Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-43767

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-11 Apr, 2023 | 09:02
Updated At-10 Sep, 2024 | 09:33
Rejected At-
Credits

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:11 Apr, 2023 | 09:02
Updated At:10 Sep, 2024 | 09:33
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

Affected Products
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1242-7 V2
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1243-1
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1243-7 LTE EU
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1243-7 LTE US
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1243-8 IRC
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1542SP-1
Default Status
unknown
Versions
Affected
  • From 0 before V2.3 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1542SP-1 IRC
Default Status
unknown
Versions
Affected
  • From 0 before V2.3 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 1543SP-1
Default Status
unknown
Versions
Affected
  • From 0 before V2.3 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 443-1
Default Status
unknown
Versions
Affected
  • From 0 before V3.3 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 443-1
Default Status
unknown
Versions
Affected
  • From 0 before V3.3 (custom)
Vendor
Siemens AGSiemens
Product
SIMATIC CP 443-1 Advanced
Default Status
unknown
Versions
Affected
  • From 0 before V3.3 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL
Default Status
unknown
Versions
Affected
  • From 0 before V2.3 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS ET 200SP CP 1543SP-1 ISEC
Default Status
unknown
Versions
Affected
  • From 0 before V2.3 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL
Default Status
unknown
Versions
Affected
  • From 0 before V2.3 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS NET CP 1242-7 V2
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS NET CP 443-1
Default Status
unknown
Versions
Affected
  • From 0 before V3.3 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS NET CP 443-1 Advanced
Default Status
unknown
Versions
Affected
  • From 0 before V3.3 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS S7-1200 CP 1243-1
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS S7-1200 CP 1243-1 RAIL
Default Status
unknown
Versions
Affected
  • From 0 before V3.4.29 (custom)
Vendor
Siemens AGSiemens
Product
SIPLUS TIM 1531 IRC
Default Status
unknown
Versions
Affected
  • From 0 before V2.3.6 (custom)
Vendor
Siemens AGSiemens
Product
TIM 1531 IRC
Default Status
unknown
Versions
Affected
  • From 0 before V2.3.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-833CWE-833: Deadlock
Type: CWE
CWE ID: CWE-833
Description: CWE-833: Deadlock
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf
N/A
https://cert-portal.siemens.com/productcert/html/ssa-139628.html
N/A
https://cert-portal.siemens.com/productcert/html/ssa-566905.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-139628.html
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-566905.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Siemens AGsiemens
Product
simatic_cp_1542sp-1
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1542sp-1:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3 (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1542sp-1_irc
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3 (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1543sp-1
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1543sp-1:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3 (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_443-1
CPEs
  • cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 3.3 (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_443-1_advanced
CPEs
  • cpe:2.3:h:siemens:simatic_cp_443-1_advanced:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 3.3 (custom)
Vendor
Siemens AGsiemens
Product
siplus_et_200sp_cp_1542sp-1_irc_tx_rail
CPEs
  • cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3 (custom)
Vendor
Siemens AGsiemens
Product
siplus_et_200sp_cp_1543sp-1_isec
CPEs
  • cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3 (custom)
Vendor
Siemens AGsiemens
Product
siplus_et_200sp_cp_1543sp-1_isec_tx_rail
CPEs
  • cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3 (custom)
Vendor
Siemens AGsiemens
Product
siplus_net_cp_1242-7_v2
CPEs
  • cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
siplus_net_cp_443-1
CPEs
  • cpe:2.3:h:siemens:siplus_net_cp_443-1:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 3.3 (custom)
Vendor
Siemens AGsiemens
Product
siplus_net_cp_443-1_advanced
CPEs
  • cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 3.3 (custom)
Vendor
Siemens AGsiemens
Product
siplus_s7-1200_cp_1243-1
CPEs
  • cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1242-7_v2
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1242-7_v2:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1243-1
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1243-1:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1243-1_dnp3
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1243-1_iec
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1243-1_iec:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1243-7_lte_eu
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1243-7_lte_us
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
simatic_cp_1243-8_irc
CPEs
  • cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
siplus_s7-1200_cp_1243-1_rail
CPEs
  • cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGsiemens
Product
siplus_tim_1531_irc
CPEs
  • cpe:2.3:h:siemens:siplus_tim_1531_irc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3.6 (custom)
Vendor
Siemens AGsiemens
Product
tim_1531_irc
CPEs
  • cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.3.6 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf
x_transferred
https://cert-portal.siemens.com/productcert/html/ssa-139628.html
x_transferred
https://cert-portal.siemens.com/productcert/html/ssa-566905.html
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf
Resource:
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-139628.html
Resource:
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-566905.html
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:11 Apr, 2023 | 10:15
Updated At:10 Sep, 2024 | 10:15

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Siemens AG
siemens
>>simatic_cp_1242-7_v2_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1242-7_v2>>-
cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-1>>-
cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-1_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-1_dnp3>>-
cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-1_dnp3_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-1_iec>>-
cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-1_iec_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-7_lte_eu>>-
cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-7_lte_eu_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-7_lte_us>>-
cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-7_lte_us_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-8_irc>>-
cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1243-8_irc_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1542sp-1>>-
cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1542sp-1_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1542sp-1_irc>>-
cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1542sp-1_irc_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1543sp-1_firmware>>*
cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_1543sp-1>>-
cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_443-1_firmware>>Versions before 3.3(exclusive)
cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_443-1>>-
cpe:2.3:h:siemens:simatic_cp_443-1:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_443-1_advanced_firmware>>Versions before 3.3(exclusive)
cpe:2.3:o:siemens:simatic_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_cp_443-1_advanced>>-
cpe:2.3:h:siemens:simatic_cp_443-1_advanced:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc_diagbase_firmware>>*
cpe:2.3:o:siemens:simatic_ipc_diagbase_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc_diagbase>>-
cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc_diagmonitor_firmware>>*
cpe:2.3:o:siemens:simatic_ipc_diagmonitor_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>simatic_ipc_diagmonitor>>-
cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware>>*
cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_et_200sp_cp_1542sp-1_irc_tx_rail>>-
cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_et_200sp_cp_1543sp-1_isec_firmware>>*
cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_et_200sp_cp_1543sp-1_isec>>-
cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware>>*
cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_et_200sp_cp_1543sp-1_isec_tx_rail>>-
cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_net_cp_1242-7_v2_firmware>>*
cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_net_cp_1242-7_v2>>-
cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_net_cp_443-1_firmware>>Versions before 3.3(exclusive)
cpe:2.3:o:siemens:siplus_net_cp_443-1_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_net_cp_443-1>>-
cpe:2.3:h:siemens:siplus_net_cp_443-1:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_net_cp_443-1_advanced_firmware>>Versions before 3.3(exclusive)
cpe:2.3:o:siemens:siplus_net_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_net_cp_443-1_advanced>>-
cpe:2.3:h:siemens:siplus_net_cp_443-1_advanced:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_s7-1200_cp_1243-1_firmware>>*
cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_s7-1200_cp_1243-1>>-
cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_s7-1200_cp_1243-1_rail_firmware>>*
cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_s7-1200_cp_1243-1_rail>>-
cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_tim_1531_irc_firmware>>Versions before 2.3.6(exclusive)
cpe:2.3:o:siemens:siplus_tim_1531_irc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>siplus_tim_1531_irc>>-
cpe:2.3:h:siemens:siplus_tim_1531_irc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>tim_1531_irc_firmware>>Versions before 2.3.6(exclusive)
cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>tim_1531_irc>>-
cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-833Primaryproductcert@siemens.com
NVD-CWE-noinfoSecondarynvd@nist.gov
CWE ID: CWE-833
Type: Primary
Source: productcert@siemens.com
CWE ID: NVD-CWE-noinfo
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/html/ssa-139628.htmlproductcert@siemens.com
N/A
https://cert-portal.siemens.com/productcert/html/ssa-566905.htmlproductcert@siemens.com
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdfproductcert@siemens.com
Vendor Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-139628.html
Source: productcert@siemens.com
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-566905.html
Source: productcert@siemens.com
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-566905.pdf
Source: productcert@siemens.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

235Records found
CVE-2025-30175
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.25% / 48.71%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-03 Oct, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound write buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-totally_integrated_automation_portaluser_management_componentsinec_nmssimatic_pcs_neosinema_remote_connectTotally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V4.1Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V20SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18SINEMA Remote ConnectSIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-39269
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.73%
||
7 Day CHG+0.02%
Published-08 Aug, 2023 | 09:20
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rsg2488ncruggedcom_rs969ruggedcom_rsg2100_\(32m\)ruggedcom_rsg2100ruggedcom_rsg2300pruggedcom_rsg910cruggedcom_rs416ruggedcom_rs900_\(32m\)ruggedcom_i802ncruggedcom_m969fruggedcom_rosruggedcom_m2100ruggedcom_rs910lncruggedcom_rsg2300fruggedcom_rs900mnc-stnd-xxruggedcom_rs930wruggedcom_rmc8388ruggedcom_rsg2200ruggedcom_rsg2300ncruggedcom_rs969ncruggedcom_rsl910ncruggedcom_m2200fruggedcom_rs1600ruggedcom_rs910lruggedcom_rsg2288ncruggedcom_rs900m-stnd-c01ruggedcom_m969ruggedcom_rs900g_\(32m\)ruggedcom_rsg2200ncruggedcom_rs900m-stnd-xxruggedcom_rsg2100nc\(32m\)ruggedcom_m969ncruggedcom_i801ncruggedcom_rs900nc\(32m\)ruggedcom_rsg2300pfruggedcom_m2100fruggedcom_rsg2488fruggedcom_rsl910ruggedcom_rs900lruggedcom_rs401ncruggedcom_rs900lncruggedcom_rs900m-gets-c01ruggedcom_rs900ncruggedcom_rs900mnc-gets-c01ruggedcom_rs920wruggedcom_rs8000aruggedcom_rs416v2ruggedcom_rst916cruggedcom_rsg2300ruggedcom_rs8000ancruggedcom_rst2228pruggedcom_rs8000ncruggedcom_rsg908cruggedcom_i803ruggedcom_rmc30ncruggedcom_rs930lncruggedcom_rsg2488ruggedcom_rs900gruggedcom_rs416pnc_v2ruggedcom_rs8000tncruggedcom_rsg2288ruggedcom_rs900gfruggedcom_rs940gruggedcom_rsg920pncruggedcom_rsg2100fruggedcom_rmc8388ncruggedcom_rs910ruggedcom_rs930lruggedcom_rsg907rruggedcom_rs1600tncruggedcom_rs900gpncruggedcom_rs8000hncruggedcom_rs900wruggedcom_rp110ncruggedcom_rs900gncruggedcom_rsg2100pncruggedcom_i801ruggedcom_rs940gncruggedcom_rs416pncruggedcom_rsg2100pfruggedcom_rs416ncruggedcom_i800ruggedcom_rs900mnc-gets-xxruggedcom_rs940gfruggedcom_rst2228ruggedcom_i800ncruggedcom_rsg909rruggedcom_rs1600truggedcom_rs401ruggedcom_rs900ruggedcom_rs8000truggedcom_rs416pv2ruggedcom_rs416fruggedcom_rp110ruggedcom_rs920lncruggedcom_i803ncruggedcom_i802ruggedcom_rs910wruggedcom_m2200ncruggedcom_rsg2100pruggedcom_rs900gpfruggedcom_rs8000ruggedcom_rst916pruggedcom_rs900fruggedcom_rsg2200fruggedcom_rs1600ncruggedcom_rsg2100ncruggedcom_rs900gpruggedcom_rs900mnc-stnd-xx-c01ruggedcom_rsg920pruggedcom_rs416pruggedcom_rs900m-gets-xxruggedcom_m2100ncruggedcom_rs1600fruggedcom_m2200ruggedcom_rs416nc_v2ruggedcom_rs400ruggedcom_rs8000hruggedcom_rs1600fncruggedcom_rs416pfruggedcom_rs400fruggedcom_rsg2300pncruggedcom_rs920lruggedcom_rs910ncruggedcom_rs900gnc\(32m\)ruggedcom_rs400ncruggedcom_rmc30RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS900MNC-STND-XX-C01RUGGEDCOM RSG920P V4.XRUGGEDCOM RS401NCRUGGEDCOM RSG2100PNC (32M) V4.XRUGGEDCOM RS920LNCRUGGEDCOM RS910LRUGGEDCOM RS930WRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG2288NC V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600RUGGEDCOM i801NCRUGGEDCOM RS940GRUGGEDCOM RSG2100NC(32M) V4.XRUGGEDCOM i800NCRUGGEDCOM RS910RUGGEDCOM RSG908CRUGGEDCOM RS8000NCRUGGEDCOM RS400FRUGGEDCOM RS900NC(32M) V4.XRUGGEDCOM RS920LRUGGEDCOM RMC8388 V4.XRUGGEDCOM RS8000HRUGGEDCOM RS900LNCRUGGEDCOM RS8000TRUGGEDCOM RS910NCRUGGEDCOM RS416PFRUGGEDCOM RS900GRUGGEDCOM M2100FRUGGEDCOM RS900M-STND-XXRUGGEDCOM RS900WRUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900MNC-STND-XXRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG910CRUGGEDCOM RSG2300PFRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS1600NCRUGGEDCOM RS969RUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RSG909RRUGGEDCOM RS416FRUGGEDCOM RS900GPFRUGGEDCOM RSG2100PRUGGEDCOM RS930LNCRUGGEDCOM RS416PRUGGEDCOM RSG920P V5.XRUGGEDCOM RSG2200NCRUGGEDCOM RS8000HNCRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FRUGGEDCOM RS416NCRUGGEDCOM RS930LRUGGEDCOM RSG907RRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XRUGGEDCOM RS940GNCRUGGEDCOM RS900GNCRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RS940GFRUGGEDCOM RS910LNCRUGGEDCOM RSG2288NC V4.XRUGGEDCOM RSG2488 V5.XRUGGEDCOM RMC30RUGGEDCOM RS900GFRUGGEDCOM RS8000ANCRUGGEDCOM RMC8388NC V4.XRUGGEDCOM RS1600TRUGGEDCOM M969FRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RS400NCRUGGEDCOM RS900MNC-GETS-C01RUGGEDCOM RS900M-GETS-C01RUGGEDCOM RSG2488NC V4.XRUGGEDCOM M2200FRUGGEDCOM RP110RUGGEDCOM i801RUGGEDCOM RS416v2 V4.XRUGGEDCOM RS416NCv2 V4.XRUGGEDCOM RS8000TNCRUGGEDCOM RSG2300P V4.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RS920WRUGGEDCOM RS900FRUGGEDCOM M2200RUGGEDCOM RS900MNC-GETS-XXRUGGEDCOM RSG2300NC V5.XRUGGEDCOM RS900GNC(32M) V4.XRUGGEDCOM RS900RUGGEDCOM RSG2100RUGGEDCOM M969NCRUGGEDCOM RS416PNCRUGGEDCOM RS1600FNCRUGGEDCOM RS400RUGGEDCOM RS900NC(32M) V5.XRUGGEDCOM RS1600TNCRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM M969RUGGEDCOM RS416PNCv2 V4.XRUGGEDCOM M2200NCRUGGEDCOM RS8000ARUGGEDCOM i803RUGGEDCOM RSG2100PNCRUGGEDCOM RSG920PNC V5.XRUGGEDCOM RSG2100NCRUGGEDCOM RSG2488FRUGGEDCOM RP110NCRUGGEDCOM RSG2200RUGGEDCOM RSG2488NC V5.XRUGGEDCOM RSL910NCRUGGEDCOM RS969NCRUGGEDCOM RS416RUGGEDCOM RST2228PRUGGEDCOM i800RUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RS416PNCv2 V5.XRUGGEDCOM RS416NCv2 V5.XRUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSL910RUGGEDCOM RSG2100PFRUGGEDCOM RS900GPRUGGEDCOM RST916CRUGGEDCOM RS900GPNCRUGGEDCOM RSG2100FRUGGEDCOM RSG2488 V4.XRUGGEDCOM i802RUGGEDCOM RS900GNC(32M) V5.XRUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RSG2300NC V4.XRUGGEDCOM RSG920PNC V4.XRUGGEDCOM i802NCRUGGEDCOM i803NCRUGGEDCOM M2100RUGGEDCOM RSG2300FRUGGEDCOM RSG2300PNC V4.XRUGGEDCOM RS900NCRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RMC30NCRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RSG2200FRUGGEDCOM M2100NCRUGGEDCOM RSG2100P (32M) V5.X
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-5391
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-4.26% / 89.04%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.F5, Inc.Siemens AGLinux Kernel Organization, IncMicrosoft Corporation
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerenterprise_linux_server_euswindows_8.1big-ip_policy_enforcement_managerenterprise_linux_server_ausscalance_sc-600_firmwaresimatic_rf188_firmwareruggedcom_rm1224_firmwarebig-ip_local_traffic_managersimatic_net_cp_1243-7_lte_uswindows_10simatic_net_cp_1243-7_lte_us_firmwarescalance_w700_ieee_802.11a\/b\/g\/nsinema_remote_connect_serverenterprise_linux_workstationsimatic_net_cp_1243-1simatic_net_cp_1243-7_lte_eu_firmwaresimatic_rf185c_firmwarescalance_s615_firmwaresimatic_net_cp_1543sp-1enterprise_linux_desktopsimatic_net_cp_1543-1scalance_m-800_firmwaresimatic_net_cp_1242-7_firmwaresimatic_net_cp_1542sp-1_firmwarebig-ip_domain_name_systemsimatic_net_cp_1543sp-1_firmwarescalance_w1700_ieee_802.11ac_firmwareruggedcom_rox_iisimatic_net_cp_1542sp-1big-ip_edge_gatewaydebian_linuxlinux_kernelsimatic_net_cp_1543-1_firmwarescalance_sc-600simatic_net_cp_1242-7simatic_net_cp_1243-1_firmwarewindows_server_2008simatic_net_cp_1542sp-1_irc_firmwareenterprise_linux_serverwindows_server_2016windows_server_2012simatic_rf188big-ip_fraud_protection_serviceruggedcom_rox_ii_firmwarescalance_w700_ieee_802.11a\/b\/g\/n_firmwaresimatic_rf186c_firmwaresimatic_net_cp_1542sp-1_ircbig-ip_application_security_managerruggedcom_rm1224simatic_rf185cscalance_s615simatic_rf186cisimatic_net_cp_1243-8_ircbig-ip_access_policy_managersimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwaresimatic_rf188ci_firmwaresinema_remote_connect_server_firmwarewindows_rt_8.1big-ip_global_traffic_managerbig-ip_analyticssimatic_rf186cbig-ip_link_controllerscalance_w1700_ieee_802.11acwindows_7scalance_m-800enterprise_linux_server_tusbig-ip_advanced_firewall_managersimatic_rf188cisimatic_net_cp_1243-7_lte_euKernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2018-25032
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.35%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 00:00
Updated-21 Aug, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Action-Not Available
Vendor-azulgotozlibn/aNetApp, Inc.Fedora ProjectDebian GNU/LinuxSparkle MotionSiemens AGMicrosoft CorporationPython Software FoundationApple Inc.MariaDB Foundation
Product-h410cmacospythonhci_compute_nodeh500s_firmwareh300s_firmwarescalance_sc642-2c_firmwaremac_os_xscalance_sc646-2c_firmwareh700s_firmwaremariadbscalance_sc622-2c_firmwaremanagement_services_for_element_softwarescalance_sc632-2c_firmwarezlibh410sh410s_firmwarenokogiriontap_select_deploy_administration_utilityscalance_sc636-2cfedorawindowsscalance_sc642-2cgotoassisth300sscalance_sc626-2czuluscalance_sc626-2c_firmwarescalance_sc636-2c_firmwareh410c_firmwarescalance_sc646-2cactive_iq_unified_managerscalance_sc622-2ce-series_santricity_os_controllerh700sdebian_linuxscalance_sc632-2ch500soncommand_workflow_automationn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18304
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.92%
||
7 Day CHG-0.18%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-31810
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.91%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-05 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow. This could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-sipass_integratedSiPass integrated
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30937
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.53% / 67.67%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:21
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-en100_ethernet_module_iec_104_firmwareen100_ethernet_module_profinet_io_firmwareen100_ethernet_module_iec_61850_firmwareen100_ethernet_moduleen100_ethernet_module_modbus_tcp_firmwareen100_ethernet_module_dnp3_firmwareEN100 Ethernet module IEC 104 variantEN100 Ethernet module PROFINET IO variantEN100 Ethernet module DNP3 IP variantEN100 Ethernet module Modbus TCP variantEN100 Ethernet module IEC 61850 variant
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30938
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.83% / 83.29%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 07:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition

Action-Not Available
Vendor-Siemens AG
Product-en100_ethernet_module_iec_104_firmwareen100_ethernet_module_profinet_io_firmwareen100_ethernet_module_dnp3_ip_firmwareen100_ethernet_module_iec_61850_firmwareen100_ethernet_moduleen100_ethernet_module_modbus_tcp_firmwareEN100 Ethernet module IEC 104 variantEN100 Ethernet module PROFINET IO variantEN100 Ethernet module DNP3 IP variantEN100 Ethernet module Modbus TCP variantEN100 Ethernet module IEC 61850 variant
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-12259
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.79% / 95.27%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 18:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

Action-Not Available
Vendor-beldenwindrivern/aSiemens AGSonicWall Inc.
Product-hirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018hirschmann_grs10429410_power_meter_firmwareruggedcom_win7000siprotec_5_firmwareruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwarevxworkshirschmann_msp40hirschmann_octopus_os39810_power_meterhirschmann_rsp309410_power_meter9810_power_meter_firmwarehirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-22040
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.75%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 10:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service.

Action-Not Available
Vendor-Siemens AG
Product-Desigo Fire Safety UL Compact Panel FC2025/2050Sinteso FS20 EN Fire Panel FC20 MP6Sinteso MobileSinteso FS20 EN X200 Cloud Distribution MP8Sinteso FS20 EN X200 Cloud Distribution MP7Cerberus PRO EN X200 Cloud Distribution IP8Cerberus PRO EN X300 Cloud Distribution IP8Cerberus PRO UL X300 Cloud DistributionCerberus PRO EN X200 Cloud Distribution IP7Cerberus PRO UL Compact Panel FC922/924Sinteso FS20 EN Fire Panel FC20 MP8Cerberus PRO EN Fire Panel FC72x IP7Desigo Fire Safety UL X300 Cloud DistributionSinteso FS20 EN Engineering ToolCerberus PRO EN Engineering ToolSinteso FS20 EN X300 Cloud Distribution MP8Sinteso FS20 EN Fire Panel FC20 MP7Cerberus PRO EN Fire Panel FC72x IP8Cerberus PRO EN X300 Cloud Distribution IP7Desigo Fire Safety UL Engineering ToolCerberus PRO UL Engineering ToolCerberus PRO EN Fire Panel FC72x IP6Sinteso FS20 EN X300 Cloud Distribution MP7sinteso_fs20_en_engineering_toolcerberus_pro_en_x300_cloud_distributioncerberus_pro_ul_engineering_toolcerberus_pro_en_engineering_tooldesigo_fire_safety_ul_engineering_toolcerberus_pro_ul_compact_panelsinteso_fs20_en_x300_cloud_distributionsinteso_fs20_en_fire_panel_fc20cerberus_pro_ul_x300_cloudcerberus_pro_en_x200_cloud_distributionsinteso_mobilesinteso_fs20_en_x200_cloud_distributiondesigo_fire_safety_ul_compact_panelcerberus_pro_en_fire_panel_fc72x
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-22041
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.56% / 68.61%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 10:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service.

Action-Not Available
Vendor-Siemens AG
Product-Desigo Fire Safety UL Compact Panel FC2025/2050Sinteso FS20 EN Fire Panel FC20 MP6Sinteso MobileSinteso FS20 EN X200 Cloud Distribution MP8Sinteso FS20 EN X200 Cloud Distribution MP7Cerberus PRO EN X200 Cloud Distribution IP8Cerberus PRO EN X300 Cloud Distribution IP8Cerberus PRO UL X300 Cloud DistributionCerberus PRO EN X200 Cloud Distribution IP7Cerberus PRO UL Compact Panel FC922/924Sinteso FS20 EN Fire Panel FC20 MP8Cerberus PRO EN Fire Panel FC72x IP7Desigo Fire Safety UL X300 Cloud DistributionSinteso FS20 EN Engineering ToolCerberus PRO EN Engineering ToolSinteso FS20 EN X300 Cloud Distribution MP8Sinteso FS20 EN Fire Panel FC20 MP7Cerberus PRO EN Fire Panel FC72x IP8Cerberus PRO EN X300 Cloud Distribution IP7Desigo Fire Safety UL Engineering ToolCerberus PRO UL Engineering ToolCerberus PRO EN Fire Panel FC72x IP6Sinteso FS20 EN X300 Cloud Distribution MP7cerberus_pro_en_x300_cloud_distributioncerberus_pro_ul_engineering_toolcerberus_pro_en_engineering_tooldesigo_fire_safety_ul_engineering_toolcerberus_pro_ul_compact_panelsinteso_fs20_en_x300_cloud_distributionsinteso_fs20_en_fire_panel_fc20cerberus_pro_ul_x300_cloudcerberus_pro_en_x200_cloud_distributionsinteso_mobilesinteso_fs20_en_x200_cloud_distributiondesigo_fire_safety_ul_compact_panelcerberus_pro_en_fire_panel_fc72x
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-22044
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.61%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 10:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot.

Action-Not Available
Vendor-Siemens AG
Product-SENTRON 3KC ATC6 Expansion Module Ethernetsentron_3kc_act6
CWE ID-CWE-912
Hidden Functionality
CVE-2022-26649
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.6||CRITICAL
EPSS-1.76% / 82.98%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-21 Apr, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x208_pro_firmwarescalance_x212-2ldscalance_x201-3p_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204irtscalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x204irtscalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x204irt_pro_firmwarescalance_x202-2irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x212-2ld_firmwarescalance_x212-2scalance_xf204_firmwarescalance_x204-2ts_firmwarescalance_xf204-2ba_irtscalance_x216_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_xf208_firmwarescalance_xf202-2p_irt_firmwarescalance_x208_firmwarescalance_x208_proscalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_x202-2irt_firmwarescalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204irt_proscalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_xf204irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_x204irt_firmwarescalance_xf204scalance_x206-1ldscalance_x224_firmwareSCALANCE XF201-3P IRTSCALANCE XF204-2BA IRTSCALANCE X202-2P IRTSCALANCE X202-2P IRT PROSCALANCE X204-2TSSCALANCE X206-1SCALANCE XF204IRTSCALANCE X204IRTSCALANCE X200-4P IRTSCALANCE X224SCALANCE XF208SCALANCE X208SCALANCE XF204-2SCALANCE X204-2LD TSSCALANCE X208PROSCALANCE X204-2LDSCALANCE X204-2SCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE XF206-1SCALANCE X201-3P IRTSCALANCE X206-1LDSCALANCE X212-2SCALANCE XF202-2P IRTSCALANCE X204-2FMSCALANCE XF204SCALANCE X202-2IRTSCALANCE X204IRT PRO
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26335
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.87% / 83.47%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-6779
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.2||HIGH
EPSS-0.65% / 71.35%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 14:07
Updated-12 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Action-Not Available
Vendor-n/aRed Hat, Inc.Siemens AGFedora ProjectGNU
Product-glibcfedoraFedoraglibcRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30174
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.25% / 48.71%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-03 Oct, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions < V4.0), SINEMA Remote Connect (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions), User Management Component (UMC) (All versions < V2.15.1.1). Affected products contain a out of bound read buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-totally_integrated_automation_portaluser_management_componentsinec_nmssinema_remote_connectTotally Integrated Automation Portal (TIA Portal) V19SIMATIC PCS neo V4.1Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V20SINEC NMSTotally Integrated Automation Portal (TIA Portal) V18SINEMA Remote ConnectSIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-10931
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.62%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 21:17
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.

Action-Not Available
Vendor-Siemens AG
Product-6md857sa867sj826md867um857sj857ut867ss85siprotec_5_digsi_device_driver7sa877vk877ve856md897ut877sa827ut857sl827sd867ke857sl867sd827sk857sk827ut827sd877sj867sl87digsi_5_engineering_softwareSIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modulesAll other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modulesSIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modulesDIGSI 5 engineering softwareSIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modulesSIPROTEC 5 device types 7SS85 and 7KE85
CWE ID-CWE-248
Uncaught Exception
CVE-2021-41991
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.94% / 86.71%
||
7 Day CHG+0.18%
Published-18 Oct, 2021 | 13:44
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Action-Not Available
Vendor-strongswann/aDebian GNU/LinuxSiemens AGFedora Project
Product-siplus_s7-1200_cp_1243-1_railsimatic_cp_1242-7_gprs_v2_firmwaresimatic_cp_1542sp-1_firmwarescalance_sc646-2c_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_cp_1243-1_firmwarescalance_sc622-2cscalance_sc646-2csinema_remote_connect_serversiplus_net_cp_1543-1_firmwaresiplus_s7-1200_cp_1243-1_rail_firmwarefedorasimatic_net_cp1243-7_lte_eu_firmwarescalance_sc632-2c_firmwaresimatic_net_cp_1545-1_firmwaresimatic_net_cp_1243-8_ircsimatic_cp_1242-7_gprs_v2scalance_sc622-2c_firmwaresiplus_s7-1200_cp_1243-1_firmwarecp_1543-1_firmwaresimatic_net_cp_1243-8_irc_firmwaresimatic_cp_1243-7_lte\/ussimatic_cp_1543sp-1simatic_cp_1243-7_lte\/us_firmwarestrongswansiplus_et_200sp_cp_1542sp-1_irc_tx_railsiplus_s7-1200_cp_1243-1scalance_sc636-2csimatic_cp_1542sp-1_ircscalance_sc642-2c_firmwaresimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isecdebian_linuxsimatic_cp_1542sp-1_irc_firmwarecp_1543-1simatic_net_cp_1545-1simatic_cp_1543sp-1_firmwaresimatic_cp_1542sp-1scalance_sc642-2csiplus_et_200sp_cp_1543sp-1_isec_tx_railsiplus_et_200sp_cp_1543sp-1_isec_firmwaresiplus_net_cp_1543-1simatic_net_cp1243-7_lte_euscalance_sc636-2c_firmwarescalance_sc632-2cn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-41545
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.33%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:46
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a “out of work” state and could result in the controller going into a “factory reset” state.

Action-Not Available
Vendor-Siemens AG
Product-desigo_dxr2desigo_pxc3_firmwaredesigo_pxc4desigo_dxr2_firmwaredesigo_pxc5_firmwaredesigo_pxc4_firmwaredesigo_pxc3desigo_pxc5Desigo PXC5Desigo PXC3Desigo DXR2Desigo PXC4
CWE ID-CWE-248
Uncaught Exception
CVE-2025-24811
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.36%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:29
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0). Affected devices do not process correctly certain special crafted packets sent to port 80/tcp, which could allow an unauthenticated attacker to cause a denial of service in the device.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC S7-1200 CPU 1214C AC/DC/RlySIPLUS S7-1200 CPU 1215 DC/DC/DCSIMATIC S7-1200 CPU 1212C DC/DC/RlySIMATIC S7-1200 CPU 1211C DC/DC/RlySIMATIC S7-1200 CPU 1215FC DC/DC/RlySIMATIC S7-1200 CPU 1214C DC/DC/RlySIMATIC S7-1200 CPU 1215C DC/DC/RlySIPLUS S7-1200 CPU 1214 DC/DC/DCSIMATIC S7-1200 CPU 1212C AC/DC/RlySIMATIC S7-1200 CPU 1211C AC/DC/RlySIPLUS S7-1200 CPU 1214FC DC/DC/RLYSIPLUS S7-1200 CPU 1215C DC/DC/DCSIMATIC S7-1200 CPU 1214FC DC/DC/RlySIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSIPLUS S7-1200 CPU 1215 AC/DC/RLYSIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1214 DC/DC/RLYSIPLUS S7-1200 CPU 1212 AC/DC/RLYSIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIPLUS S7-1200 CPU 1214 AC/DC/RLYSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIMATIC S7-1200 CPU 1214C DC/DC/DCSIMATIC S7-1200 CPU 1212FC DC/DC/RlySIPLUS S7-1200 CPU 1215 DC/DC/RLYSIMATIC S7-1200 CPU 1215C DC/DC/DCSIMATIC S7-1200 CPU 1211C DC/DC/DCSIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC S7-1200 CPU 1217C DC/DC/DCSIMATIC S7-1200 CPU 1215C AC/DC/RlySIPLUS S7-1200 CPU 1212C DC/DC/DCSIMATIC S7-1200 CPU 1212FC DC/DC/DCSIMATIC S7-1200 CPU 1215FC DC/DC/DC
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-51440
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 59.20%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-16 Dec, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

Action-Not Available
Vendor-Siemens AG
Product-siplus_net_cp_343-1_lean_firmwaresimatic_cp_343-1_leansimatic_cp_343-1simatic_cp_343-1_lean_firmwaresiplus_net_cp_343-1_leansiplus_net_cp_343-1_firmwaresimatic_cp_343-1_firmwaresiplus_net_cp_343-1SIPLUS NET CP 343-1SIMATIC CP 343-1SIPLUS NET CP 343-1 LeanSIMATIC CP 343-1 Lean
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
CVE-2023-49252
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.30% / 54.08%
||
7 Day CHG+0.07%
Published-09 Jan, 2024 | 10:00
Updated-16 Dec, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46283
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.18%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-14 Jan, 2025 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalSIMATIC PCS neoTotally Integrated Automation Portal (TIA Portal) V18Opcenter Execution FoundationOpcenter QualityTotally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V14Totally Integrated Automation Portal (TIA Portal) V15.1SINEC NMS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46285
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.89%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-24 May, 2025 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalTotally Integrated Automation Portal (TIA Portal) V15.1Opcenter QualityTotally Integrated Automation Portal (TIA Portal) V18SINEC NMSSIMATIC PCS neoOpcenter Execution FoundationTotally Integrated Automation Portal (TIA Portal) V14Totally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V17
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46156
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.03% / 9.25%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-25 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-siplus_et_200sp_cpu_1510sp_f-1_pn_firmwaresiplus_s7-1500_cpu_1516f-3_pn\/dp_railsimatic_s7-1500_cpu_1511c-1_pnsimatic_s7-1500_cpu_1512sp_f-1_pnsimatic_s7-1500_cpu_1514sp_f-2_pn_firmwaresiplus_s7-1500_cpu_1515r-2_pnsimatic_s7-1500_cpu_1513r-1_pnsimatic_s7-1500_cpu_1516t-3_pn\/dp_firmwaresimatic_drive_controller_cpu_1507d_tf_firmwaresimatic_s7-1500_cpu_1510sp-1_pn_firmwaresinumerik_one_firmwaresiplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1515-2_pn_firmwaresiplus_s7-1500_cpu_1518-4_pn\/dp_mfpsimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1514sp-2_pnsimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518tf-4_pn\/dpsiplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmwaresimatic_s7-1500_cpu_1517h-3_pn_firmwaresimatic_s7-1500_cpu_1517t-3_pn\/dpsimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_et_200pro\siplus_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1515t-2_pn_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsiplus_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1514spt-2_pnsiplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_railsimatic_s7-1500_cpu_1511t-1_pnsiplus_et_200sp_cpu_1510sp-1_pn_rail_firmwaresiplus_s7-1500_cpu_1511-1_pn_t1_railsimatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odksimatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1516f-3_pn\/dp_rail_firmwaresimatic_s7-1500_cpu_1514sp-2_pn_firmwaresimatic_s7-1500_cpu_1511c-1_pn_firmwaresimatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1515-2_pnsiplus_s7-1500_cpu_1513f-1_pn_firmwaresiplus_et_200sp_cpu_1510sp-1_pnsimatic_s7-1500_cpu_1511tf-1_pn_firmwaresinumerik_mcsiplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmwaresimatic_s7-1500_cpu_1517h-3_pnsiplus_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518t-4_pn\/dpsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_drive_controller_cpu_1504d_tfsimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1515r-2_pn_firmwaresimatic_s7-1500_cpu_1513-1_pn_firmwaresiplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmwaresiplus_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1515tf-2_pn_firmwaresiplus_s7-1500_cpu_1515f-2_pn_railsiplus_s7-1500_cpu_1516f-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1518-4_pn\/dp_firmwaresiplus_et_200sp_1512sp_f-1_pn_firmwaresimatic_s7-1500_cpu_1514sp_f-2_pnsimatic_s7-1500_cpu_1512c-1_pn_firmwaresiplus_s7-1500_cpu_1513-1_pnsinumerik_onesimatic_s7-1500_cpu_1510sp-1_pnsimatic_s7-1500_cpu_1511t-1_pn_firmwaresiplus_et_200sp_1512sp_f-1_pnsimatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odk_firmwaresiplus_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1511-1_pn_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dpsiplus_s7-1500_cpu_1516-3_pn\/dp_tx_railsimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresiplus_et_200sp_cpu_1512sp_f-1_pn_railsiplus_s7-1500_cpu_1515f-2_pn_t2_railsimatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1510sp_f-1_pnsimatic_s7-1500_cpu_1517t-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1513-1_pnsiplus_s7-1500_cpu_1516f-3_pn\/dpsiplus_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1511tf-1_pnsiplus_s7-1500_cpu_1511-1_pn_tx_rail_firmwaresiplus_s7-1500_cpu_1518hf-4_pn_firmwaresiplus_s7-1500_cpu_1515f-2_pn_rail_firmwaresimatic_s7-1500_cpu_s7-1518-4_pn\/dp_odksiplus_s7-1500_cpu_1515f-2_pnsimatic_s7-1500_cpu_1513r-1_pn_firmwaresinumerik_mc_firmwaresiplus_s7-1500_cpu_1517h-3_pn_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1514spt_f-2_pn_firmwaresimatic_s7-1500_cpu_1515tf-2_pnsiplus_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1515r-2_pnsiplus_s7-1500_cpu_1517h-3_pnsiplus_s7-1500_cpu_1515r-2_pn_firmwaresimatic_et_200sp_open_control_1515sp_pc2simatic_s7-1500_cpu_1512sp-1_pnsimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_et_200sp_open_control_1515sp_pc2_firmwaresimatic_s7-1500_cpu_1512sp-1_pn_firmwaresimatic_s7-1500_cpu_1517tf-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1514spt-2_pn_firmwaresimatic_s7-1500_cpu_1514spt_f-2_pnsimatic_s7-1500_cpu_1518t-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518tf-4_pn\/dp_firmwaresiplus_et_200sp_cpu_1512sp-1_pn_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pnsimatic_s7-plcsim_advanced_firmwaresiplus_s7-1500_cpu_1515r-2_pn_tx_railsiplus_et_200sp_cpu_1512sp-1_pn_rail_firmwaresiplus_et_200sp_cpu_1510sp-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dpsiplus_s7-1500_cpu_1516-3_pn\/dp_tx_rail_firmwaresimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1516t-3_pn\/dpsiplus_s7-1500_cpu_1518hf-4_pnsimatic_s7-1500_cpu_1512sp_f-1_pn_firmwaresimatic_s7-1500_cpu_1515t-2_pnsimatic_s7-1500_cpu_1518hf-4_pn_firmwaresimatic_s7-1500_cpu_1518hf-4_pnsiplus_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1517tf-3_pn\/dpsiplus_s7-1500_cpu_1513-1_pn_firmwaresiplus_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1512c-1_pnsimatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1500_cpu_1510sp_f-1_pn_firmwaresiplus_et_200sp_cpu_1512sp-1_pnsiplus_s7-1500_cpu_1511-1_pn_t1_rail_firmwaresiplus_s7-1500_cpu_1511-1_pn_tx_railsimatic_s7-1500_cpu_s7-1518-4_pn\/dp_odk_firmwaresiplus_et_200sp_cpu_1510sp-1_pn_railsimatic_s7-plcsim_advancedsiplus_et_200sp_cpu_1512sp-1_pn_railSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC S7-1500 CPU 1515-2 PNSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1511T-1 PNSIMATIC S7-1500 CPU 1514SPT-2 PNSIMATIC S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1514SP F-2 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1512C-1 PNSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIMATIC S7-1500 CPU 1513-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU 1517-3 PN/DPSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC S7-1500 CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1513R-1 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIPLUS S7-1500 CPU 1517H-3 PNSIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-1500 CPU 1510SP-1 PNSINUMERIK ONESIMATIC S7-1500 CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1514SP-2 PNSIMATIC S7-1500 CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-1500 CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 Software ControllerSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1500 CPU 1515TF-2 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1511C-1 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-PLCSIM AdvancedSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSINUMERIK MCSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 CPU 1517T-3 PN/DPSIMATIC Drive Controller CPU 1507D TFSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSIMATIC S7-1500 CPU 1516-3 PN/DP
CWE ID-CWE-416
Use After Free
CVE-2023-38380
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.11% / 29.58%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:26
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.

Action-Not Available
Vendor-Siemens AG
Product-6gk7243-8rx30-0xe0_firmwaresimatic_cp_1243-7_lte_firmware6ag1543-1ax00-2xe0_firmwaresimatic_cp_1243-1_dnp36gk7543-1ax00-0xe0_firmwaresimatic_cp_1243-1_iec_firmwaresimatic_cp_1243-1_firmwaresimatic_cp_1243-1sinamics_s2106gk7243-8rx30-0xe0sinamics_s210_firmwaresimatic_cp_1243-1_dnp3_firmwaresimatic_cp_1242-7_v26ag1543-1ax00-2xe0simatic_cp_1242-7_v2_firmwaresimatic_cp_1243-1_iec6gk7543-1ax00-0xe0simatic_cp_1243-7_lteSIMATIC CP 1243-7 LTESIPLUS NET CP 1543-1SIMATIC CP 1542SP-1SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)SIMATIC CP 1543-1SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)SIPLUS ET 200SP CP 1543SP-1 ISECSINAMICS S210 (6SL5...)SIPLUS ET 200SP CP 1542SP-1 IRC TX RAILSIMATIC CP 1243-8 IRCSIMATIC CP 1542SP-1 IRCSIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)SIMATIC CP 1543SP-1SIMATIC CP 1243-1 (incl. SIPLUS variants)SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-35921
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.08% / 78.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-13 Nov, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv540_s_firmwaresimatic_mv540_ssimatic_mv560_x_firmwaresimatic_mv560_usimatic_mv560_u_firmwaresimatic_mv550_s_firmwaresimatic_mv540_hsimatic_mv550_h_firmwaresimatic_mv550_ssimatic_mv560_xsimatic_mv550_hsimatic_mv540_h_firmwareSIMATIC MV560 USIMATIC MV540 SSIMATIC MV540 HSIMATIC MV550 HSIMATIC MV550 SSIMATIC MV560 Xsimatic_mv540_ssimatic_mv560_usimatic_mv540_hsimatic_mv550_ssimatic_mv560_xsimatic_mv550_h
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-36521
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.6||HIGH
EPSS-0.29% / 52.78%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-21 Nov, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of all socket-based communication of the affected products if the result server is enabled.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv540_s_firmwaresimatic_mv540_ssimatic_mv560_x_firmwaresimatic_mv560_usimatic_mv560_u_firmwaresimatic_mv550_s_firmwaresimatic_mv540_hsimatic_mv550_h_firmwaresimatic_mv550_ssimatic_mv560_xsimatic_mv550_hsimatic_mv540_h_firmwareSIMATIC MV560 USIMATIC MV540 SSIMATIC MV540 HSIMATIC MV550 HSIMATIC MV550 SSIMATIC MV560 Xsimatic_mv540_ssimatic_mv560_usimatic_mv540_hsimatic_mv550_ssimatic_mv560_xsimatic_mv550_h
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-35920
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.08% / 78.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-12 Nov, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv540_s_firmwaresimatic_mv540_ssimatic_mv560_x_firmwaresimatic_mv560_usimatic_mv560_u_firmwaresimatic_mv550_s_firmwaresimatic_mv540_hsimatic_mv550_h_firmwaresimatic_mv550_ssimatic_mv560_xsimatic_mv550_hsimatic_mv540_h_firmwareSIMATIC MV560 USIMATIC MV540 SSIMATIC MV540 HSIMATIC MV550 HSIMATIC MV550 SSIMATIC MV560 Xsimatic_mv540_ssimatic_mv560_usimatic_mv540_hsimatic_mv550_ssimatic_mv560_xsimatic_mv550_h
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-59463
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 22.82%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 10:14
Updated-03 Nov, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service (DoS) via chunk size mismatch

An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.

Action-Not Available
Vendor-SICK AG
Product-tloc100-100tloc100-100_firmwareTLOC100-100 all Firmware versions
CWE ID-CWE-833
Deadlock
CVE-2024-48077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 9.14%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 00:00
Updated-03 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of system file descriptors (FDs). This exhaustion triggers a process crash, rendering the broker unable to provide services.

Action-Not Available
Vendor-emqxn/a
Product-nanomqn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-833
Deadlock
CVE-2025-54796
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.25%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 23:38
Updated-12 Sep, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9.

Action-Not Available
Vendor-90019001
Product-copypartycopyparty
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-833
Deadlock
CVE-2025-36010
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.89%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 18:13
Updated-06 Aug, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux denial of service

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-833
Deadlock
CVE-2024-29172
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 52.67%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 01:32
Updated-19 Mar, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.

Action-Not Available
Vendor-Dell Inc.
Product-bsafe_ssl-jDell BSAFE SSL-J
CWE ID-CWE-667
Improper Locking
CWE ID-CWE-833
Deadlock
CVE-2025-1713
Matching Score-4
Assigner-Xen Project
ShareView Details
Matching Score-4
Assigner-Xen Project
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.28%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 13:59
Updated-13 Jan, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
deadlock potential with VT-d and legacy PCI device pass-through

When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock.

Action-Not Available
Vendor-Xen Project
Product-xenXen
CWE ID-CWE-833
Deadlock
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found