Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-18294

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-12 Dec, 2019 | 19:08
Updated At-05 Aug, 2024 | 01:47
Rejected At-
Credits

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:12 Dec, 2019 | 19:08
Updated At:05 Aug, 2024 | 01:47
Rejected At:
â–¼CVE Numbering Authority (CNA)

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected Products
Vendor
Siemens AGSiemens
Product
SPPA-T3000 MS3000 Migration Server
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
x_refsource_MISC
http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Resource:
x_refsource_MISC
Hyperlink: http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
x_refsource_MISC
x_transferred
http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:12 Dec, 2019 | 19:15
Updated At:04 Mar, 2022 | 22:26

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Siemens AG
siemens
>>sppa-t3000_ms3000_migration_server>>*
cpe:2.3:a:siemens:sppa-t3000_ms3000_migration_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-122Secondaryproductcert@siemens.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-122
Type: Secondary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.htmlproductcert@siemens.com
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdfproductcert@siemens.com
Mitigation
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html
Source: productcert@siemens.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf
Source: productcert@siemens.com
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1545Records found
CVE-2016-2518
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.48% / 87.82%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

Action-Not Available
Vendor-ntpn/aFreeBSD FoundationOracle CorporationSiemens AGRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-debian_linuxfreebsdoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusoncommand_balancecommunications_user_data_repositoryenterprise_linux_server_eusenterprise_linux_server_ausdata_ontapsimatic_net_cp_443-1_opc_uaenterprise_linux_serveroncommand_unified_manager_for_clustered_data_ontapenterprise_linux_workstationclustered_data_ontaplinuxsimatic_net_cp_443-1_opc_ua_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-36324
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.54% / 81.71%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 11:18
Updated-14 Apr, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xp208_\(eip\)_firmwarescalance_xr528-6m_l3scalance_xc208g_eec_firmwarescalance_m-800_firmwarescalance_xm416-4c_l3scalance_xr-300eecscalance_xc206-2sfp_g_firmwarescalance_xr324wg_firmwarescalance_w700_ieee_802.11ac_firmwarescalance_xc-200scalance_xb208_firmwarescalance_xb213-3ld_firmwarescalance_xc208g_poe_firmwarescalance_xm408-4c_firmwarescalance_xm416-4cscalance_xr528-6m_firmwarescalance_xc206-2scalance_xr528-6m_2hr2_l3scalance_xp208eecscalance_xr552-12m_2hr2_l3scalance_xp-200scalance_xc206-2sfp_eecscalance_xc216_firmwarescalance_xp216_firmwarescalance_xr528-6mscalance_xr526-8c_firmwarescalance_xb216scalance_xr328-4c_wg_firmwarescalance_xr526_firmwarescalance_xr552scalance_xp208eec_firmwarescalance_xf204-2ba_irt_firmwarescalance_xr-300wgscalance_xp208scalance_xc206-2g_poe__firmwarescalance_xr526scalance_xc224_scalance_xr552-12m_firmwarescalance_xr324-4m_poe_firmwarescalance_xm408-4c_l3scalance_xr552-12m_2hr2scalance_xr552-12scalance_xb213-3_firmwarescalance_xf204-2ba_dnascalance_xp208poe_eec_firmwarescalance_xc224-4c_g_eec_firmwarescalance_xr326-2c_poe_wg_firmwarescalance_xp216eec_firmwarescalance_xc208g_\(e\/ip\)scalance_xc224-4c_g_scalance_xm416-4c_l3_firmwarescalance_xr524_firmwarescalance_xr524-8cscalance_xc216scalance_xc224-4c_g_\(e\/ip\)scalance_xc216-4c_g_\(e\/ip\)scalance_xc216-4c_g_\(e\/ip\)_firmwarescalance_xb208scalance_xp216eecscalance_xc208eec_firmwarescalance_xc208gscalance_xr524-8c_l3scalance_xr552-12_firmwarescalance_xr324-4m_eec_firmwarescalance_xc216eec_firmwarescalance_xm408-4cscalance_xr-300eec_firmwarescalance_xr500scalance_xc216-4c_firmwarescalance_xb-200scalance_xb-200_firmwarescalance_xc216eecscalance_w700_ieee_802.11nscalance_xr324-4m_eecscalance_xc216-4c_gscalance_xr324-4m_poe_tsscalance_xc208_firmwarescalance_xp216poe_eec_firmwarescalance_xr528-6m_l3_firmwarescalance_xc224-4c_g_\(e\/ip\)_firmwarescalance_xp208_\(eip\)scalance_xr528scalance_xb205-3ldscalance_xr326-2c_poe_wgscalance_xc216-4c_g_eec_firmwarescalance_xr528-6m_2hr2scalance_xf-200ba_firmwarescalance_xm408-8c_l3scalance_xb205-3ld_firmwarescalance_xc206-2g_poe_scalance_xm408-4c_l3_firmwarescalance_xr552-12mscalance_xm400scalance_xc208eecscalance_xb213-3ldscalance_xr524-8c_firmwarescalance_xr-300poe_firmwarescalance_xr324-12m_firmwarescalance_xr528_firmwarescalance_xr-300_firmwarescalance_xc-200_firmwarescalance_xc224-4c_g_eecscalance_xb205-3scalance_xc206-2sfp_gscalance_xr526-8c_l3_firmwarescalance_xm416-4c_firmwarescalance_xc216-4cscalance_xr324-4m_poescalance_xr528-6m_2hr2_firmwarescalance_xc224-4c_g__firmwarescalance_xr328-4c_wgscalance_xb216_firmwarescalance_xr526-8c_l3scalance_xc208g_firmwarescalance_xr324wgscalance_xc208scalance_xr324-12m_tsscalance_xp216_\(eip\)scalance_xb213-3scalance_xc208g_poescalance_xr500_firmwarescalance_xm408-8c_firmwarescalance_xr-300poescalance_w700_ieee_802.11acscalance_xc206-2sfp_g_\(e\/ip\)_firmwarescalance_xr-300wg_firmwarescalance_xm408-8cscalance_w700_ieee_802.11ax_firmwarescalance_xc206-2sfp_g_eecscalance_xp216scalance_m-800scalance_xr-300scalance_xp208_firmwarescalance_xp208poe_eecscalance_xm408-8c_l3_firmwarescalance_xf-200bascalance_xc208g_\(e\/ip\)_firmwarescalance_xm400_firmwarescalance_xc206-2sfp_g_\(e\/ip\)scalance_xc206-2sfp_eec_firmwarescalance_w700_ieee_802.11axscalance_xf204-2ba_dna_firmwarescalance_w700_ieee_802.11n_firmwarescalance_xc216-4c_g_firmwarescalance_xc208g_eecscalance_xc206-2_firmwarescalance_xp216poe_eecscalance_xr524-8c_l3_firmwarescalance_xr526-8cscalance_xr528-6m_2hr2_l3_firmwarescalance_xp-200_firmwarescalance_s615scalance_xr324-4m_poe_ts_firmwarescalance_xr552-12m_2hr2_l3_firmwarescalance_xc206-2g_poe_eecscalance_xb205-3_firmwarescalance_xr324-12m_ts_firmwarescalance_xr552_firmwarescalance_s615_firmwarescalance_xr524scalance_xp216_\(eip\)_firmwarescalance_xc206-2g_poe_eec_firmwarescalance_xf204-2ba_irtscalance_xr324-12mscalance_xc224__firmwarescalance_xr552-12m_2hr2_firmwarescalance_xc216-4c_g_eecscalance_xc206-2sfp_g_eec_firmwareSCALANCE M876-4 (EU)SCALANCE WAM763-1SCALANCE W1748-1 M12SCALANCE XC224-4C G (EIP Def.)SCALANCE W734-1 RJ45 (USA)SCALANCE XC206-2SFP GSCALANCE XR524-8C, 24VSCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE XC216-4CSCALANCE SC646-2CSCALANCE XC206-2G PoE (54 V DC)SCALANCE XR328-4C WG (28xGE, DC 24V)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE M826-2 SHDSL-RouterSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W1788-2 M12SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE W774-1 M12 EECSCALANCE WUM766-1 (USA)SCALANCE XP216SCALANCE W778-1 M12 EECSCALANCE XP216POE EECSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE SC642-2CSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XC208GSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE SC632-2CSCALANCE XC224SCALANCE XM408-4C (L3 int.)SCALANCE XB213-3 (SC, PN)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XC208G PoE (54 V DC)SCALANCE WAM766-1 EEC (US)SCALANCE W778-1 M12 EEC (USA)SCALANCE W786-2IA RJ45SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE XC208SCALANCE XB208 (E/IP)SCALANCE XR552-12MSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE M876-3 (ROK)SCALANCE MUM853-1 (EU)SCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE WAM766-1 EECSCALANCE XR526-8C, 2x230VSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSCALANCE XR526-8C, 1x230VSCALANCE XR524-8C, 24V (L3 int.)SCALANCE M874-3SCALANCE XM408-8CSCALANCE M876-4 (NAM)SCALANCE W786-2 SFPSCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE XM416-4CSCALANCE XC216-3G PoESCALANCE XR524-8C, 2x230VSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XB205-3LD (SC, E/IP)SCALANCE XC216-4C G EECSCALANCE WUM766-1SCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE MUM856-1 (EU)SCALANCE XC206-2SFP G EECSCALANCE M874-2SCALANCE W734-1 RJ45SCALANCE W748-1 M12SCALANCE XF204-2BA DNASCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE SC626-2CSCALANCE XP208EECSCALANCE XF204 DNASCALANCE XR528-6MSCALANCE WAM766-1SCALANCE W788-1 RJ45SCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE W786-2 RJ45SCALANCE XP208 (Ethernet/IP)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE XB205-3 (ST, PN)SCALANCE XB216 (E/IP)SCALANCE XC208G PoESCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE WAM766-1 (US)SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE M804PBSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE XC206-2SFPSCALANCE SC636-2CSCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE W788-2 M12 EECSCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204SIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SCALANCE SC622-2CSCALANCE WUM763-1SCALANCE MUM856-1 (RoW)SIPLUS NET SCALANCE XC206-2SFPSCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-36362
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.81% / 74.60%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-08 Oct, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_bm_fs-05logo\!8_bm_fs-05_firmwarelogo\!_8_bm_firmwarelogo\!8_bmLOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoSIPLUS LOGO! 12/24RCEoLOGO! 24CEoSIPLUS LOGO! 24RCEoLOGO! 24RCESIPLUS LOGO! 24CELOGO! 12/24RCEoLOGO! 230RCESIPLUS LOGO! 230RCEoLOGO! 24CESIPLUS LOGO! 24RCESIPLUS LOGO! 12/24RCESIPLUS LOGO! 230RCE
CWE ID-CWE-20
Improper Input Validation
CVE-2019-13921
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.31%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:49
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software.

Action-Not Available
Vendor-Siemens AG
Product-simatic_winac_rtx_\(f\)_2010SIMATIC WinAC RTX (F) 2010
CWE ID-CWE-410
Insufficient Resource Pool
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-20094
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-6.77% / 91.49%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 11:09
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.

Action-Not Available
Vendor-wibun/aSiemens AG
Product-sicam_230pss_capesicam_230_firmwarecodemeterWibu-Systems CodeMeter
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-40820
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.93%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 10:44
Updated-09 Dec, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-300 CPU 315F-2 PN/DPSIMATIC S7-1500 CPU 1515F-2 PNSIPLUS S7-1200 CPU 1215 DC/DC/DCSIPLUS S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-1200 CPU 1212C DC/DC/DCSIMATIC S7-200 SMART CPU SR30SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-LSIMATIC PN/MF CouplerSIPLUS S7-1200 CPU 1215 DC/DC/RLYSIPLUS S7-1200 CPU 1212C AC/DC/RLYSIMATIC S7-200 SMART CPU ST20SIMATIC ET 200SP IM 155-6 PN/3 HFSIPLUS S7-300 CPU 315-2 PN/DPSIMATIC ET 200pro IM 154-8 PN/DP CPUSIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-300 CPU 319-3 PN/DPSIPLUS S7-300 CPU 314C-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC ET 200clean, CM 8x IO-LinkSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-400 CPU 414F-3 PN/DP V7SIPLUS S7-1200 CPU 1215C DC/DC/DCSIMATIC PN/PN CouplerSIMATIC S7-1200 CPU 1217C DC/DC/DCSIPLUS NET PN/PN CouplerSIMATIC ET 200eco PN, DI 16x24VDC, M12-LSIDOOR ATE530S COATEDSIMATIC ET 200eco PN, AI 8xRTD/TC, M12-LSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC S7-1200 CPU 1211C DC/DC/DCSIMATIC ET 200eco PN, DI 8x24VDC, M12-LSINUMERIK 840D slSIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1212C DC/DC/RlySIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SIMATIC CFU PASIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-1200 CPU 1212FC DC/DC/DCSIMATIC ET 200S IM 151-8F PN/DP CPUSIWAREX WP522 STSIMATIC TDC CP51M1SIMATIC Power Line Booster PLB, Modem Module STSIMATIC S7-200 SMART CPU CR60SIMATIC S7-1200 CPU 1214FC DC/DC/RlySIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SIMATIC S7-1200 CPU 1215C AC/DC/RlySIPLUS HCS4300 CIM4310SIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-400 CPU 412-2 PN V7SIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC ET 200MP IM 155-5 PN HFSIWAREX WP521 STSIMATIC S7-200 SMART CPU SR60SIMATIC ET 200SP IM 155-6 MF HFSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC ET 200AL IM 157-1 PNSIMATIC ET 200SP IM 155-6 PN HFSIPLUS S7-1200 CPU 1214 DC/DC/RLYSIMATIC S7-200 SMART CPU CR40SIPLUS S7-1200 CPU 1214FC DC/DC/DCSIMATIC ET 200SP IM 155-6 PN/2 HFSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)SIPLUS ET 200S IM 151-8F PN/DP CPUSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC S7-1200 CPU 1212C AC/DC/RlySIMATIC S7-300 CPU 315-2 PN/DPSIMATIC S7-400 CPU 416F-3 PN/DP V7SIMATIC S7-1200 CPU 1214C AC/DC/RlySIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-LSIMATIC ET 200eco PN, CM 8x IO-Link, M12-LSIMATIC TDC CPU555SIMOCODE pro V PROFINETSIWAREX WP231SIPLUS HCS4200 CIM4210SIPLUS S7-1200 CPU 1214 AC/DC/RLYSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1515-2 PNSIMATIC ET 200clean, DI 16x24VDCSIMATIC S7-1200 CPU 1215C DC/DC/DCSIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC Power Line Booster PLB, Base ModuleSIPLUS HCS4200 CIM4210CSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC ET 200pro IM 154-8FX PN/DP CPUSIMATIC ET 200eco PN, CM 4x IO-Link, M12-LSIMATIC S7-400 CPU 416-3 PN/DP V7SIWAREX WP241SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSIMATIC S7-1200 CPU 1214C DC/DC/DCSIPLUS ET 200SP IM 155-6 PN HFSIPLUS ET 200MP IM 155-5 PN HFSIWAREX WP251SIMATIC S7-1200 CPU 1212C DC/DC/DCSIDOOR ATD430WSIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)SIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1200 CPU 1211C AC/DC/RlySIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC S7-1200 CPU 1212FC DC/DC/RlySIMATIC S7-200 SMART CPU SR20SIMATIC S7-1200 CPU 1214C DC/DC/RlySIMATIC CFU DIQSIMATIC ET 200clean, DIQ 16x24VDC/0,5ASIMATIC S7-1500 CPU 1513-1 PNSIMATIC S7-200 SMART CPU SR40SIPLUS ET 200S IM 151-8 PN/DP CPUSIMATIC S7-1200 CPU 1215FC DC/DC/DCSIMATIC S7-1200 CPU 1215FC DC/DC/RlySIMATIC S7-1500 CPU 1511F-1 PNSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1513F-1 PNSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIPLUS S7-1200 CPU 1214C AC/DC/RLYSIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-1200 CPU 1214C DC/DC/DCSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC S7-1200 CPU 1215C DC/DC/RlySIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSIMATIC S7-200 SMART CPU ST30SIMATIC S7-200 SMART CPU ST60SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC S7-1200 CPU 1211C DC/DC/RlySIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIMATIC ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1200 CPU 1212 AC/DC/RLYSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC ET 200S IM 151-8 PN/DP CPUSIMATIC S7-200 SMART CPU ST40SIPLUS S7-1500 CPU 1511F-1 PNSIDOOR ATE530G COATEDSIMATIC ET 200pro IM 154-8F PN/DP CPUSIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-LSIMATIC S7-300 CPU 317TF-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
CVE-2022-33736
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.91%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.

Action-Not Available
Vendor-Siemens AG
Product-opcenter_qualityOpcenter Quality V13.1Opcenter Quality V13.2
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2018-4837
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.48% / 81.37%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 14:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-telecontrol_server_basicTeleControl Server Basic
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-3658
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.13% / 78.67%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

Action-Not Available
Vendor-Intel CorporationSiemens AG
Product-manageability_engine_firmwaresimatic_ipc677d_firmwaresimatic_ipc477e_firmwaresimatic_ipc427e_firmwaresimatic_ipc647d_firmwaresimatic_ipc427esimatic_ipc647dsimatic_ipc547e_firmwaresimatic_ipc627dsimatic_pc547esimatic_ipc847dsimatic_ipc827dsimatic_ipc547gsimatic_field_pg_m5_firmwaresimatic_ipc847d_firmwaresimatic_pc547g_firmwaresimatic_ipc677dsimatic_ipc627d_firmwaresimatic_itp1000_firmwaresimatic_ipc827d_firmwareconverged_security_management_engine_firmwaresimatic_ipc477esimatic_field_pg_m5simatic_itp1000active_management_technology_firmwareIntel(R) Active Management Technology
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2020-9327
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 76.77%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 21:25
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationCanonical Ltd.Siemens AG
Product-sinec_infrastructure_network_servicesubuntu_linuxcommunications_messaging_servercloud_backupsqlitecommunications_network_charging_and_controlzfs_storage_appliance_kitoutside_in_technologyhyperion_infrastructure_technologyenterprise_manager_ops_centermysql_workbenchn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.29%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 22:54
Updated-03 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linuxlibxml2 (XMLSoft)Siemens AG
Product-ubuntu_linuxh500s_firmwareh410c_firmwaresteelstore_cloud_integrated_storagemysql_workbenchsinema_remote_connect_serverreal_user_experience_insighth410cpeoplesoft_enterprise_peopletoolssnapdriveh700s_firmwareclustered_data_ontapfedorah700e_firmwaresymantec_netbackuph300e_firmwareh500e_firmwarelibxml2h700sh410sh300eenterprise_manager_ops_centerh500edebian_linuxsmi-s_providerh300s_firmwareenterprise_manager_base_platformh300sh700eh500sh410s_firmwarecommunications_cloud_native_core_network_function_cloud_native_environmentn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-7793
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-2.64% / 86.03%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 13:25
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS)

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

Action-Not Available
Vendor-ua-parser-js_projectn/aSiemens AG
Product-sinec_insua-parser-jsua-parser-js
CVE-2020-7584
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.33%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 13:18
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-200_smart_sr_cpusimatic_s7-200_smart_sr_cpu_firmwaresimatic_s7-200_smart_st_cpu_firmwaresimatic_s7-200_smart_st_cpuSIMATIC S7-200 SMART CPU family
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-16557
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.09% / 26.02%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400_firmwaresimatic_s7-400simatic_s7-400_pn\/dp_v7simatic_s7-410_firmwaresimatic_s7-400h_firmwaresimatic_s7-410simatic_s7-400h SIMATIC S7-400 CPU 412-2 DP V7 SIMATIC S7-400 CPU 414F-3 PN/DP V7 SIMATIC S7-400 CPU 416-3 DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7 SIMATIC S7-400 CPU 416F-3 PN/DP V7 SIMATIC S7-400 CPU 416F-2 DP V7 SIMATIC S7-400 CPU 414-2 DP V7SIPLUS S7-400 CPU 416-3 V7SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SIMATIC S7-410 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 417-4 DP V7SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-2 DP V7 SIMATIC S7-400 CPU 414-3 PN/DP V7 SIMATIC S7-400 CPU 414-3 DP V7SIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-400 CPU 417-4 V7 SIMATIC S7-400 CPU 412-1 DP V7SIMATIC S7-400 CPU 412-2 PN V7
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-16556
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.51%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400_firmwaresimatic_s7-400h_v6simatic_s7-400simatic_s7-400_pn\/dp_v7simatic_s7-410_firmwaresimatic_s7-400h_firmwaresimatic_s7-410simatic_s7-400h_v6_firmwaresimatic_s7-400h SIMATIC S7-400 CPU 412-2 DP V7 SIMATIC S7-400 CPU 414F-3 PN/DP V7 SIMATIC S7-400 CPU 416-3 DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7 SIMATIC S7-400 CPU 416F-3 PN/DP V7 SIMATIC S7-400 CPU 416F-2 DP V7 SIMATIC S7-400 CPU 414-2 DP V7SIPLUS S7-400 CPU 416-3 V7SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SIMATIC S7-410 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 417-4 DP V7SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-2 DP V7 SIMATIC S7-400 CPU 414-3 PN/DP V7 SIMATIC S7-400 CPU 414-3 DP V7SIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-400 CPU 417-4 V7 SIMATIC S7-400 CPU 412-1 DP V7SIMATIC S7-400 CPU 412-2 PN V7
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16890
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.20% / 79.30%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 20:00
Updated-15 Apr, 2026 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxF5, Inc.Canonical Ltd.NetApp, Inc.Red Hat, Inc.Siemens AGCURL
Product-libcurlclustered_data_ontapubuntu_linuxdebian_linuxcommunications_operations_monitorhttp_serversecure_global_desktopenterprise_linuxsinema_remote_connect_clientbig-ip_access_policy_managercurl
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-16561
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.99%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:38
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-300simatic_s7-300tsimatic_s7-300fs_firmwaresimatic_s7-300f_firmwaresimatic_s7-300t_firmwaresimatic_s7-300fssimatic_s7-300_firmwaresimatic_s7-300fSIMATIC S7-300 CPUs
CWE ID-CWE-20
Improper Input Validation
CVE-2020-36475
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.98% / 77.14%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

Action-Not Available
Vendor-n/aArm LimitedDebian GNU/LinuxSiemens AG
Product-debian_linuxlogo\!_cmr2040_firmwaresimatic_rtu3031c_firmwaresimatic_rtu3030csimatic_rtu3041c_firmwaresimatic_rtu3041clogo\!_cmr2040simatic_rtu3000clogo\!_cmr2020simatic_rtu3031csimatic_rtu3000c_firmwarelogo\!_cmr2020_firmwaresimatic_rtu3030c_firmwarembed_tlsn/a
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2020-35683
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 67.80%
||
7 Day CHG~0.00%
Published-19 Aug, 2021 | 11:13
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.

Action-Not Available
Vendor-hcc-embeddedn/aSiemens AG
Product-7km9300-0ae02-0aa0nichestack7km9300-0ae02-0aa0_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30176
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.25% / 48.71%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-03 Oct, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-totally_integrated_automation_portaluser_management_componentsinec_nmssimatic_pcs_neosinema_remote_connectTotally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V4.1Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V20SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18SINEMA Remote ConnectSIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-5219
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.24% / 84.89%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.openSUSEOracle CorporationSiemens AGSUSENovellRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxenterprise_linux_desktopntplinux_enterprise_debuginfolinux_enterprise_serverfedoratim_4r-id_dnp3tim_4r-ieenterprise_linux_serverenterprise_linux_workstationmanagertim_4r-id_dnp3_firmwaremanager_proxyleaplinuxenterprise_linux_hpc_nodetim_4r-ie_firmwareopenstack_cloudn/a
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2020-35684
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 72.38%
||
7 Day CHG~0.00%
Published-19 Aug, 2021 | 11:19
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).

Action-Not Available
Vendor-hcc-embeddedn/aSiemens AG
Product-sentron_3wa_com190_firmwaresentron_3wl_com35_firmwaresentron_3wa_com190sentron_3wl_com35nichestackn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-28500
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.96%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 11:10
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS)

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Action-Not Available
Vendor-lodashn/aOracle CorporationSiemens AG
Product-peoplesoft_enterprise_peopletoolsprimavera_unifiersinec_insfinancial_services_crime_and_compliance_management_studioprimavera_gatewaylodashhealth_sciences_data_management_workbenchcommunications_cloud_native_core_policybanking_trade_finance_process_managementbanking_supply_chain_financecommunications_design_studiobanking_credit_facilities_process_managementbanking_corporate_lending_process_managementbanking_extensibility_workbenchcommunications_session_border_controllercommunications_services_gatekeeperenterprise_communications_brokerjd_edwards_enterpriseone_toolsretail_customer_management_and_segmentation_foundationLodash
CVE-2020-27827
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 66.57%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 00:00
Updated-03 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-lldpd_projectopenvswitchn/aFedora ProjectRed Hat, Inc.Siemens AG
Product-simatic_net_cp_1243-8_irc_firmwaresimatic_net_cp_1543sp-1_firmwaresimatic_net_cp_1545-1_firmwaretim_1531_ircsinumerik_one_firmwareopenshift_container_platformsimatic_net_cp_1542sp-1_ircsimatic_net_cp_1543sp-1simatic_net_cp_1243-1tim_1531_irc_firmwaresimatic_net_cp_1542sp-1simatic_hmi_unified_comfort_panelssinumerik_onesimatic_net_cp_1543-1_firmwarevirtualizationsimatic_net_cp_1243-8_ircsimatic_net_cp_1243-1_firmwareenterprise_linuxfedorasimatic_net_cp_1543-1openvswitchsimatic_net_cp_1545-1simatic_net_cp_1542sp-1_irc_firmwareopenstacksimatic_hmi_unified_comfort_panels_firmwarelldpdsimatic_net_cp_1542sp-1_firmwarelldp/openvswitch
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-28400
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-1.08% / 78.22%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-14 Apr, 2026 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_x201-3p_irtscalance_xr324-4m_eecruggedcom_rm1224_firmwarescalance_x206-1scalance_x320-1fe_firmwareek-ertec_200_evaulation_kit_firmwarescalance_xp-200scalance_xr324-4m_eec_firmwarescalance_xf-200bascalance_x208simatic_mv500softnet-ie_pnioscalance_x204-2_scalance_x206-1_firmwarescalance_s615_firmwarescalance_x204_irtscalance_m-800_firmwarescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xc-200_firmwarescalance_xf204-2ba_irtscalance_xr324-12m_tssimatic_profinet_driver_firmwarescalance_xf208_firmwarescalance_xr-300wg_firmwarescalance_x306-1ldfescalance_x202-2p_irt_proscalance_x304-2fescalance_x204-2fm_firmwarescalance_x204-2tssimatic_mv500_firmwarescalance_xr324-4m_poe_ts_firmwarescalance_xf204scalance_x200-4_p_irtscalance_x308-2lh\+scalance_xm400scalance_x307-3_firmwarescalance_xf204_irtscalance_xf-200ba_firmwarescalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_x310fe_firmwarescalance_xf204-2ba_irt_firmwarescalance_x308-2ldscalance_w700simocode_prov_ethernet\/ipsimatic_net_cp1604_firmwarescalance_x308-2scalance_xr324-12m_ts_firmwareruggedcom_rm1224scalance_x204-2ld_tsscalance_s615scalance_x224simatic_net_cm_1542-1scalance_x302-7eec_firmwarescalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x200-4_p_irt_firmwarescalance_x308-2m_tsscalance_xr324-4m_poeek-ertec_200p_evaluation_kitsimocode_prov_profinetscalance_w700_firmwarescalance_x307-3ldscalance_x204_irt_pro_firmwareek-ertec_200_evaulation_kitscalance_w1700_firmwarescalance_xf201-3p_irt_firmwarescalance_xb-200_firmwaresimatic_net_cp1616_firmwarescalance_xc-200scalance_xr324-4m_poe_tssimatic_net_cp1616scalance_m-800scalance_x201-3p_irt_pro_firmwaresimatic_cfu_pa_firmwarescalance_x208pro_firmwarescalance_xr324-12mscalance_x212-2ldsimatic_s7-1200scalance_x310fesimatic_cfu_pasimocode_prov_profinet_firmwarescalance_xr-300wgscalance_x201-3p_irt_prosimatic_power_line_booster_plbscalance_x308-2_firmwarescalance_x204-2fmscalance_xm400_firmwaresimatic_power_line_booster_plb_firmwaresimocode_prov_ethernet\/ip_firmwarescalance_x306-1ldfe_firmwarescalance_x320-3ldfe_firmwarescalance_x307-3ld_firmwarescalance_x308-2lhscalance_x310simatic_net_cm_1542-1_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2m_poescalance_x202-2_irtscalance_xf204_firmwarescalance_x308-2m_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf204-2_firmwarescalance_xf202-2p_irtscalance_x308-2mscalance_xr500_firmwarescalance_x202-2_irt_firmwarescalance_x206-1ldscalance_w1700scalance_xf204_irt_firmwarescalance_x308-2m_ts_firmwarescalance_xf201-3p_irtscalance_x204-2ldscalance_xf208simatic_net_dk-16xx_pn_ioscalance_xr324-4m_poe_firmwarescalance_x204-2ld_ts_firmwarescalance_x307-2eecscalance_x304-2fe_firmwaredk_standard_ethernet_controller_evaluation_kitsimatic_profinet_driverdk_standard_ethernet_controller_evaluation_kit_firmwarescalance_x307-2eec_firmwarescalance_x308-2lh_firmwarescalance_x320-3ldfeek-ertec_200p_evaluation_kit_firmwarescalance_x204-2_firmwarescalance_xf206-1scalance_xr324-12m_firmwaresimatic_s7-1200_firmwarescalance_x310_firmwarescalance_x206-1ld_firmwarescalance_xp-200_firmwarescalance_x212-2simatic_net_cp1626_firmwarescalance_x204-2ts_firmwarescalance_x208proscalance_x320-1fescalance_x216_firmwarescalance_xb-200scalance_xf202-2p_irt_firmwaresoftnet-ie_pnio_firmwarescalance_x208_firmwarescalance_xr500simatic_ie\/pb-link_v3simatic_ie\/pb-link_v3_firmwarescalance_x307-3simatic_net_cp1626scalance_x216simatic_net_cp1604scalance_xf204-2_scalance_x224_firmwarescalance_x302-7eecSCALANCE X302-7 EEC (230V)SCALANCE W1748-1 M12SCALANCE MUM853-1 (A1)SCALANCE X310FESCALANCE W734-1 RJ45 (USA)SIMATIC MV540 SSCALANCE XR524-8C, 24VSCALANCE XR324-12M TS (24V)SIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1215C DC/DC/RlySCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XC206-2G PoE (54 V DC)SCALANCE XR324-4M EEC (24V, ports on front)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE X208PROSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XR552-12M (2HR2, L3 int.)SIMATIC S7-1200 CPU 1211C DC/DC/DCSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE X302-7 EEC (2x 230V, coated)SIMATIC CM 1542-1SCALANCE XP216SCALANCE XR324-4M EEC (2x 24V, ports on front)SIMATIC MV550 SSCALANCE XP216POE EECSCALANCE X306-1LD FESCALANCE X307-2 EEC (24V)SCALANCE X201-3P IRTSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE X202-2P IRT PROSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE XC224SCALANCE XM408-4C (L3 int.)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XC208G PoE (54 V DC)SCALANCE W786-2IA RJ45SCALANCE X307-2 EEC (2x 230V)SCALANCE X308-2M PoESCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE X200-4P IRTSIMATIC IE/PB-LINKSIMATIC S7-1200 CPU 1212C DC/DC/RlySCALANCE XB208 (E/IP)SIPLUS S7-1200 CPU 1214 AC/DC/RLYSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE MUM853-1 (EU)SCALANCE X212-2SIPLUS S7-1200 CPU 1215FC DC/DC/DCSCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE X308-2LDSCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE XR526-8C, 2x230VSIMATIC PROFINET DriverSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR526-8C, 1x230VSCALANCE MUM856-1 (A1)SCALANCE XR524-8C, 24V (L3 int.)SCALANCE X408-2SCALANCE M874-3SCALANCE XM408-8CSCALANCE X302-7 EEC (24V, coated)SCALANCE M876-4 (NAM)SCALANCE X202-2IRTSCALANCE X212-2LDSIMATIC S7-1200 CPU 1214C DC/DC/RlySCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE X206-1LDSCALANCE XC216-3G PoESCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE X206-1SCALANCE XC216-4C G EECSCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XF204-2SCALANCE MUM856-1 (EU)SCALANCE X308-2MSCALANCE XC206-2SFP G EECSCALANCE W734-1 RJ45SCALANCE W748-1 M12SIMATIC S7-1200 CPU 1215C DC/DC/DCSCALANCE XF204-2BA DNASCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR526-8C, 2x230V (L3 int.)SIMATIC S7-1200 CPU 1214C DC/DC/DCSCALANCE X320-1 FESCALANCE X307-2 EEC (230V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SIPLUS S7-1200 CPU 1214C AC/DC/RLYSCALANCE XF202-2P IRTSCALANCE XR528-6MSIMATIC Power Line Booster PLB, Base ModuleSIPLUS SIMOCODE pro V basic unit 2SIMATIC S7-1200 CPU 1211C AC/DC/RlySCALANCE W788-1 RJ45SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XP208 (Ethernet/IP)SCALANCE XB205-3 (ST, PN)SIMATIC S7-1200 CPU 1212C AC/DC/RlySCALANCE XB216 (E/IP)SIMOCODE pro V EIP 24V DCSCALANCE X302-7 EEC (230V, coated)SCALANCE XC208G PoESCALANCE XR524-8C, 2x230V (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC CFU PASCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ControllerSIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SIPLUS NET SCALANCE X308-2SIMATIC S7-1200 CPU 1212FC DC/DC/RlySCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE X304-2FESIMATIC CFU DIQSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE X224SCALANCE X308-2SCALANCE X204IRTSCALANCE X204-2LD TSSCALANCE X204-2FMSCALANCE M876-4 (EU)SCALANCE XC224-4C G (EIP Def.)SCALANCE XC206-2SFP GSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE X302-7 EEC (2x 24V)SCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE MUM856-1 (B1)SCALANCE X307-3SCALANCE XC216-4CSCALANCE XF201-3P IRTSIMOCODE pro V PN 110-240V AC/DCSIPLUS S7-1200 CPU 1212C AC/DC/RLYSCALANCE XF206-1SCALANCE XR324-12M (230V, ports on rear)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SOFTNET-IE PNIOSCALANCE X201-3P IRT PROSCALANCE X308-2LHSCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE M826-2 SHDSL-RouterSIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSCALANCE W1788-2 M12SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X202-2P IRTSCALANCE W774-1 M12 EECSIMATIC S7-1200 CPU 1211C DC/DC/RlySIPLUS S7-1200 CPU 1215C DC/DC/DCSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SIMATIC S7-1200 CPU 1214C AC/DC/RlySIMATIC S7-1200 CPU 1212FC DC/DC/DCSCALANCE W778-1 M12 EECSCALANCE XR324-12M (230V, ports on front)SIMATIC S7-1200 CPU 1217C DC/DC/DCSCALANCE XR324-4M PoE (24V, ports on front)SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC CP 1604SIMATIC MV540 HSCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE X307-2 EEC (2x 24V)SCALANCE XC208GSCALANCE XB213-3 (SC, PN)SIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC MV550 HSCALANCE XF208SCALANCE MUM853-1 (B1)SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XF204IRTSIMOCODE pro V EIP 110-240V AC/DCSCALANCE W778-1 M12 EEC (USA)SIPLUS S7-1200 CPU 1215 DC/DC/RLYSCALANCE X320-1-2LD FESCALANCE XC208SIMATIC S7-1200 CPU 1214FC DC/DC/RlySCALANCE XR552-12MSIMATIC CP 1626SCALANCE M876-3 (ROK)SIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1212C DC/DC/DCSCALANCE X216SCALANCE XR526-8C, 1x230V (L3 int.)Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200SCALANCE XR324-12M (24V, ports on front)SCALANCE X204-2LDSCALANCE X204-2TSSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE MUM856-1 (CN)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSIMATIC S7-1200 CPU 1215C AC/DC/RlySCALANCE M874-3 3G-Router (CN)SCALANCE S615 EEC LAN-RouterSCALANCE W786-2 SFPSCALANCE X302-7 EEC (2x 24V, coated)SIMATIC S7-1200 CPU 1215FC DC/DC/RlySCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SIMATIC MV560 XSCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE X308-2LH+SCALANCE XM416-4CSCALANCE X204IRT PROSIMATIC MV560 USCALANCE XR524-8C, 2x230VSIMATIC S7-1200 CPU V4 family (incl. SIPLUS variants)SCALANCE X204-2SCALANCE XB205-3LD (SC, E/IP)SIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214 DC/DC/RLYSCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE XR324-12M (24V, ports on rear)SIPLUS S7-1200 CPU 1214C DC/DC/DCSCALANCE XF204-2BA IRTSCALANCE M874-2SIMATIC S7-1200 CPU 1215FC DC/DC/DCSCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE X302-7 EEC (2x 230V)SCALANCE XP208EECSCALANCE XF204 DNASCALANCE X307-3LDSCALANCE X310SCALANCE XR324-4M PoE (230V, ports on front)SIPLUS S7-1200 CPU 1215 DC/DC/DCSCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE X208SCALANCE W786-2 RJ45RUGGEDCOM RM1224 LTE(4G) EUSIPLUS S7-1200 CPU 1212 AC/DC/RLYSCALANCE X302-7 EEC (24V)SCALANCE X308-2M TSSCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSCALANCE M804PBSCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE M876-4SCALANCE XC206-2SFPSIMATIC CP 1616Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200PSCALANCE W788-2 M12 EECSCALANCE X307-2 EEC (24V, coated)SCALANCE MUM856-1 (RoW)SIMATIC NET DK-16xx PN IOSIPLUS NET SCALANCE XC206-2SFPSCALANCE X307-2 EEC (230V)SIMOCODE pro V PN 24V DCdevelopment_evaluation_kits_for_profinet_io_ek_ertec_200pscalance_m816-1_adsl-router_annex_bscalence_x204_2tsscalence_m874_3scalance_m826-2_shdsl-routerscalance_m812-1_adsl-router_annex_bscalance_m816_1_adsl_router_annex_adevelopment_evaluation_kits_for_profinet_io_ek_ertec_200scalence_m874_2scalance_x200_4p_irtscalance_w1788_2ia_m12scalance_x201_3p_irt_proscalence_x204_2ldscalance_w1748_1_m12scalancce_x204_2scalance_m876_3_rokscalence_202_2p_irt_proscalance_w1788_2_eec_m12scalence_x204_2ld_tsscalance_w700_ieee_802.11n_familyscalance_m804pbscalance_s615scalance_x201_3p_irtscalance_w1788_2_m12scalance_m876_4_namscalance_m876_4_eudevelopment_evaluation_kits_for_profinet_io_dk_standard_ethernet_controllerscalance_m812-1_adsl-router_annex_ascalance_w1788_1_m12scalence_x204_2fmruggedcom_rm1224scalance_m876_3_evdoscalancce_x202_2p_irt
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2015-2177
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-42.89% / 97.56%
||
7 Day CHG-7.75%
Published-07 Mar, 2015 | 02:00
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_s7-300_cpu_firmwaresimatic_s7-300_cpun/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-28393
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.43% / 63.24%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).

Action-Not Available
Vendor-n/aSiemens AG
Product-scalance_xm416-4c_l3scalance_xr526scalance_xm408-8cscalance_xm416-4c_firmwarescalance_xr552_firmwarescalance_xr552scalance_xm408-4c_firmwarescalance_xm416-4cscalance_xr528scalance_xr528_firmwarescalance_xm-400_firmwarescalance_xm408-4cscalance_xm408-4c_l3_firmwarescalance_xm416-4c_l3_firmwarescalance_xm408-8c_l3_firmwarescalance_xr526_firmwarescalance_xm408-8c_l3scalance_xm408-4c_l3scalance_xr524scalance_xm408-8c_firmwarescalance_xr524_firmwarescalance_xm-400SCALANCE XM-400, XR-500
CWE ID-CWE-682
Incorrect Calculation
CVE-2026-28390
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.82%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 22:00
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Action-Not Available
Vendor-OpenSSLSiemens AG
Product-opensslOpenSSLSIMATIC CN 4100SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-43647
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.73% / 73.11%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-200 SMART CPU CR40SIMATIC S7-200 SMART CPU ST60SIMATIC S7-200 SMART CPU SR40SIMATIC S7-200 SMART CPU ST30SIMATIC S7-200 SMART CPU SR30SIMATIC S7-200 SMART CPU SR60SIMATIC S7-200 SMART CPU CR60SIMATIC S7-200 SMART CPU SR20SIMATIC S7-200 SMART CPU ST40SIMATIC S7-200 SMART CPU ST20simatic_s7-200_smart_cpu_st60
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-28389
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 22:00
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Action-Not Available
Vendor-OpenSSLSiemens AG
Product-opensslOpenSSLSIMATIC CN 4100SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-28388
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.04% / 14.06%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 22:00
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference When Processing a Delta CRL

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Action-Not Available
Vendor-OpenSSLSiemens AG
Product-opensslOpenSSLSIMATIC CN 4100SIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-25242
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.04%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover.

Action-Not Available
Vendor-Siemens AG
Product-simatic_net_cp_343-1_standard_firmwaresimatic_net_cp_343-1_advancedsimatic_net_cp_343-1_standardsimatic_net_cp_343-1_leansimatic_net_cp_343-1_advanced_firmwaresimatic_net_cp_343-1_lean_firmwareSIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants)SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-25241
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.33%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 17:03
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv420_sr-p_firmwaresimatic_mv440_srsimatic_mv420_sr-b_firmwaresimatic_mv420_sr-psimatic_mv440_sr_firmwaresimatic_mv420_sr-b_body_firmwaresimatic_mv420_sr-b_bodysimatic_mv440_ur_firmwaresimatic_mv420_sr-bsimatic_mv440_ursimatic_mv420_sr-p_body_firmwaresimatic_mv440_hrsimatic_mv440_hr_firmwaresimatic_mv420_sr-p_bodySIMATIC MV400 family
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2020-15796
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.17% / 78.99%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:05
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.

Action-Not Available
Vendor-Siemens AG
Product-simatic_et_200sp_open_controllersimatic_et_200sp_open_controller_firmwaresimatic_s7-1500_software_controller_firmwaresimatic_s7-1500_software_controllerSIMATIC ET 200SP Open Controller (incl. SIPLUS variants)SIMATIC S7-1500 Software Controller
CWE ID-CWE-248
Uncaught Exception
CVE-2026-22925
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.05% / 16.65%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 08:20
Updated-12 May, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by overwhelming system resources.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC CN 4100
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-15783
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.72%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 19:21
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_840d_slsimatic_s7-300_cpu_315f-2_pn_firmwaresimatic_s7-300_cpu_315-2_pnsimatic_s7-300_cpu_317-2_dp_firmwaresimatic_s7-300_cpu_314_firmwaresimatic_s7-300_cpu_315f-2_dp_firmwaresimatic_s7-300_cpu_315-2_dp_firmwaresimatic_s7-300_cpu_317f-2_dpsimatic_s7-300_cpu_312simatic_tdc_cpu555simatic_s7-300_cpu_317-2_dpsimatic_s7-300_cpu_315f-2_pnsimatic_s7-300_cpu_312_firmwaresimatic_s7-300_cpu_315-2_dpsimatic_s7-300_cpu_317f-2_dp_firmwaresimatic_s7-300_cpu_317-2_pn_firmwaresimatic_s7-300_cpu_317f-2_pn_firmwaresimatic_s7-300_cpu_315-2_pn_firmwaresimatic_s7-300_cpu_317f-2_pnsimatic_s7-300_cpu_315f-2_dpsimatic_s7-300_cpu_317-2_pnsinumerik_840d_sl_firmwaresimatic_s7-300_cpu_314simatic_tdc_cpu555_firmwareSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)SINUMERIK 840D slSIMATIC TDC CPU555
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-2590
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.30% / 54.07%
||
7 Day CHG~0.00%
Published-28 Mar, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.

Action-Not Available
Vendor-n/aSiemens AG
Product-ruggedcom_rsg2488ruggedcom_rugged_operating_systemruggedcom_rs950gn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2014-2733
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 59.52%
||
7 Day CHG~0.00%
Published-19 Apr, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.

Action-Not Available
Vendor-n/aSiemens AG
Product-sinema_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13987
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.17%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 21:37
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.

Action-Not Available
Vendor-open-iscsi_projectuip_projectcontiki-osn/aSiemens AG
Product-contikisentron_3va_com800_firmwaresentron_3va_com800uipsentron_3va_com100open-iscsisentron_pac3200sentron_pac3200_firmwaresentron_pac4200sentron_pac4200_firmwaresentron_3va_com100_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-14397
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.44% / 89.27%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-9086
Matching Score-8
Assigner-curl
ShareView Details
Matching Score-8
Assigner-curl
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.81%
||
7 Day CHG+0.26%
Published-12 Sep, 2025 | 05:10
Updated-02 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds read for cookie path

1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path=\"/\",`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.

Action-Not Available
Vendor-Debian GNU/LinuxCURLSiemens AG
Product-curldebian_linuxcurlSCALANCE XCH328SCALANCE XCM328RUGGEDCOM RST2428PSCALANCE XRM334 (230 V AC, 8xFO)SCALANCE XRM334 (230 V AC, 12xFO)SCALANCE XRM334 (2x230 V AC, 12xFO)SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (24 V DC, 8xFO)SCALANCE XCM332SCALANCE XCM324SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 familySCALANCE XRM334 (24 V DC, 12xFO)SCALANCE XRH334 (24 V DC, 8xFO, CC)SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)SCALANCE XRM334 (2x230 V AC, 8xFO)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-14398
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.27% / 84.98%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2020-14396
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 81.96%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:13
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.
Product-simatic_itc1500_pro_firmwareubuntu_linuxdebian_linuxsimatic_itc1500_prosimatic_itc1500simatic_itc1900simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prosimatic_itc2200_pro_firmwarelibvncserversimatic_itc1900_prosimatic_itc2200n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-13871
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.44% / 85.47%
||
7 Day CHG~0.00%
Published-06 Jun, 2020 | 15:37
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Debian GNU/LinuxOracle CorporationSiemens AGFedora Project
Product-sinec_infrastructure_network_servicesdebian_linuxcommunications_messaging_servercloud_backupsqliteontap_select_deploy_administration_utilityfedoracommunications_network_charging_and_controlzfs_storage_appliance_kithyperion_infrastructure_technologyenterprise_manager_ops_centermysql_workbenchn/a
CWE ID-CWE-416
Use After Free
CVE-2018-13805
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.50% / 66.16%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 17:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 incl. F (All versions >= V2.0 and < V2.5). An attacker can cause a denial-of-service condition on the network stack by sending a large number of specially crafted packets to the PLC. The PLC will lose its ability to communicate over the network. This vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. An attacker could use this vulnerability to compromise availability of the network connectivity. At the time of advisory publication no public exploitation of this vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500fsimatic_et_200spsimatic_et_200sp_firmwaresimatic_s7-1500_firmwaresimatic_s7-1500f_firmwaresimatic_s7-1500SIMATIC S7-1500 incl. FSIMATIC ET 200SP Open ControllerSIMATIC S7-1500 Software Controller
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-13815
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.45% / 64.04%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service condition impacting the availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1200_firmwaresimatic_s7-1200simatic_s7-1500_firmwaresimatic_s7-1500SIMATIC S7-1200, SIMATIC S7-1500
CWE ID-CWE-410
Insufficient Resource Pool
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-69420
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.13% / 78.70%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 16:01
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing ASN1_TYPE validation in TS_RESP_verify_response() function

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Action-Not Available
Vendor-OpenSSLSiemens AG
Product-opensslOpenSSLSIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-69421
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.13% / 31.66%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 16:01
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function

Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Action-Not Available
Vendor-OpenSSLSiemens AG
Product-opensslOpenSSLSIMATIC S7-1500 TM MFP - GNU/Linux subsystem
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.42%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:12
Updated-03 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linuxlibxml2 (XMLSoft)Siemens AG
Product-libxml2ubuntu_linuxclustered_data_ontapfedoraclustered_data_ontap_antivirus_connectordebian_linuxsteelstore_cloud_integrated_storagemanageability_software_development_kitontap_select_deploy_administration_utilitysinema_remote_connect_serveractive_iq_unified_managerreal_user_experience_insightn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-19926
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.34% / 92.45%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:53
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 30
  • 31
  • Next
Details not found