507s_firmwaresimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518t-4SIMATIC S7-1500 CPU 1512C-1 PNSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1510SP-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1517H-3 PNSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC Drive Controller CPU 1507D TFSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1513R-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1512SP F-1 PNTIM 1531 IRCSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 Software Controller V2SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1513-1 PNSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSIMATIC S7-1500 CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS S7-1500 CPU 1518HF-4 PNSIPLUS S7-1500 CPU 1513-1 PNSIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
CWE ID-CWE-20
Improper Input Validation
CVE-2021-42018
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.98% / 57.67%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 11:31
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rs969ruggedcom_rs910ruggedcom_rsg2100ruggedcom_rsg2300pruggedcom_rs930lruggedcom_rsg907rruggedcom_rsg910cruggedcom_rs416ruggedcom_rs900wruggedcom_i801ruggedcom_rosruggedcom_m2100ruggedcom_rmcruggedcom_i800ruggedcom_rst2228ruggedcom_rs930wruggedcom_rmc8388ruggedcom_rsg2200ruggedcom_rs900ruggedcom_rs401ruggedcom_rs8000truggedcom_rsg909rruggedcom_rp110ruggedcom_rs910lruggedcom_i802ruggedcom_m969ruggedcom_rs910wruggedcom_rsg2100pruggedcom_rs8000ruggedcom_rst916pruggedcom_rs900gpruggedcom_rs900lruggedcom_rmc40ruggedcom_rsl910ruggedcom_rmc41ruggedcom_rsg920pruggedcom_rs920wruggedcom_rs416v2ruggedcom_rs8000aruggedcom_rsg2300ruggedcom_rst916cruggedcom_m2200ruggedcom_rs400ruggedcom_rst2228pruggedcom_rmc20ruggedcom_rs8000hruggedcom_rsg908cruggedcom_i803ruggedcom_rsg2488ruggedcom_rs900gruggedcom_rsg2288ruggedcom_rs920lruggedcom_rs940gruggedcom_rmc30RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS900MNC-STND-XX-C01RUGGEDCOM RSG920P V4.XRUGGEDCOM RS401NCRUGGEDCOM RSG2100PNC (32M) V4.XRUGGEDCOM RS920LNCRUGGEDCOM RS910LRUGGEDCOM RS930WRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG2288NC V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600RUGGEDCOM i801NCRUGGEDCOM RS940GRUGGEDCOM RSG2100NC(32M) V4.XRUGGEDCOM i800NCRUGGEDCOM RS910RUGGEDCOM RSG908CRUGGEDCOM RS8000NCRUGGEDCOM RS400FRUGGEDCOM RS900NC(32M) V4.XRUGGEDCOM RS920LRUGGEDCOM RMC8388 V4.XRUGGEDCOM RS8000HRUGGEDCOM RS900LNCRUGGEDCOM RS8000TRUGGEDCOM RS910NCRUGGEDCOM RS416PFRUGGEDCOM RS900GRUGGEDCOM M2100FRUGGEDCOM RS900M-STND-XXRUGGEDCOM RS900WRUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900MNC-STND-XXRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG910CRUGGEDCOM RSG2300PFRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS1600NCRUGGEDCOM RS969RUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RSG909RRUGGEDCOM RS416FRUGGEDCOM RS900GPFRUGGEDCOM RSG2100PRUGGEDCOM RS930LNCRUGGEDCOM RS416PRUGGEDCOM RSG920P V5.XRUGGEDCOM RSG2200NCRUGGEDCOM RS8000HNCRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FRUGGEDCOM RS416NCRUGGEDCOM RS930LRUGGEDCOM RSG907RRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XRUGGEDCOM RS940GNCRUGGEDCOM RS900GNCRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RS940GFRUGGEDCOM RS910LNCRUGGEDCOM RSG2288NC V4.XRUGGEDCOM RSG2488 V5.XRUGGEDCOM RMC30RUGGEDCOM RS900GFRUGGEDCOM RS8000ANCRUGGEDCOM RMC8388NC V4.XRUGGEDCOM RS1600TRUGGEDCOM M969FRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RS400NCRUGGEDCOM RS900MNC-GETS-C01RUGGEDCOM RS900M-GETS-C01RUGGEDCOM RSG2488NC V4.XRUGGEDCOM M2200FRUGGEDCOM RP110RUGGEDCOM i801RUGGEDCOM RS416v2 V4.XRUGGEDCOM RS416NCv2 V4.XRUGGEDCOM RS8000TNCRUGGEDCOM RSG2300P V4.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RS920WRUGGEDCOM RS900FRUGGEDCOM M2200RUGGEDCOM RS900MNC-GETS-XXRUGGEDCOM RSG2300NC V5.XRUGGEDCOM RS900GNC(32M) V4.XRUGGEDCOM RS900RUGGEDCOM RSG2100RUGGEDCOM M969NCRUGGEDCOM RS416PNCRUGGEDCOM RS1600FNCRUGGEDCOM RS400RUGGEDCOM RS900NC(32M) V5.XRUGGEDCOM RS1600TNCRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM M969RUGGEDCOM RS416PNCv2 V4.XRUGGEDCOM M2200NCRUGGEDCOM RS8000ARUGGEDCOM i803RUGGEDCOM RSG2100PNCRUGGEDCOM RSG920PNC V5.XRUGGEDCOM RSG2100NCRUGGEDCOM RSG2488FRUGGEDCOM RP110NCRUGGEDCOM RSG2200RUGGEDCOM RSG2488NC V5.XRUGGEDCOM RSL910NCRUGGEDCOM RS969NCRUGGEDCOM RS416RUGGEDCOM RST2228PRUGGEDCOM i800RUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RS416PNCv2 V5.XRUGGEDCOM RS416NCv2 V5.XRUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSL910RUGGEDCOM RSG2100PFRUGGEDCOM RS900GPRUGGEDCOM RST916CRUGGEDCOM RS900GPNCRUGGEDCOM RSG2100FRUGGEDCOM RSG2488 V4.XRUGGEDCOM i802RUGGEDCOM RS900GNC(32M) V5.XRUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RSG2300NC V4.XRUGGEDCOM RSG920PNC V4.XRUGGEDCOM i802NCRUGGEDCOM i803NCRUGGEDCOM M2100RUGGEDCOM RSG2300FRUGGEDCOM RSG2300PNC V4.XRUGGEDCOM RS900NCRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RMC30NCRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RSG2200FRUGGEDCOM M2100NCRUGGEDCOM RSG2100P (32M) V5.X
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found