Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-37182

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-14 Jun, 2022 | 09:21
Updated At-04 Aug, 2024 | 01:16
Rejected At-
Credits

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:14 Jun, 2022 | 09:21
Updated At:04 Aug, 2024 | 01:16
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

Affected Products
Vendor
Siemens AGSiemens
Product
SCALANCE XM408-4C
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XM408-4C (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XM408-8C
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XM408-8C (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XM416-4C
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XM416-4C (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR524-8C, 1x230V
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR524-8C, 1x230V (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR524-8C, 24V
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR524-8C, 24V (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR524-8C, 2x230V
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR524-8C, 2x230V (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR526-8C, 1x230V
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR526-8C, 1x230V (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR526-8C, 24V
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR526-8C, 24V (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR526-8C, 2x230V
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR526-8C, 2x230V (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR528-6M
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR528-6M (2HR2)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR528-6M (2HR2, L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR528-6M (L3 int.)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR552-12M
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR552-12M (2HR2)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR552-12M (2HR2)
Versions
Affected
  • All versions < V6.5
Vendor
Siemens AGSiemens
Product
SCALANCE XR552-12M (2HR2, L3 int.)
Versions
Affected
  • All versions < V6.5
Problem Types
TypeCWE IDDescription
CWECWE-354CWE-354: Improper Validation of Integrity Check Value
Type: CWE
CWE ID: CWE-354
Description: CWE-354: Improper Validation of Integrity Check Value
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf
x_refsource_MISC
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf
x_refsource_MISC
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:14 Jun, 2022 | 10:15
Updated At:27 Jun, 2022 | 17:40

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
Siemens AG
siemens
>>scalance_xm408-4c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm408-4c>>-
cpe:2.3:h:siemens:scalance_xm408-4c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm408-4c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm408-4c_l3>>-
cpe:2.3:h:siemens:scalance_xm408-4c_l3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm408-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm408-8c>>-
cpe:2.3:h:siemens:scalance_xm408-8c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm408-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm408-8c_l3>>-
cpe:2.3:h:siemens:scalance_xm408-8c_l3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm416-4c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm416-4c>>-
cpe:2.3:h:siemens:scalance_xm416-4c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm416-4c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xm416-4c_l3>>-
cpe:2.3:h:siemens:scalance_xm416-4c_l3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr524-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr524-8c>>-
cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr524-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:1x230v:*
Siemens AG
siemens
>>scalance_xr524-8c>>-
cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:1x230v:*
Siemens AG
siemens
>>scalance_xr524-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:24v:*
Siemens AG
siemens
>>scalance_xr524-8c>>-
cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:24v:*
Siemens AG
siemens
>>scalance_xr524-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:2x230v:*
Siemens AG
siemens
>>scalance_xr524-8c>>-
cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:2x230v:*
Siemens AG
siemens
>>scalance_xr524-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr524-8c_l3>>-
cpe:2.3:h:siemens:scalance_xr524-8c_l3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr524-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:1x230v:*
Siemens AG
siemens
>>scalance_xr524-8c_l3>>-
cpe:2.3:h:siemens:scalance_xr524-8c_l3:-:*:*:*:*:*:1x230v:*
Siemens AG
siemens
>>scalance_xr524-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:24v:*
Siemens AG
siemens
>>scalance_xr524-8c_l3>>-
cpe:2.3:h:siemens:scalance_xr524-8c_l3:-:*:*:*:*:*:24v:*
Siemens AG
siemens
>>scalance_xr524-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:2x230v:*
Siemens AG
siemens
>>scalance_xr524-8c_l3>>-
cpe:2.3:h:siemens:scalance_xr524-8c_l3:-:*:*:*:*:*:2x230v:*
Siemens AG
siemens
>>scalance_xr526-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr526-8c>>-
cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr526-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:1x230v:*
Siemens AG
siemens
>>scalance_xr526-8c>>-
cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:1x230v:*
Siemens AG
siemens
>>scalance_xr526-8c>>-
cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:24v:*
Siemens AG
siemens
>>scalance_xr526-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:24v:*
Siemens AG
siemens
>>scalance_xr526-8c_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:2x230v:*
Siemens AG
siemens
>>scalance_xr526-8c>>-
cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:2x230v:*
Siemens AG
siemens
>>scalance_xr526-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr526-8c_l3>>-
cpe:2.3:h:siemens:scalance_xr526-8c_l3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr526-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:1x230v:*
Siemens AG
siemens
>>scalance_xr526-8c_l3>>-
cpe:2.3:h:siemens:scalance_xr526-8c_l3:-:*:*:*:*:*:1x230v:*
Siemens AG
siemens
>>scalance_xr526-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:24v:*
Siemens AG
siemens
>>scalance_xr526-8c_l3>>-
cpe:2.3:h:siemens:scalance_xr526-8c_l3:-:*:*:*:*:*:24v:*
Siemens AG
siemens
>>scalance_xr526-8c_l3>>-
cpe:2.3:h:siemens:scalance_xr526-8c_l3:-:*:*:*:*:*:2x230v:*
Siemens AG
siemens
>>scalance_xr526-8c_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:2x230v:*
Siemens AG
siemens
>>scalance_xr528-6m>>-
cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr528-6m_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr528-6m_2hr2>>-
cpe:2.3:h:siemens:scalance_xr528-6m_2hr2:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr528-6m_2hr2_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr528-6m_2hr2_l3>>-
cpe:2.3:h:siemens:scalance_xr528-6m_2hr2_l3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>scalance_xr528-6m_2hr2_l3_firmware>>Versions before 6.5(exclusive)
cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_l3_firmware:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-354Primarynvd@nist.gov
CWE-354Secondaryproductcert@siemens.com
CWE ID: CWE-354
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-354
Type: Secondary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdfproductcert@siemens.com
Patch
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf
Source: productcert@siemens.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

227Records found
CVE-2021-45117
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.04%
||
7 Day CHG+0.05%
Published-21 Mar, 2022 | 14:05
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.

Action-Not Available
Vendor-opcfoundationn/aSiemens AG
Product-simatic_net_pcua-nodesetsitop_managertelecontrol_server_basicn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-44007
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.89%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 12:06
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-193
Off-by-one Error
CVE-2021-44003
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.14%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 12:06
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-42020
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.54%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 11:31
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rs969ruggedcom_rs910ruggedcom_rsg2100ruggedcom_rsg2300pruggedcom_rs930lruggedcom_rsg907rruggedcom_rsg910cruggedcom_rs416ruggedcom_rs900wruggedcom_i801ruggedcom_rosruggedcom_m2100ruggedcom_rmcruggedcom_i800ruggedcom_rst2228ruggedcom_rs930wruggedcom_rmc8388ruggedcom_rsg2200ruggedcom_rs900ruggedcom_rs401ruggedcom_rs8000truggedcom_rsg909rruggedcom_rp110ruggedcom_rs910lruggedcom_i802ruggedcom_m969ruggedcom_rs910wruggedcom_rsg2100pruggedcom_rs8000ruggedcom_rst916pruggedcom_rs900gpruggedcom_rs900lruggedcom_rmc40ruggedcom_rsl910ruggedcom_rmc41ruggedcom_rsg920pruggedcom_rs920wruggedcom_rs416v2ruggedcom_rs8000aruggedcom_rsg2300ruggedcom_rst916cruggedcom_m2200ruggedcom_rs400ruggedcom_rst2228pruggedcom_rmc20ruggedcom_rs8000hruggedcom_rsg908cruggedcom_i803ruggedcom_rsg2488ruggedcom_rs900gruggedcom_rsg2288ruggedcom_rs920lruggedcom_rs940gruggedcom_rmc30RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS900MNC-STND-XX-C01RUGGEDCOM RSG920P V4.XRUGGEDCOM RS401NCRUGGEDCOM RSG2100PNC (32M) V4.XRUGGEDCOM RS920LNCRUGGEDCOM RS910LRUGGEDCOM RS930WRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG2288NC V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600RUGGEDCOM i801NCRUGGEDCOM RS940GRUGGEDCOM RSG2100NC(32M) V4.XRUGGEDCOM i800NCRUGGEDCOM RS910RUGGEDCOM RSG908CRUGGEDCOM RS8000NCRUGGEDCOM RS900NC(32M) V4.XRUGGEDCOM RS920LRUGGEDCOM RMC8388 V4.XRUGGEDCOM RS8000HRUGGEDCOM RS900LNCRUGGEDCOM RS8000TRUGGEDCOM RS910NCRUGGEDCOM RS900GRUGGEDCOM RS900M-STND-XXRUGGEDCOM RS900WRUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900MNC-STND-XXRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG910CRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS1600NCRUGGEDCOM RS969RUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RSG909RRUGGEDCOM RSG2100PRUGGEDCOM RS930LNCRUGGEDCOM RS416PRUGGEDCOM RSG920P V5.XRUGGEDCOM RSG2200NCRUGGEDCOM RS8000HNCRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FRUGGEDCOM RS416NCRUGGEDCOM RS930LRUGGEDCOM RSG907RRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XRUGGEDCOM RS940GNCRUGGEDCOM RS900GNCRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RS910LNCRUGGEDCOM RSG2288NC V4.XRUGGEDCOM RSG2488 V5.XRUGGEDCOM RMC30RUGGEDCOM RS8000ANCRUGGEDCOM RMC8388NC V4.XRUGGEDCOM RS1600TRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RS400NCRUGGEDCOM RS900MNC-GETS-C01RUGGEDCOM RS900M-GETS-C01RUGGEDCOM RSG2488NC V4.XRUGGEDCOM RP110RUGGEDCOM i801RUGGEDCOM RS416v2 V4.XRUGGEDCOM RS416NCv2 V4.XRUGGEDCOM RS8000TNCRUGGEDCOM RSG2300P V4.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RS920WRUGGEDCOM M2200RUGGEDCOM RS900MNC-GETS-XXRUGGEDCOM RSG2300NC V5.XRUGGEDCOM RS900GNC(32M) V4.XRUGGEDCOM RS900RUGGEDCOM RSG2100RUGGEDCOM M969NCRUGGEDCOM RS416PNCRUGGEDCOM RS1600FNCRUGGEDCOM RS400RUGGEDCOM RS900NC(32M) V5.XRUGGEDCOM RS1600TNCRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM M969RUGGEDCOM RS416PNCv2 V4.XRUGGEDCOM M2200NCRUGGEDCOM RS8000ARUGGEDCOM i803RUGGEDCOM RSG2100PNCRUGGEDCOM RSG920PNC V5.XRUGGEDCOM RSG2100NCRUGGEDCOM RP110NCRUGGEDCOM RSG2200RUGGEDCOM RSG2488NC V5.XRUGGEDCOM RSL910NCRUGGEDCOM RS969NCRUGGEDCOM RS416RUGGEDCOM RST2228PRUGGEDCOM i800RUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RS416PNCv2 V5.XRUGGEDCOM RS416NCv2 V5.XRUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSL910RUGGEDCOM RST916CRUGGEDCOM RS900GPRUGGEDCOM RS900GPNCRUGGEDCOM RSG2488 V4.XRUGGEDCOM i802RUGGEDCOM RS900GNC(32M) V5.XRUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RSG2300NC V4.XRUGGEDCOM RSG920PNC V4.XRUGGEDCOM i802NCRUGGEDCOM i803NCRUGGEDCOM M2100RUGGEDCOM RSG2300PNC V4.XRUGGEDCOM RS900NCRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RMC30NCRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM M2100NCRUGGEDCOM RSG2100P (32M) V5.X
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-41990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.26% / 86.64%
||
7 Day CHG+0.37%
Published-18 Oct, 2021 | 13:44
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Action-Not Available
Vendor-strongswann/aDebian GNU/LinuxSiemens AGFedora Project
Product-6gk5876-4aa00-2da2_firmware6gk5812-1ba00-2aa26gk5856-2ea00-3aa16gk6108-4am00-2da26gk5876-4aa00-2da26gk5876-3aa02-2ba2_firmware6gk5816-1aa00-2aa2_firmware6gk5876-3aa02-2ea2_firmware6gk5876-4aa00-2ba26gk5826-2ab00-2ab26gk5856-2ea00-3aa1_firmware6gk5876-4aa00-2ba2_firmware6gk5812-1aa00-2aa2fedora6gk6108-4am00-2da2_firmware6gk5856-2ea00-3da1_firmware6gk5874-2aa00-2aa2_firmware6gk5804-0ap00-2aa2_firmware6gk5874-3aa00-2aa26gk5812-1aa00-2aa2_firmware6gk5816-1ba00-2aa26gk5826-2ab00-2ab2_firmware6gk5874-2aa00-2aa26gk6108-4am00-2ba26gk5615-0aa00-2aa26gk5856-2ea00-3da1strongswan6gk5816-1ba00-2aa2_firmware6gk5874-3aa00-2aa2_firmware6gk5804-0ap00-2aa26gk5876-3aa02-2ea2debian_linux6gk6108-4am00-2ba2_firmware6gk5876-3aa02-2ba26gk5812-1ba00-2aa2_firmware6gk5615-0aa00-2aa2_firmware6gk5816-1aa00-2aa2n/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-41545
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.51%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:46
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a “out of work” state and could result in the controller going into a “factory reset” state.

Action-Not Available
Vendor-Siemens AG
Product-desigo_dxr2desigo_pxc3_firmwaredesigo_pxc4desigo_dxr2_firmwaredesigo_pxc5_firmwaredesigo_pxc4_firmwaredesigo_pxc3desigo_pxc5Desigo PXC5Desigo PXC3Desigo DXR2Desigo PXC4
CWE ID-CWE-248
Uncaught Exception
CVE-2021-41546
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.02%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_rx1511ruggedcom_rox_rx1512ruggedcom_rox_mx5000_firmwareruggedcom_rox_rx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524_firmwareruggedcom_rox_rx5000ruggedcom_rox_rx1501ruggedcom_rox_rx1536ruggedcom_rox_mx5000ruggedcom_rox_rx1524ruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx1512_firmwareRUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1512
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-40365
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.09% / 27.07%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507ssimatic_s7-1200_cpu_12_1214fcsimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1siplus_s7-300_cpu_314siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pc_firmwaresimatic_s7-1200_cpu_12_1214c_firmwaresimatic_s7-1200_cpu_12_1211csimatic_s7-1500_cpu_1508s_f_firmwaresimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1512spf-1simatic_s7-1500_cpu_1513-1simatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresimatic_s7-1200_cpu_12_1215csimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1500_cpu_1518-4_pn_firmwaresiplus_tim_1531_irc_firmwaresimatic_s7-1500_cpu_1518-4_dp_firmwaresimatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1508s_fsimatic_s7-1500_cpu_15prof-2_firmwaresimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517-3_pn_firmwaresimatic_s7-1500_cpu_1517-3_dpsimatic_s7-1200_cpu_12_1214csimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1214csiplus_tim_1531_ircsimatic_s7-1500_cpu_15prof-2simatic_s7-1500_cpu_1516tf-3siplus_s7-300_cpu_315-2_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_151511f-1_firmwaresimatic_s7-1500_cpu_1507s_f_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1511t-1simatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaretim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1508s_firmwaresimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1200_cpu_12_1212fcsimatic_s7-1500_cpu_151511c-1simatic_s7-1500_cpu_1518tf-4_firmwaresiplus_s7-1200_cp_1243-1simatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1507s_fsiplus_s7-300_cpu_315-2_dpsimatic_s7-1500_cpu_1518simatic_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pcsimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_et_200sp_cp_1543sp-1_isec_firmwaresimatic_s7-1500_cpu_1518_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1214_fc_firmwaresiplus_s7-1200_cp_1243-1_railsimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_s7-1200_cpu_1215_fc_firmwaresimatic_s7-1200_cpu_12_1215fc_firmwaresimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_15pro-2simatic_s7-1500_cpu_1518-4_pnsimatic_s7-1200_cpu_12_1212c_firmwaresimatic_s7-1200_cpu_12_1212fc_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_15pro-2_firmwaresimatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1500_cpu_151511c-1_firmwaresimatic_s7-1200_cpu_12_1217csimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_12_1217c_firmwaresimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_151511f-1simatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsiplus_s7-300_cpu_317-2_pn\/dp_firmwaresimatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1200_cpu_12_1215fcsiplus_et_200sp_cp_1543sp-1_isecsimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512csimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresiplus_s7-300_cpu_314_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_railsimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_12_1214fc_firmwaresimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1517-3_dp_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1200_cpu_12_1212csiplus_s7-300_cpu_315-2_pn\/dpsimatic_s7-1500_cpu_1511f-1siplus_s7-300_cpu_317-2_pn\/dpsimatic_s7-1500_cpu_1515tf-2siplus_s7-1200_cp_1243-1_rail_firmwaresimatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsiplus_s7-1200_cp_1243-1_firmwaresimatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssiplus_s7-300_cpu_315-2_dp_firmwaresimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1515t-2_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_s7-1500_cpu_1516-3_dp_firmwaresimatic_s7-1200_cpu_12_1215c_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1500_cpu_1516-3_pn_firmwaresimatic_s7-1200_cpu_12_1211c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-1500_cpu_1507s_firmwaresimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518t-4SIMATIC S7-1500 CPU 1512C-1 PNSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1510SP-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1517H-3 PNSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC Drive Controller CPU 1507D TFSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1513R-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1512SP F-1 PNTIM 1531 IRCSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 Software Controller V2SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1513-1 PNSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSIMATIC S7-1500 CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS S7-1500 CPU 1518HF-4 PNSIPLUS S7-1500 CPU 1513-1 PNSIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
CWE ID-CWE-20
Improper Input Validation
CVE-2021-40368
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.47%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-21 Apr, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions < V8.2.3), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400h_v6simatic_s7-410_v10simatic_s7-400_pn\/dp_v7simatic_s7-410_v8simatic_s7-410_v8_firmwaresimatic_s7-410_v10_firmwaresimatic_s7-400h_v6_firmware SIMATIC S7-400 CPU 414-2 DP V7 SIMATIC S7-400 CPU 414F-3 PN/DP V7 SIMATIC S7-400 CPU 414-3 DP V7 SIMATIC S7-400 CPU 416F-3 PN/DP V7 SIMATIC S7-400 CPU 416-2 DP V7 SIMATIC S7-400 CPU 412-2 DP V7 SIMATIC S7-400 CPU 414-3 PN/DP V7SIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416F-2 DP V7SIPLUS S7-400 CPU 417-4 V7SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 412-2 PN/DP V7 SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7 SIMATIC S7-400 CPU 412-1 DP V7 SIMATIC S7-400 CPU 416-3 DP V7 SIMATIC S7-400 CPU 417-4 DP V7SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SIPLUS S7-400 CPU 416-3 V7
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40142
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.15%
||
7 Day CHG~0.00%
Published-27 Aug, 2021 | 06:51
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

Action-Not Available
Vendor-opcfoundationn/aSiemens AG
Product-telecontrol_server_basicsimatic_wincc_runtimesimatic_winccsimatic_process_historian_opc_ua_server_firmwaresimatic_wincc_unified_scada_runtimesimatic_process_historian_opc_ua_serverlocal_discover_serversimatic_net_pcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-3749
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-8.37% / 91.96%
||
7 Day CHG-0.21%
Published-31 Aug, 2021 | 10:36
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in axios/axios

axios is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-axiosaxiosOracle CorporationSiemens AG
Product-sinec_insgoldengateaxiosaxios/axios
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-37185
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.43% / 79.88%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:16
Updated-18 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1simatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_1512spf-1simatic_drive_controller_cpu_1507d_tf_firmwaresimatic_s7-1500_cpu_1513-1simatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_1513r-1simatic_s7-1500_cpu_1511-1simatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_1214csimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1516tf-3simatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1500_cpu_1511t-1simatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515tf-2tim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1515t-2_firmwaresimatic_drive_controller_cpu_1504d_tfsimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1500_cpu_1518tf-4_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2simatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518t-4simatic_et_200sp_open_controller_cpu_1515sp_pc2TIM 1531 IRCSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-PLCSIM AdvancedSIMATIC Drive Controller familySIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC S7-1500 Software ControllerSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CVE-2021-37206
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.80%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_with_cpu_variant_cp300siprotec_5_with_cpu_variant_cp100siprotec_5_with_cpu_variant_cp050SIPROTEC 5 relays with CPU variants CP050SIPROTEC 5 relays with CPU variants CP300SIPROTEC 5 relays with CPU variants CP100
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37205
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.14% / 77.53%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:16
Updated-18 Apr, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1simatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_1512spf-1simatic_drive_controller_cpu_1507d_tf_firmwaresimatic_s7-1500_cpu_1513-1simatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_1513r-1simatic_s7-1500_cpu_1511-1simatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_1214csimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1516tf-3simatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1500_cpu_1511t-1simatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515tf-2tim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1515t-2_firmwaresimatic_drive_controller_cpu_1504d_tfsimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1500_cpu_1518tf-4_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2simatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518t-4simatic_et_200sp_open_controller_cpu_1515sp_pc2TIM 1531 IRCSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-PLCSIM AdvancedSIMATIC Drive Controller familySIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC S7-1500 Software ControllerSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-37199
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.43%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 09:49
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_808dsinumerik_828dsinumerik_808d_firmwaresinumerik_828d_firmwareSINUMERIK 808DSINUMERIK 828D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-9042
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-3.7||LOW
EPSS-2.53% / 84.86%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 20:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

Action-Not Available
Vendor-ntpFreeBSD FoundationTalos (Cisco Systems, Inc.)Hewlett Packard Enterprise (HPE)Siemens AG
Product-freebsdntpsimatic_net_cp_443-1_opc_uasimatic_net_cp_443-1_opc_ua_firmwarehpux-ntpNetwork Time Protocol
CWE ID-CWE-20
Improper Input Validation
CVE-2023-35921
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.86%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-13 Nov, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv540_s_firmwaresimatic_mv540_ssimatic_mv560_x_firmwaresimatic_mv560_usimatic_mv560_u_firmwaresimatic_mv550_s_firmwaresimatic_mv540_hsimatic_mv550_h_firmwaresimatic_mv550_ssimatic_mv560_xsimatic_mv550_hsimatic_mv540_h_firmwareSIMATIC MV560 USIMATIC MV540 SSIMATIC MV540 HSIMATIC MV550 HSIMATIC MV550 SSIMATIC MV560 Xsimatic_mv540_ssimatic_mv560_usimatic_mv540_hsimatic_mv550_ssimatic_mv560_xsimatic_mv550_h
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-4955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-5.19% / 89.53%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

Action-Not Available
Vendor-ntpn/aSiemens AGopenSUSESUSENovellOracle Corporation
Product-solarissimatic_net_cp_443-1_opc_ualeapntpopensusemanager_proxyopenstack_cloudsuse_managerlinux_enterprise_desktopsimatic_net_cp_443-1_opc_ua_firmwarelinux_enterprise_servern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-4953
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.64% / 93.72%
||
7 Day CHG-3.96%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

Action-Not Available
Vendor-ntpn/aSiemens AGopenSUSESUSEOracle Corporation
Product-tim_4r-iesolarissimatic_net_cp_443-1_opc_ualeapntpopensusemanager_proxyopenstack_cloudtim_4r-ie_dnp3_firmwarelinux_enterprise_desktopsimatic_net_cp_443-1_opc_ua_firmwaremanagertim_4r-ie_dnp3tim_4r-ie_firmwarelinux_enterprise_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-6575
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.33% / 79.14%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:40
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_software_controllersimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_et_200_open_controller_cpu_1515sp_pc2simatic_hmi_ktp_mobile_panels_ktp400fsimatic_s7-1500_firmwaresimatic_rf600rsimatic_wincc_runtime_hsp_comfortsimatic_rf188c_firmwaresimatic_hmi_comfort_outdoor_panels_firmwareopc_unified_architecturesimatic_s7-1500simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_wincc_runtime_mobilesimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_s7-1500s_firmwaresimatic_s7-1500tsimatic_rf188csimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_wincc_oasimatic_ipc_diagmonitorsimatic_cp443-1_opc_ua_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwaresimatic_s7-1500fsimatic_wincc_runtime_comfortsimatic_rf600r_firmwaresimatic_hmi_ktp_mobile_panels_ktp700fsimatic_net_pc_software_firmwaresimatic_cp443-1_opc_uasimatic_hmi_ktp_mobile_panels_ktp900fsimatic_s7-1500t_firmwaresimatic_hmi_comfort_outdoor_panelssinema_serversinumerik_opc_ua_serversimatic_s7-1500f_firmwaresimatic_hmi_ktp_mobile_panels_ktp700telecontrol_server_basicsimatic_et_200_open_controller_cpu_1515sp_pc2_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_s7-1500ssimatic_ipc_diagmonitor_firmwaresimatic_net_pc_softwaresimatic_wincc_runtime_advancedsinec-nmsSIMATIC NET PC Software V14SIMATIC WinCC Runtime AdvancedSIMATIC NET PC Software V15SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)SIMATIC WinCC OASIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC NET PC Software V13SIMATIC CP 443-1 OPC UASIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SINUMERIK OPC UA ServerTeleControl Server BasicSINEMA ServerSINEC NMSSIMATIC S7-1500 Software ControllerSIMATIC RF188CSIMATIC RF600R familySIMATIC IPC DiagMonitorSIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-6571
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.31%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:47
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02). An attacker with network access to port 10005/tcp of the LOGO! device could cause a Denial-of-Service condition by sending specially crafted packets. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_firmwarelogo\!8SIEMENS LOGO!8
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-6574
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.79% / 72.99%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 19:54
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr3_firmwaresinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2_firmwaresinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4sinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr4_firmwaresinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4_firmwaresinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr3_firmwaresinamics_perfect_harmony_gh180_with_nxg_ii_control_mlfb_6sr2sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr4sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2sinamics_perfect_harmony_gh180_with_nxg_i_control_mlfb_6sr2_firmwareSINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-6568
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.34%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:40
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rf182ccp1604_firmwaresimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_s7-400_pn\/dpsimatic_s7-400_pn_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pc2simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmwaresimatic_teleservice_adapter_ie_standard_firmwaresimatic_s7-1500_firmwaresinamics_s150_firmwaresimatic_rf600rsimatic_winac_rtxsinamics_gm150sinamics_s210sinamics_gl150_firmwaresimatic_s7-400_pnsimatic_teleservice_adapter_ie_advanced_firmwaretim_1531_ircsimatic_cp343-1_advancedsinamics_gl150sitop_psu8600_firmwaresimatic_s7-300simatic_rf188csimatic_hmi_comfort_panelssimatic_teleservice_adapter_ie_advancedsitop_ups1600simatic_rf185c_firmwaresimatic_ipc_diagmonitorsitop_managersimatic_winac_rtx_firmwaresinamics_gh150simatic_s7-300_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwarecp1616simatic_rf600r_firmwaresimatic_cp443-1_advanced_firmwaresimatic_hmi_ktp_mobile_panels_ktp700fsimatic_cp343-1_advanced_firmwaresimatic_cp443-1_opc_uasimatic_s7-1500t_firmwaresinamics_sm120simatic_cp443-1_advancedsimatic_s7-1500f_firmwaresimocode_pro_v_eipsitop_ups1600_firmwaresinamics_s210_firmwarecp1616_firmwaresimatic_hmi_ktp_mobile_panels_ktp900sinamics_s150sinamics_sl150_firmwaresimatic_s7-1500ssimatic_cp443-1_firmwarecp1604simatic_s7-1500_software_controllersimocode_pro_v_pnsimatic_rf186c_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsimatic_rf188c_firmwaresimatic_hmi_comfort_outdoor_panels_firmwaresimatic_rf185csimatic_s7-1500simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresitop_psu8600simatic_s7-400_pn\/dp_firmwaresimatic_teleservice_adapter_ie_basictim_1531_irc_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_s7-1500tsimatic_s7-1500s_firmwaresinamics_gm150_firmwaresinamics_sm150sinamics_g150sinamics_g130simatic_rf181-eip_firmwaresimatic_s7-1500fsinamics_gh150_firmwaresinamics_sl150simatic_rf182c_firmwaresinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsimatic_cp443-1simatic_hmi_comfort_outdoor_panelssimatic_teleservice_adapter_ie_standardsimatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_rf181-eipsimatic_hmi_ktp_mobile_panels_ktp700simatic_teleservice_adapter_ie_basic_firmwaresinamics_g150_firmwaresimatic_rf186csimatic_et_200_sp_open_controller_cpu_1515sp_pcsimocode_pro_v_eip_firmwaresinamics_s120sinamics_g130_firmwaresimocode_pro_v_pn_firmwaresimatic_hmi_comfort_panels_firmwaresinamics_s120_firmwaresimatic_s7-plcsim_advancedsimatic_wincc_runtime_advancedsinamics_sm120_firmwareSINAMICS S150 V4.6 Control UnitSIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)SINAMICS G130 V4.7 SP1 Control UnitSINAMICS G150 V4.7 Control UnitSINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)SIMATIC ET 200S IM151-8F PN/DP CPUSIMATIC CP 443-1 OPC UASITOP UPS1600 (incl. SIPLUS variants)SINAMICS G130 V4.6 Control UnitSIMATIC Teleservice Adapter IE StandardSINAMICS G150 V5.1 SP1 Control UnitSINAMICS S150 V4.7 SP1 Control UnitSIMATIC RF186CSIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSINAMICS GH150 V4.7 (Control Unit)SIMATIC CP 443-1 AdvancedSINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)SIMATIC S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-300 CPU 317TF-3 PN/DPSIMATIC RF600R familySIMATIC CP 443-1SIMOCODE pro V PROFINET (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS SL150 V4.8 (Control Unit)SINAMICS GM150 V4.8 (Control Unit)SIMATIC WinCC Runtime AdvancedSINAMICS G150 V4.7 SP1 Control UnitSIMATIC ET 200pro IM154-8F PN/DP CPUSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC CP 343-1 AdvancedSIMATIC RF185CSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SINAMICS SM120 V4.7 (Control Unit)SIMATIC S7-300 CPU 319-3 PN/DPSIMATIC Teleservice Adapter IE AdvancedSINAMICS SM150 V4.8 (Control Unit)SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SINAMICS GH150 V4.8 (Control Unit)SIPLUS ET 200S IM151-8 PN/DP CPUSITOP PSU8600SINAMICS G150 V5.1 Control UnitSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SINAMICS G130 V4.7 Control UnitSINAMICS S150 V5.1 SP1 Control UnitSINAMICS SL150 V4.7 (Control Unit)SINAMICS G130 V4.8 Control UnitSIMATIC CP 1604SIMATIC S7-1500 Software ControllerSINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)SIPLUS ET 200S IM151-8F PN/DP CPUSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC ET 200pro IM154-8 PN/DP CPUSIMATIC RF182CSINAMICS S210SIPLUS S7-300 CPU 317F-2 PN/DPSIPLUS NET CP 443-1SIPLUS S7-300 CPU 314C-2 PN/DPSINAMICS G130 V5.1 SP1 Control UnitSIMATIC WinAC RTX 2010SIMATIC ET 200S IM151-8 PN/DP CPUSINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)SIMATIC CP 1616SINAMICS GM150 V4.7 (Control Unit)SINAMICS S150 V5.1 Control UnitSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)SIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS NET CP 343-1 AdvancedSINAMICS S150 V4.7 Control UnitSINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)SINAMICS GL150 V4.8 (Control Unit)SIMATIC Teleservice Adapter IE BasicSIPLUS NET CP 443-1 AdvancedSITOP ManagerSINAMICS G130 V5.1 Control UnitSINAMICS SM120 V4.8 (Control Unit)SIPLUS S7-300 CPU 315-2 PN/DPSIMATIC S7-PLCSIM AdvancedSIMATIC S7-300 CPU 315-2 PN/DPSINAMICS GL150 V4.7 (Control Unit)SIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)TIM 1531 IRC (incl. SIPLUS NET variants)SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC WinAC RTX F 2010SINAMICS G150 V4.6 Control UnitSIMATIC RF188CSIMATIC RFID 181EIPSIMATIC ET 200pro IM154-8FX PN/DP CPUSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC IPC DiagMonitorSINAMICS S150 V4.8 Control UnitSINAMICS G150 V4.8 Control Unit
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-2598
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 64.79%
||
7 Day CHG~0.00%
Published-08 Jun, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.

Action-Not Available
Vendor-n/aSiemens AG
Product-winccn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-28766
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.33%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 09:03
Updated-02 Aug, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_7sx82_firmwaresiprotec_5_7ut85_firmwaresiprotec_5_6md85_firmwaresiprotec_5_7sl82siprotec_5_7sl86siprotec_5_7sx82siprotec_5_7st86_firmwaresiprotec_5_communication_module_ethba2el_firmwaresiprotec_5_7sj81siprotec_5_7sl87siprotec_5_7sj85siprotec_5_7sd82_firmwaresiprotec_5_7sl87_firmwaresiprotec_5_7sk85siprotec_5_7sx85_firmwaresiprotec_5_7ut85siprotec_5_communication_module_ethbb2fosiprotec_5_7sd84siprotec_5_7sj86siprotec_5_7st85siprotec_5_7sk85_firmwaresiprotec_5_7sj82siprotec_5_7sj86_firmwaresiprotec_5_7vu85siprotec_5_7ut87_firmwaresiprotec_5_7ut82_firmwaresiprotec_5_communication_module_ethbd2fosiprotec_5_7vk87siprotec_5_7sa84_firmwaresiprotec_5_6md86siprotec_5_7ut86_firmwaresiprotec_5_7sd87siprotec_5_7um85siprotec_5_6md85siprotec_5_communication_module_ethbd2fo_firmwaresiprotec_5_7st85_firmwaresiprotec_5_7ss85_firmwaresiprotec_5_7ve85_firmwaresiprotec_5_compact_7sx800_firmwaresiprotec_5_7ss85siprotec_5_7um85_firmwaresiprotec_5_7sd84_firmwaresiprotec_5_7sj81_firmwaresiprotec_5_7sk82_firmwaresiprotec_5_7sa86siprotec_5_7sd86_firmwaresiprotec_5_7st86siprotec_5_7sa84siprotec_5_7sa82siprotec_5_7ut82siprotec_5_7sd82siprotec_5_7sd86siprotec_5_7sj85_firmwaresiprotec_5_communication_module_ethbb2fo_firmwaresiprotec_5_7ke85siprotec_5_6md86_firmwaresiprotec_5_7sa86_firmwaresiprotec_5_6mu85_firmwaresiprotec_5_7ut86siprotec_5_7ut87siprotec_5_7sk82siprotec_5_7sj82_firmwaresiprotec_5_7sa82_firmwaresiprotec_5_7sd87_firmwaresiprotec_5_communication_module_ethba2elsiprotec_5_7ve85siprotec_5_7sa87siprotec_5_6md89siprotec_5_7sx85siprotec_5_6md89_firmwaresiprotec_5_7vk87_firmwaresiprotec_5_7sl86_firmwaresiprotec_5_7vu85_firmwaresiprotec_5_7sl82_firmwaresiprotec_5_7sa87_firmwaresiprotec_5_6mu85siprotec_5_compact_7sx800siprotec_5_7ke85_firmwareSIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 Communication Module ETH-BD-2FOSIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 Communication Module ETH-BB-2FOSIPROTEC 5 6MD85 (CP300)SIPROTEC 5 Communication Module ETH-BA-2ELSIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 6MD89 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SJ82 (CP150)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-28831
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.43% / 61.61%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-21 Aug, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1514sp-2_pnsimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1514sp-2_pn_firmwaresimatic_s7-1500_et_200pro_firmwaresimatic_s7-1500_cpu_1512sp_f-1_pnsimatic_s7-1500_cpu_1511c-1_pn_firmwaresiplus_s7-1500_cpu_1518hf-4_pnsimatic_s7-1500_cpu_1515t-2_pnsiplus_et_200sp_cpu_1512sp-1_pnsiplus_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1512sp-1_pnsiplus_s7-1500_cpu_1515f-2_pnsiplus_s7-1500_cpu_1516-3_pn\/dp_tx_railsimatic_s7-1500_cpu_1515-2_pnsimatic_s7-1500_cpu_1515r-2_pn_firmwaresimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1511t-1_pnsiplus_s7-1500_cpu_1517h-3_pnsimatic_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1517t-3_pn\/dpsiplus_et_200sp_cpu_1510sp_f-1_pnsiplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmwaresimatic_s7-1500_cpu_1510sp-1_pn_firmwaresimatic_s7-1500_cpu_1518hf-4_pnsimatic_s7-1500_cpu_1510sp_f-1_pnsimatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dp_railsimatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odk_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_mfpsiplus_et_200sp_cpu_1512sp_f-1_pn_railsimatic_s7-1500_cpu_1516t-3_pn\/dpsimatic_s7-1500_cpu_1514spt_f-2_pnsimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1516tf-3_pn\/dpsiplus_s7-1500_cpu_1516f-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1515f-2_pn_t2_railsiplus_s7-1500_cpu_1516-3_pn\/dp_tx_rail_firmwaresimatic_s7-1500_cpu_1514spt-2_pn_firmwaresimatic_s7-1500_cpu_1513r-1_pn_firmwaresimatic_s7-1500_cpu_1518hf-4_pn_firmwaresimatic_s7-1500_cpu_1515tf-2_pn_firmwaresiplus_et_200sp_cpu_1510sp-1_pn_firmwaresiplus_et_200sp_cpu_1512sp-1_pn_railsiplus_s7-1500_cpu_1518-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1517tf-3_pn\/dpsiplus_s7-1500_cpu_1515r-2_pn_firmwaresiplus_s7-1500_cpu_1518-4_pn\/dp_mfpsimatic_s7-1500_cpu_1510sp_f-1_pn_firmwaresiplus_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresimatic_drive_controller_cpu_1507d_tf_firmwaresiplus_s7-1500_cpu_1511-1_pn_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dp_rail_firmwaresimatic_s7-1500_cpu_1516tf-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511-1_pn_t1_rail_firmwaresimatic_s7-1500_cpu_1515tf-2_pnsimatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1515r-2_pnsimatic_s7-1500_cpu_1518t-4_pn\/dpsimatic_cloud_connect_7_cc712_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dpsimatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1200_cpu_firmwaresimatic_s7-1500_cpu_1514spt_f-2_pn_firmwaresimatic_s7-1500_cpu_1513r-1_pnsimatic_s7-1500_cpu_1518tf-4_pn\/dpsimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1518t-4_pn\/dp_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1516t-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511-1_pn_tx_rail_firmwaresiplus_s7-1500_cpu_1511-1_pn_tx_railsimatic_s7-1500_cpu_1517h-3_pnsimatic_s7-1500_cpu_1512sp-1_pn_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_railsiplus_s7-1500_cpu_1513f-1_pn_firmwaresimatic_s7-1200_cpusimatic_cloud_connect_7_cc716_firmwaresimatic_s7-1500_et_200prosimatic_s7-1500_cpu_1514spt-2_pnsimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmwaresiplus_s7-1500_cpu_1515f-2_pn_rail_firmwaresimatic_s7-1500_cpu_1511tf-1_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsiplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmwaresiplus_et_200sp_cpu_1510sp-1_pn_railsimatic_s7-1500_cpu_1511f-1_pnsiplus_et_200sp_cpu_1512sp_f-1_pnsiplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1510sp-1_pnsiplus_s7-1500_cpu_1511-1_pn_t1_railsiplus_et_200sp_cpu_1510sp-1_pnsimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1_pnsiplus_s7-1500_cpu_1515r-2_pn_tx_railsiplus_et_200sp_cpu_1512sp-1_pn_firmwaresimatic_drive_controller_cpu_1504d_tfsiplus_et_200sp_cpu_1512sp-1_pn_rail_firmwaresiplus_et_200sp_cpu_1512sp_f-1_pn_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_1515t-2_pn_firmwaresiplus_s7-1500_cpu_1516f-3_pn\/dp_railsimatic_s7-1500_cpu_s7-1518-4_pn\/dp_odk_firmwaresimatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odksiplus_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1517h-3_pn_firmwaresimatic_s7-1500_cpu_s7-1518-4_pn\/dp_odksiplus_et_200sp_cpu_1510sp-1_pn_rail_firmwaresimatic_s7-1500_cpu_1517t-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1518f-4_pn\/dpsiplus_s7-1500_cpu_1516f-3_pn\/dp_rail_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsiplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmwaresiplus_s7-1500_cpu_1517h-3_pn_firmwaresimatic_s7-1500_cpu_1512c-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511f-1_pnsiplus_s7-1500_cpu_1515f-2_pn_railsimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1511tf-1_pn_firmwaresiplus_s7-1500_cpu_1518hf-4_pn_firmwaresimatic_s7-1500_cpu_1514sp_f-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1512c-1_pnsiplus_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1513-1_pn_firmwaresiplus_s7-1500_cpu_1513-1_pnsiplus_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1517tf-3_pn\/dp_firmwaresimatic_cloud_connect_7_cc712simatic_s7-1500_cpu_1512sp_f-1_pn_firmwaresimatic_s7-1500_cpu_1514sp_f-2_pnsiplus_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1518tf-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1515r-2_pnsimatic_s7-1500_cpu_1511t-1_pn_firmwaresimatic_s7-1500_software_controllersimatic_et_200sp_open_controller_cpu_firmwaresiplus_s7-1500_cpu_1515f-2_pn_firmwaresimatic_cloud_connect_7_cc716simatic_et_200sp_open_controller_cpuSIPLUS S7-1500 CPU 1511F-1 PNSIMATIC ET 200SP CPU 1512SP-1 PNSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIPLUS ET 200SP CPU 1510SP F-1 PNSINUMERIK ONESIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1515-2 PNSIMATIC PCS 7 V9.1SIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC S7-PLCSIM AdvancedSIMATIC IPC DiagMonitorSIMATIC SISTARSIMATIC S7-1500 CPU 1517T-3 PN/DPSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC Comfort/Mobile RTSIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC WinCC Runtime Professional V18SIMATIC WinCC V7.5SIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC WinCC OPC UA ClientSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC WinCC V8.0SIMATIC WinCC Runtime Professional V19SIMATIC S7-1500 Software Controller V2SIPLUS ET 200SP CPU 1510SP-1 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 CPU 1516T-3 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC WinCC OA V3.17SIMATIC WinCC V7.4SIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC PCS neo V4.0SIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC NET PC Software V14SIMATIC NET PC Software V16SIMATIC WinCC OA V3.18SIMATIC ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1512C-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIMATIC WinCC Unified OPC UA ServerSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC WinCC Runtime Professional V17SIMATIC Drive Controller CPU 1507D TFSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC NET PC Software V18SIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC WinCC OA V3.19SIMATIC S7-1500 CPU 1511C-1 PNSIMATIC ET 200SP CPU 1514SPT-2 PNSIPLUS S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1511TF-1 PNSIMATIC S7-1500 Software Controller V3SIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1511T-1 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC Cloud Connect 7 CC716SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC NET PC Software V17SIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC Cloud Connect 7 CC712SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC ET 200SP CPU 1514SP-2 PNSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1517F-3 PN/DPSIPLUS S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC S7-1500 CPU 1513-1 PNSINUMERIK MCSIMATIC BRAUMATSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC WinCC Runtime Professional V16
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-20840
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.81% / 82.11%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:11
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.86%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:12
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectSiemens AGlibxml2 (XMLSoft)Debian GNU/Linux
Product-ubuntu_linuxclustered_data_ontapdebian_linuxmanageability_software_development_kitsinema_remote_connect_serverontap_select_deploy_administration_utilityfedoraactive_iq_unified_managerlibxml2clustered_data_ontap_antivirus_connectorreal_user_experience_insightsteelstore_cloud_integrated_storagen/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-19880
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.24% / 93.25%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:07
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-enterprise_linux_serversinec_infrastructure_network_servicesdebian_linuxcloud_backupsqlitelinux_enterpriseenterprise_linux_workstationpackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19244
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.77%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 19:32
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.

Action-Not Available
Vendor-sqliten/aOracle CorporationCanonical Ltd.Siemens AG
Product-sinec_infrastructure_network_servicesubuntu_linuxsqlitemysql_workbenchn/a
CVE-2019-19925
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.25% / 93.60%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 16:03
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-19279
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.08%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_4siprotec_compactSIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules
CWE ID-CWE-20
Improper Input Validation
CVE-2019-19281
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.35%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability.

Action-Not Available
Vendor-Siemens AG
Product-simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_s7-1500_cpu_1507ssimatic_s7-1500_cpu_1516-3_dp_firmwaresimatic_s7-1500_cpu_1517-3_dp_firmwaresimatic_s7-1500_cpu_1508s_firmwaresimatic_s7-1500_cpu_1518-4_pn_firmwaresimatic_s7-1500_cpu_1518-4_dp_firmwaresimatic_s7-1500_cpu_1508s_f_firmwaresimatic_s7-1500_cpu_1507s_f_firmwaresimatic_s7-1500_cpu_1507s_fsimatic_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_pn_firmwaresimatic_s7-1500_cpu_1518-4_pnsimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_1515-2_pnsimatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1508s_fsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1517-3_pn_firmwaresimatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssimatic_s7-1500_cpu_1507s_firmwaresimatic_s7-1500_cpu_1518-4_dpsimatic_s7-1500_cpu_1517-3_dpsimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1500_cpu_1511-1_pnsimatic_et_200sp_open_controller_cpu_1515sp_pc2SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-1500 Software Controller
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-19301
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.62%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 19:50
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rf182csimatic_rf182c_firmwarescalance_xp-200_firmwarescalance_x-200irt_pro_firmwaresimatic_cp_443-1_advanced_firmwarescalance_xc-200_firmwaresimatic_cp_443-1_firmwarescalance_xb-200scalance_xr-300wg_firmwarescalance_xr-300wgscalance_xp-200simatic_rf180cscalance_x-200irt_firmwarescalance_xr-300scalance_x-300scalance_x-200irtscalance_x-200irt_prosimatic_cp_443-1scalance_xb-200_firmwarescalance_xf-200_firmwarescalance_xf-200scalance_xr-300_firmwarescalance_x-300_firmwaresimatic_rf180c_firmwarescalance_xc-200simatic_cp_443-1_advancedSCALANCE XF208SCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE X204IRTSCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XF204-2BA IRTSCALANCE X204-2FMSCALANCE X204-2TSSCALANCE X307-3SCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X204-2LD TSSCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SIMATIC CP 443-1 AdvancedSIMATIC RF180CSCALANCE X224SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE X202-2P IRTSCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SIMATIC CP 443-1SCALANCE X206-1LDSCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SIMATIC CP 343-1 AdvancedSCALANCE X208SCALANCE X304-2FESCALANCE X307-2 EEC (230V)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE X302-7 EEC (2x 24V)SCALANCE XF204IRTSCALANCE X307-2 EEC (2x 230V)SCALANCE X208PROSCALANCE X212-2LDSCALANCE X204IRT PROSCALANCE X302-7 EEC (24V)SCALANCE X204-2SCALANCE XF206-1SIMATIC RF182CSCALANCE XR324-4M EEC (2x 24V, ports on rear)SIPLUS NET CP 443-1SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE X204-2LDSCALANCE X201-3P IRTSCALANCE X308-2MSCALANCE X308-2M PoESCALANCE X310FESCALANCE X308-2LH+SCALANCE X206-1SCALANCE XF204SIPLUS NET CP 343-1 AdvancedSCALANCE X307-3LDSCALANCE X202-2IRTSCALANCE X308-2LHSCALANCE XF204-2SCALANCE XR324-4M EEC (24V, ports on rear)SIMATIC CP 442-1 RNASCALANCE XR324-4M PoE (24V, ports on front)SIPLUS NET CP 443-1 AdvancedSCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SCALANCE XF201-3P IRTSCALANCE XF202-2P IRTSCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X202-2P IRT PROSCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X212-2SCALANCE X320-1 FESCALANCE X306-1LD FESIMATIC CP 443-1 RNASCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X216SCALANCE X302-7 EEC (230V, coated)SCALANCE X201-3P IRT PROSCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X200-4P IRTSCALANCE X320-1-2LD FESCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-19242
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.25% / 47.87%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 15:30
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

Action-Not Available
Vendor-sqliten/aCanonical Ltd.Oracle CorporationRed Hat, Inc.Siemens AG
Product-sinec_infrastructure_network_servicesubuntu_linuxsqliteenterprise_linuxmysql_workbenchn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19298
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.22%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.

Action-Not Available
Vendor-Siemens AG
Product-sinvr\/sivms_video_serverSiNVR/SiVMS Video Server
CWE ID-CWE-20
Improper Input Validation
CVE-2019-19282
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.02%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

Action-Not Available
Vendor-Siemens AG
Product-openpcs_7simatic_winccsimatic_pcs_7simatic_route_controlsimatic_net_pcsimatic_batchSIMATIC NET PC Software V14SIMATIC NET PC Software V15SIMATIC WinCC (TIA Portal) V14SIMATIC WinCC (TIA Portal) V13SIMATIC BATCH V8.1SIMATIC WinCC V7.3SIMATIC PCS 7 V9.0OpenPCS 7 V9.0OpenPCS 7 V8.2SIMATIC WinCC V7.4OpenPCS 7 V8.1SIMATIC WinCC V7.5SIMATIC BATCH V8.2SIMATIC PCS 7 V8.1SIMATIC WinCC (TIA Portal) V16SIMATIC Route Control V8.2SIMATIC WinCC (TIA Portal) V15.1SIMATIC Route Control V8.1SIMATIC NET PC Software V16SIMATIC Route Control V9.0SIMATIC BATCH V9.0SIMATIC PCS 7 V8.2
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2019-19923
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.88% / 94.06%
||
7 Day CHG~0.00%
Published-24 Dec, 2019 | 15:43
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-19926
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.11% / 93.20%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:53
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Action-Not Available
Vendor-sqliten/aDebian GNU/LinuxNetApp, Inc.Siemens AGRed Hat, Inc.openSUSEOracle CorporationSUSE
Product-sinec_infrastructure_network_servicesenterprise_linux_serverdebian_linuxcloud_backupsqliteenterprise_linux_workstationlinux_enterprisepackage_hubbackports_sleenterprise_linux_desktopmysql_workbenchleapn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-18301
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.25%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18317
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.33%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-18318
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.33%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_application_serverSPPA-T3000 Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2019-18311
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-952
Not Available
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18307
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-18291
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.25%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18294
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.25%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18303
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.25%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18292
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18304
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.35%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18336
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.25%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 19:16
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-300_cpu_313simatic_tdc_cpu555_firmwaresimatic_tdc_cp51m1_firmwaresimatic_s7-300_cpu_316-2_dp_firmwaresimatic_s7-300_cpu_314simatic_tdc_cp51m1simatic_s7-300_cpu_314_ifmsimatic_tdc_cpu555simatic_s7-300_cpu_312_ifmsimatic_s7-300_cpu_318-2_firmwaresimatic_s7-300_cpu_313_firmwaresimatic_s7-300_cpu_314_ifm_firmwaresimatic_s7-300_cpu_316-2_dpsimatic_s7-300_cpu_318-2simatic_s7-300_cpu_315-2_dpsimatic_s7-300_cpu_315_firmwaresimatic_s7-300_cpu_firmwaresimatic_s7-300_cpu_315-2_dp_firmwaresimatic_s7-300_cpu_315simatic_s7-300_cpu_312_ifm_firmwaresimatic_s7-300_cpusimatic_s7-300_cpu_314_firmwaresinumerik_840d_slSIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC TDC CPU555SIMATIC TDC CP51M1SINUMERIK 840D sl
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found