Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-34057

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Sep, 2024 | 00:00
Updated At-19 Sep, 2024 | 14:21
Rejected At-
Credits

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Sep, 2024 | 00:00
Updated At:19 Sep, 2024 | 14:21
Rejected At:
â–¼CVE Numbering Authority (CNA)

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16
N/A
Hyperlink: https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
trianglemicroworks
Product
iec_61850_client_source_code_library
CPEs
  • cpe:2.3:a:trianglemicroworks:iec_61850_client_source_code_library:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 12.2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Sep, 2024 | 19:15
Updated At:25 Sep, 2024 | 17:08

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.18.2HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CPE Matches
trianglemicroworks
trianglemicroworks
>>iec_61850_source_code_library>>Versions before 12.2.0(exclusive)
cpe:2.3:a:trianglemicroworks:iec_61850_source_code_library:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sicam_a8000_firmware>>Versions before 05.30(exclusive)
cpe:2.3:o:siemens:sicam_a8000_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sicam_a8000>>-
cpe:2.3:h:siemens:sicam_a8000:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>sicam_scc_firmware>>Versions before 10.0(exclusive)
cpe:2.3:o:siemens:sicam_scc_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sicam_scc>>-
cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>sicam_egs_firmware>>Versions before 05.30(exclusive)
cpe:2.3:o:siemens:sicam_egs_firmware:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sicam_egs>>-
cpe:2.3:h:siemens:sicam_egs:-:*:*:*:*:*:*:*
Siemens AG
siemens
>>sicam_s8000>>Versions before 05.30(exclusive)
cpe:2.3:a:siemens:sicam_s8000:*:*:*:*:*:*:*:*
Siemens AG
siemens
>>sitipe_at>>*
cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE-120Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-120
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-newcve@mitre.org
Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16cve@mitre.org
Third Party Advisory
US Government Resource
Hyperlink: https://trianglemicroworks.com/products/source-code-libraries/iec-61850-scl-pages/what%27s-new
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

676Records found
CVE-2023-46283
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 43.95%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-14 Jan, 2025 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalSIMATIC PCS neoTotally Integrated Automation Portal (TIA Portal) V18Opcenter Execution FoundationOpcenter QualityTotally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V14Totally Integrated Automation Portal (TIA Portal) V15.1SINEC NMS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46284
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 43.95%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-14 Jan, 2025 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalSIMATIC PCS neoTotally Integrated Automation Portal (TIA Portal) V18Opcenter Execution FoundationOpcenter QualityTotally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V14Totally Integrated Automation Portal (TIA Portal) V15.1SINEC NMS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26649
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-9.6||CRITICAL
EPSS-1.15% / 78.16%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-21 Apr, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x208_pro_firmwarescalance_x212-2ldscalance_x201-3p_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204irtscalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x204irtscalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x204irt_pro_firmwarescalance_x202-2irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x212-2ld_firmwarescalance_x212-2scalance_xf204_firmwarescalance_x204-2ts_firmwarescalance_xf204-2ba_irtscalance_x216_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_xf208_firmwarescalance_xf202-2p_irt_firmwarescalance_x208_firmwarescalance_x208_proscalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_x202-2irt_firmwarescalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204irt_proscalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_xf204irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_x204irt_firmwarescalance_xf204scalance_x206-1ldscalance_x224_firmwareSCALANCE XF201-3P IRTSCALANCE XF204-2BA IRTSCALANCE X202-2P IRTSCALANCE X202-2P IRT PROSCALANCE X204-2TSSCALANCE X206-1SCALANCE XF204IRTSCALANCE X204IRTSCALANCE X200-4P IRTSCALANCE X224SCALANCE XF208SCALANCE X208SCALANCE XF204-2SCALANCE X204-2LD TSSCALANCE X208PROSCALANCE X204-2LDSCALANCE X204-2SCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE XF206-1SCALANCE X201-3P IRTSCALANCE X206-1LDSCALANCE X212-2SCALANCE XF202-2P IRTSCALANCE X204-2FMSCALANCE XF204SCALANCE X202-2IRTSCALANCE X204IRT PRO
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26648
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.87% / 74.80%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-21 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x208_pro_firmwarescalance_x212-2ldscalance_x201-3p_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204irtscalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x204irtscalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x204irt_pro_firmwarescalance_x202-2irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x212-2ld_firmwarescalance_x212-2scalance_xf204_firmwarescalance_x204-2ts_firmwarescalance_xf204-2ba_irtscalance_x216_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_xf208_firmwarescalance_xf202-2p_irt_firmwarescalance_x208_firmwarescalance_x208_proscalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_x202-2irt_firmwarescalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204irt_proscalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_xf204irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_x204irt_firmwarescalance_xf204scalance_x206-1ldscalance_x224_firmwareSCALANCE XF201-3P IRTSCALANCE XF204-2BA IRTSCALANCE X202-2P IRTSCALANCE X202-2P IRT PROSCALANCE X204-2TSSCALANCE X206-1SCALANCE XF204IRTSCALANCE X204IRTSCALANCE X200-4P IRTSCALANCE X224SCALANCE XF208SCALANCE X208SCALANCE XF204-2SCALANCE X204-2LD TSSCALANCE X208PROSCALANCE X204-2LDSCALANCE X204-2SCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE XF206-1SCALANCE X201-3P IRTSCALANCE X206-1LDSCALANCE X212-2SCALANCE XF202-2P IRTSCALANCE X204-2FMSCALANCE XF204SCALANCE X202-2IRTSCALANCE X204IRT PRO
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26334
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.87% / 82.74%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-33720
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.87%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_with_cpu_variant_cp300siprotec_5_with_cpu_variant_cp100siprotec_5_with_cpu_variant_cp050SIPROTEC 5 relays with CPU variants CP050SIPROTEC 5 relays with CPU variants CP300SIPROTEC 5 relays with CPU variants CP100
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20839
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.08% / 88.30%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:11
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26335
Matching Score-10
Assigner-Siemens
ShareView Details
Matching Score-10
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.87% / 82.74%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-12259
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-24.46% / 95.98%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 18:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

Action-Not Available
Vendor-windriverbeldenn/aSiemens AGSonicWall Inc.
Product-hirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018hirschmann_grs10429410_power_meter_firmwareruggedcom_win7000siprotec_5_firmwareruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwarevxworkshirschmann_msp40hirschmann_octopus_os39810_power_meterhirschmann_rsp309410_power_meter9810_power_meter_firmwarehirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-31340
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.59%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 19:47
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

Action-Not Available
Vendor-Siemens AG
Product-simatic_reader_rf650r_fcc_firmwaresimatic_reader_rf650r_cmiit_firmwaresimatic_reader_rf680r_cmiitsimatic_reader_rf685r_fccsimatic_reader_rf610r_etsi_firmwaresimatic_reader_rf615r_etsi_firmwaresimatic_rf360rsimatic_reader_rf650r_aribsimatic_reader_rf610r_fccsimatic_reader_rf680r_fccsimatic_reader_rf685r_arib_firmwaresimatic_rf186c_firmwaresimatic_reader_rf615r_cmiitsimatic_rf188c_firmwaresimatic_reader_rf685r_fcc_firmwaresimatic_rf185csimatic_reader_rf680r_cmiit_firmwaresimatic_reader_rf685r_etsisimatic_rf360r_firmwaresimatic_rf186cisimatic_rf188csimatic_reader_rf610r_cmiit_firmwaresimatic_reader_rf610r_fcc_firmwaresimatic_rf185c_firmwaresimatic_reader_rf615r_fccsimatic_reader_rf615r_fcc_firmwaresimatic_reader_rf680r_etsisimatic_reader_rf680r_fcc_firmwaresimatic_reader_rf610r_etsisimatic_reader_rf680r_arib_firmwaresimatic_reader_rf685r_cmiit_firmwaresimatic_rf186ci_firmwaresimatic_rf166c_firmwaresimatic_rf188ci_firmwaresimatic_reader_rf650r_cmiitsimatic_reader_rf650r_fccsimatic_rf166csimatic_reader_rf685r_cmiitsimatic_reader_rf680r_aribsimatic_reader_rf650r_etsisimatic_reader_rf610r_cmiitsimatic_reader_rf650r_arib_firmwaresimatic_reader_rf680r_etsi_firmwaresimatic_reader_rf615r_etsisimatic_rf186csimatic_reader_rf650r_etsi_firmwaresimatic_reader_rf685r_aribsimatic_reader_rf615r_cmiit_firmwaresimatic_reader_rf685r_etsi_firmwaresimatic_rf188ciSIMATIC Reader RF650R ARIBSIMATIC Reader RF650R ETSISIMATIC Reader RF680R CMIITSIMATIC Reader RF615R ETSISIMATIC RF166CSIMATIC Reader RF685R CMIITSIMATIC RF185CSIMATIC Reader RF610R CMIITSIMATIC Reader RF685R ETSISIMATIC Reader RF615R CMIITSIMATIC RF188CISIMATIC Reader RF610R ETSISIMATIC Reader RF685R FCCSIMATIC Reader RF615R FCCSIMATIC RF186CSIMATIC RF360RSIMATIC Reader RF680R ARIBSIMATIC Reader RF685R ARIBSIMATIC RF188CSIMATIC Reader RF680R ETSISIMATIC Reader RF610R FCCSIMATIC Reader RF650R CMIITSIMATIC RF186CISIMATIC Reader RF680R FCCSIMATIC Reader RF650R FCC
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-31401
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.30%
||
7 Day CHG~0.00%
Published-19 Aug, 2021 | 11:25
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterNiche 4.0.1. The TCP header processing code doesn't sanitize the value of the IP total length field (header length + data length). With a crafted IP packet, an integer overflow occurs whenever the value of the IP data length is calculated by subtracting the length of the header from the total length of the IP packet.

Action-Not Available
Vendor-hcc-embeddedn/aSiemens AG
Product-sentron_3wa_com190_firmwaresentron_3wl_com35_firmwaresentron_3wa_com190sentron_3wl_com35nichestackn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12258
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.64% / 93.49%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 20:00
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

Action-Not Available
Vendor-windriverbeldenn/aNetApp, Inc.Siemens AGSonicWall Inc.
Product-power_meter_9810_firmwarehirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018power_meter_9410_firmwarehirschmann_grs1042siprotec_5_firmwareruggedcom_win7000ruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwaree-series_santricity_os_controllervxworkshirschmann_msp40hirschmann_octopus_os3hirschmann_rsp30hirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25power_meter_9410power_meter_9810ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-384
Session Fixation
CVE-2021-27386
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.51%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsinamics_gm150simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_sm150isinamics_gl150_firmwaresinamics_gl150simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_gm150_firmwaresinamics_sm150simatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_gh150simatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_gh150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsinamics_sh150sinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_comfort_panels_4\"sinamics_sl150_firmwaresinamics_sm150i_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsinamics_sm120_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SINAMICS SM150iSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SINAMICS GH150SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SINAMICS GL150 (with option X30)SINAMICS SH150SIMATIC WinCC Runtime Advanced V15SINAMICS SL150SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SINAMICS SM120SINAMICS SM150
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-27383
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.51%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsinamics_gm150simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_sm150isinamics_gl150_firmwaresinamics_gl150simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_gm150_firmwaresinamics_sm150simatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_gh150simatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_gh150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsinamics_sh150sinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_comfort_panels_4\"sinamics_sl150_firmwaresinamics_sm150i_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsinamics_sm120_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SINAMICS SM150iSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SINAMICS GH150SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SINAMICS GL150 (with option X30)SINAMICS SH150SIMATIC WinCC Runtime Advanced V15SINAMICS SL150SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SINAMICS SM120SINAMICS SM150
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-35921
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.30%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-13 Nov, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv540_s_firmwaresimatic_mv540_ssimatic_mv560_x_firmwaresimatic_mv560_usimatic_mv560_u_firmwaresimatic_mv550_s_firmwaresimatic_mv540_hsimatic_mv550_h_firmwaresimatic_mv550_ssimatic_mv560_xsimatic_mv550_hsimatic_mv540_h_firmwareSIMATIC MV560 USIMATIC MV540 SSIMATIC MV540 HSIMATIC MV550 HSIMATIC MV550 SSIMATIC MV560 Xsimatic_mv540_ssimatic_mv560_usimatic_mv540_hsimatic_mv550_ssimatic_mv560_xsimatic_mv550_h
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-35920
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.30%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-12 Nov, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv540_s_firmwaresimatic_mv540_ssimatic_mv560_x_firmwaresimatic_mv560_usimatic_mv560_u_firmwaresimatic_mv550_s_firmwaresimatic_mv540_hsimatic_mv550_h_firmwaresimatic_mv550_ssimatic_mv560_xsimatic_mv550_hsimatic_mv540_h_firmwareSIMATIC MV560 USIMATIC MV540 SSIMATIC MV540 HSIMATIC MV550 HSIMATIC MV550 SSIMATIC MV560 Xsimatic_mv540_ssimatic_mv560_usimatic_mv540_hsimatic_mv550_ssimatic_mv560_xsimatic_mv550_h
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-27290
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.63% / 85.36%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 21:47
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Action-Not Available
Vendor-ssri_projectn/aOracle CorporationSiemens AG
Product-sinec_infrastructure_network_servicesssrigraalvmn/a
CVE-2021-25659
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.87%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 10:35
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system.

Action-Not Available
Vendor-Siemens AG
Product-automation_license_managerAutomation License Manager 5Automation License Manager 6
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-25676
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 17:03
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.

Action-Not Available
Vendor-Siemens AG
Product-scalance_s615scalance_m-800_firmwarescalance_sc-600scalance_sc-600_firmwareruggedcom_rm1224_firmwarescalance_m-800scalance_s615_firmwareruggedcom_rm1224SCALANCE M-800RUGGEDCOM RM1224SCALANCE S615SCALANCE SC-600
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-25660
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.41%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsimatic_hmi_ktp_mobile_panels_ktp400fsimatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"simatic_hmi_comfort_panels_4\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsimatic_hmi_ktp_mobile_panels_ktp700_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SIMATIC WinCC Runtime Advanced V15
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-22926
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.54%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Action-Not Available
Vendor-n/aNetApp, Inc.Oracle CorporationSplunk LLC (Cisco Systems, Inc.)CURLSiemens AG
Product-h300epeoplesoft_enterprise_peopletoolsh500sh300s_firmwareactive_iq_unified_managerh410soncommand_workflow_automationcurlh300suniversal_forwardersolidfiresnapcentersinec_infrastructure_network_servicesh300e_firmwareclustered_data_ontaph500ehci_management_nodeh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700eh700e_firmwaremysql_serverh700soncommand_insighthttps://github.com/curl/curl
CWE ID-CWE-840
Not Available
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-37993
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 40.60%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-18 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_reader_rf650r_fcc_firmwaresimatic_reader_rf680r_cmiitsimatic_rf1170r_firmwaresimatic_reader_rf650r_cmiit_firmwaresimatic_reader_rf685r_fccsimatic_reader_rf650r_aribsimatic_reader_rf615r_etsi_firmwaresimatic_rf360rsimatic_reader_rf680r_fccsimatic_reader_rf610r_fccsimatic_reader_rf610r_etsi_firmwaresimatic_reader_rf685r_arib_firmwaresimatic_reader_rf615r_cmiitsimatic_rf186c_firmwaresimatic_reader_rf685r_fcc_firmwaresimatic_rf188c_firmwaresimatic_reader_rf680r_cmiit_firmwaresimatic_reader_rf685r_etsisimatic_rf185csimatic_rf360r_firmwaresimatic_rf1140r_firmwaresimatic_rf186cisimatic_rf1140rsimatic_rf188csimatic_reader_rf610r_cmiit_firmwaresimatic_reader_rf610r_fcc_firmwaresimatic_rf185c_firmwaresimatic_reader_rf615r_fccsimatic_reader_rf680r_etsisimatic_reader_rf615r_fcc_firmwaresimatic_reader_rf680r_fcc_firmwaresimatic_reader_rf610r_etsisimatic_reader_rf685r_cmiit_firmwaresimatic_reader_rf680r_arib_firmwaresimatic_rf186ci_firmwaresimatic_rf166c_firmwaresimatic_rf188ci_firmwaresimatic_reader_rf650r_fccsimatic_reader_rf650r_cmiitsimatic_reader_rf685r_cmiitsimatic_rf166csimatic_reader_rf680r_aribsimatic_rf1170rsimatic_reader_rf650r_etsisimatic_reader_rf610r_cmiitsimatic_reader_rf650r_arib_firmwaresimatic_reader_rf680r_etsi_firmwaresimatic_reader_rf615r_etsisimatic_reader_rf650r_etsi_firmwaresimatic_rf186csimatic_reader_rf685r_aribsimatic_reader_rf615r_cmiit_firmwaresimatic_reader_rf685r_etsi_firmwaresimatic_rf188ciSIMATIC Reader RF650R ARIBSIMATIC Reader RF650R ETSISIMATIC Reader RF680R CMIITSIMATIC Reader RF615R ETSISIMATIC RF166CSIMATIC Reader RF685R CMIITSIMATIC RF185CSIMATIC Reader RF610R CMIITSIMATIC Reader RF685R ETSISIMATIC Reader RF615R CMIITSIMATIC RF188CISIMATIC Reader RF610R ETSISIMATIC Reader RF685R FCCSIMATIC Reader RF615R FCCSIMATIC RF186CSIMATIC RF360RSIMATIC Reader RF680R ARIBSIMATIC RF1140RSIMATIC Reader RF685R ARIBSIMATIC RF1170RSIMATIC Reader RF680R ETSISIMATIC RF188CSIMATIC Reader RF610R FCCSIMATIC Reader RF650R CMIITSIMATIC RF186CISIMATIC Reader RF680R FCCSIMATIC Reader RF650R FCC
CWE ID-CWE-284
Improper Access Control
CVE-2020-9327
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.58%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 21:25
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Oracle CorporationCanonical Ltd.Siemens AG
Product-sinec_infrastructure_network_servicesubuntu_linuxcommunications_messaging_servercloud_backupsqlitecommunications_network_charging_and_controlzfs_storage_appliance_kitoutside_in_technologyhyperion_infrastructure_technologyenterprise_manager_ops_centermysql_workbenchn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.83%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 22:54
Updated-03 Dec, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Canonical Ltd.Fedora ProjectDebian GNU/Linuxlibxml2 (XMLSoft)Siemens AG
Product-ubuntu_linuxh500s_firmwareh410c_firmwaresteelstore_cloud_integrated_storagemysql_workbenchsinema_remote_connect_serverreal_user_experience_insighth410cpeoplesoft_enterprise_peopletoolssnapdriveh700s_firmwareclustered_data_ontapfedorah700e_firmwaresymantec_netbackuph300e_firmwareh500e_firmwarelibxml2h700sh410sh300eenterprise_manager_ops_centerh500edebian_linuxsmi-s_providerh300s_firmwareenterprise_manager_base_platformh300sh700eh500sh410s_firmwarecommunications_cloud_native_core_network_function_cloud_native_environmentn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-33737
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.32%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cp_343-1_erpc_firmwaresimatic_cp_343-1_leansimatic_cp343-1_advancedsimatic_cp_443-1simatic_cp_443-1_advanced_firmwaresimatic_cp_343-1_erpcsimatic_cp_443-1_firmwaresimatic_cp_343-1_advanced_firmwaresimatic_cp343-1simatic_cp_343-1_lean_firmwaresimatic_cp_443-1_advancedsimatic_cp_343-1_firmwareSIMATIC CP 343-1 (incl. SIPLUS variants)SIMATIC CP 343-1 ERPCSIMATIC CP 443-1 AdvancedSIPLUS NET CP 443-1 AdvancedSIMATIC CP 343-1 Lean (incl. SIPLUS variants)SIMATIC CP 443-1SIPLUS NET CP 443-1SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-28831
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.43% / 61.93%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 09:32
Updated-11 Nov, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1514sp-2_pnsimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1514sp-2_pn_firmwaresimatic_s7-1500_et_200pro_firmwaresimatic_s7-1500_cpu_1512sp_f-1_pnsimatic_s7-1500_cpu_1511c-1_pn_firmwaresiplus_s7-1500_cpu_1518hf-4_pnsimatic_s7-1500_cpu_1515t-2_pnsiplus_et_200sp_cpu_1512sp-1_pnsiplus_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1512sp-1_pnsiplus_s7-1500_cpu_1515f-2_pnsiplus_s7-1500_cpu_1516-3_pn\/dp_tx_railsimatic_s7-1500_cpu_1515-2_pnsimatic_s7-1500_cpu_1515r-2_pn_firmwaresimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1511t-1_pnsiplus_s7-1500_cpu_1517h-3_pnsimatic_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1517t-3_pn\/dpsiplus_et_200sp_cpu_1510sp_f-1_pnsiplus_et_200sp_cpu_1512sp_f-1_pn_rail_firmwaresimatic_s7-1500_cpu_1510sp-1_pn_firmwaresimatic_s7-1500_cpu_1518hf-4_pnsimatic_s7-1500_cpu_1510sp_f-1_pnsimatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dp_railsimatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odk_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_mfpsiplus_et_200sp_cpu_1512sp_f-1_pn_railsimatic_s7-1500_cpu_1516t-3_pn\/dpsimatic_s7-1500_cpu_1514spt_f-2_pnsimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1516tf-3_pn\/dpsiplus_s7-1500_cpu_1516f-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1515f-2_pn_t2_railsiplus_s7-1500_cpu_1516-3_pn\/dp_tx_rail_firmwaresimatic_s7-1500_cpu_1514spt-2_pn_firmwaresimatic_s7-1500_cpu_1513r-1_pn_firmwaresimatic_s7-1500_cpu_1518hf-4_pn_firmwaresimatic_s7-1500_cpu_1515tf-2_pn_firmwaresiplus_et_200sp_cpu_1510sp-1_pn_firmwaresiplus_et_200sp_cpu_1512sp-1_pn_railsiplus_s7-1500_cpu_1518-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1513f-1_pnsimatic_s7-1500_cpu_1517tf-3_pn\/dpsiplus_s7-1500_cpu_1515r-2_pn_firmwaresiplus_s7-1500_cpu_1518-4_pn\/dp_mfpsimatic_s7-1500_cpu_1510sp_f-1_pn_firmwaresiplus_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresimatic_drive_controller_cpu_1507d_tf_firmwaresiplus_s7-1500_cpu_1511-1_pn_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dp_rail_firmwaresimatic_s7-1500_cpu_1516tf-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511-1_pn_t1_rail_firmwaresimatic_s7-1500_cpu_1515tf-2_pnsimatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1515r-2_pnsimatic_s7-1500_cpu_1518t-4_pn\/dpsimatic_cloud_connect_7_cc712_firmwaresiplus_s7-1500_cpu_1516-3_pn\/dpsimatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1200_cpu_firmwaresimatic_s7-1500_cpu_1514spt_f-2_pn_firmwaresimatic_s7-1500_cpu_1513r-1_pnsimatic_s7-1500_cpu_1518tf-4_pn\/dpsimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1518t-4_pn\/dp_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1516t-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511-1_pn_tx_rail_firmwaresiplus_s7-1500_cpu_1511-1_pn_tx_railsimatic_s7-1500_cpu_1517h-3_pnsimatic_s7-1500_cpu_1512sp-1_pn_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_railsiplus_s7-1500_cpu_1513f-1_pn_firmwaresimatic_s7-1200_cpusimatic_cloud_connect_7_cc716_firmwaresimatic_s7-1500_et_200prosimatic_s7-1500_cpu_1514spt-2_pnsimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_rail_firmwaresiplus_s7-1500_cpu_1515f-2_pn_rail_firmwaresimatic_s7-1500_cpu_1511tf-1_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsiplus_s7-1500_cpu_1515f-2_pn_t2_rail_firmwaresiplus_et_200sp_cpu_1510sp-1_pn_railsimatic_s7-1500_cpu_1511f-1_pnsiplus_et_200sp_cpu_1512sp_f-1_pnsiplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1510sp-1_pnsiplus_s7-1500_cpu_1511-1_pn_t1_railsiplus_et_200sp_cpu_1510sp-1_pnsimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1_pnsiplus_s7-1500_cpu_1515r-2_pn_tx_railsiplus_et_200sp_cpu_1512sp-1_pn_firmwaresimatic_drive_controller_cpu_1504d_tfsiplus_et_200sp_cpu_1512sp-1_pn_rail_firmwaresiplus_et_200sp_cpu_1512sp_f-1_pn_firmwaresiplus_et_200sp_cpu_1510sp_f-1_pn_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_1515t-2_pn_firmwaresiplus_s7-1500_cpu_1516f-3_pn\/dp_railsimatic_s7-1500_cpu_s7-1518-4_pn\/dp_odk_firmwaresimatic_s7-1500_cpu_s7-1518f-4_pn\/dp_odksiplus_s7-1500_cpu_1518-4_pn\/dpsimatic_s7-1500_cpu_1517h-3_pn_firmwaresimatic_s7-1500_cpu_s7-1518-4_pn\/dp_odksiplus_et_200sp_cpu_1510sp-1_pn_rail_firmwaresimatic_s7-1500_cpu_1517t-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1518f-4_pn\/dpsiplus_s7-1500_cpu_1516f-3_pn\/dp_rail_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsiplus_s7-1500_cpu_1515r-2_pn_tx_rail_firmwaresiplus_s7-1500_cpu_1517h-3_pn_firmwaresimatic_s7-1500_cpu_1512c-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresiplus_s7-1500_cpu_1511f-1_pnsiplus_s7-1500_cpu_1515f-2_pn_railsimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1511tf-1_pn_firmwaresiplus_s7-1500_cpu_1518hf-4_pn_firmwaresimatic_s7-1500_cpu_1514sp_f-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1512c-1_pnsiplus_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1513-1_pn_firmwaresiplus_s7-1500_cpu_1513-1_pnsiplus_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1517tf-3_pn\/dp_firmwaresimatic_cloud_connect_7_cc712simatic_s7-1500_cpu_1512sp_f-1_pn_firmwaresimatic_s7-1500_cpu_1514sp_f-2_pnsiplus_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1518tf-4_pn\/dp_firmwaresiplus_s7-1500_cpu_1515r-2_pnsimatic_s7-1500_cpu_1511t-1_pn_firmwaresimatic_s7-1500_software_controllersimatic_et_200sp_open_controller_cpu_firmwaresiplus_s7-1500_cpu_1515f-2_pn_firmwaresimatic_cloud_connect_7_cc716simatic_et_200sp_open_controller_cpuSIMATIC Cloud Connect 7 CC716SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC WinCC Runtime Professional V19SIMATIC PCS 7 V9.1SIPLUS ET 200SP CPU 1512SP-1 PNSIMATIC Drive Controller CPU 1507D TFSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1511T-1 PNSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC WinCC OA V3.18SIMATIC WinCC Unified OPC UA ServerSIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIPLUS ET 200SP CPU 1510SP-1 PNSIMATIC ET 200SP CPU 1510SP F-1 PNSIMATIC NET PC Software V18SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC WinCC OPC UA ClientSIMATIC S7-1500 CPU 1516-3 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1512C-1 PNSIMATIC NET PC Software V16SIMATIC S7-1500 CPU 1515F-2 PNSIMATIC WinCC Runtime Professional V16SIPLUS S7-1500 CPU 1511-1 PNSIMATIC NET PC Software V17SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC BRAUMATSIMATIC S7-1500 CPU 1517T-3 PN/DPSIMATIC WinCC V8.0SIMATIC SISTARSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 Software Controller V3SIMATIC S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC Comfort/Mobile RTSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC ET 200SP CPU 1514SPT-2 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 Software Controller V2SIPLUS ET 200SP CPU 1512SP F-1 PNSIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC ET 200SP CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC Drive Controller CPU 1504D TFSIMATIC WinCC Runtime Professional V17SIMATIC S7-1500 CPU 1513F-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIMATIC Cloud Connect 7 CC712SIMATIC WinCC OA V3.19SIMATIC S7-1500 CPU 1511-1 PNSIMATIC WinCC V7.5SIMATIC S7-1500 CPU 1515-2 PNSIMATIC IPC DiagMonitorSIMATIC WinCC V7.4SIPLUS ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSINUMERIK ONESIMATIC S7-1500 CPU 1511F-1 PNSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC NET PC Software V14SIMATIC S7-1500 CPU 1511C-1 PNSIMATIC WinCC Runtime Professional V18SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC ET 200SP CPU 1514SP-2 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1517-3 PN/DPSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC WinCC OA V3.17SIPLUS S7-1500 CPU 1513F-1 PNSIMATIC PCS neo V4.0SIMATIC S7-1500 CPU 1513-1 PNSIPLUS S7-1500 CPU 1513-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSINUMERIK MCSIMATIC S7-1500 CPU 1518T-4 PN/DPSIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU 1511TF-1 PN
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10931
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.75%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 21:17
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition.

Action-Not Available
Vendor-Siemens AG
Product-6md857sa867sj826md867um857sj857ut867ss85siprotec_5_digsi_device_driver7sa877vk877ve856md897ut877sa827ut857sl827sd867ke857sl867sd827sk857sk827ut827sd877sj867sl87digsi_5_engineering_softwareSIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modulesAll other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modulesSIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modulesDIGSI 5 engineering softwareSIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modulesSIPROTEC 5 device types 7SS85 and 7KE85
CWE ID-CWE-248
Uncaught Exception
CVE-2019-10923
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.95%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 13:49
Updated-11 Feb, 2025 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-300_cpu_313simatic_winac_rtx_\(f\)cp1604_firmwaresinamics_s150_firmwaresimatic_et_200mdk_standard_ethernet_controllersinamics_dcm_firmwaresimatic_s7-400_v6sinamics_gm150simatic_et_200ecopn_firmwaresinamics_gl150_firmwaresimatic_s7-400_pn_v7_firmwaresimatic_s7-400_dp_v7sinamics_gl150sinumerik_840d_slscalance_x-200irtsimatic_s7-300_cpu_firmwaresimatic_s7-400_pn_v7sinamics_gh150cp1616simatic_et_200s_firmwaresimatic_s7-300_cpu_316-2_dp_firmwaresinamics_dcmsimatic_pn\/pn_coupler_6es7158-3ad01-0xa0sinamics_sm120scalance_x-200irt_firmwaresinamics_g120simatic_s7-300_cpu_315-2_dpsimatic_s7-300_cpu_315_firmwaresimotion_firmwaresimotionsinumerik_828dcp1616_firmwaresinamics_sl150_firmwaresinamics_s150ek-ertec_200ek-ertec_200_firmwaresinamics_dcp_firmwaresimatic_s7-300_cpusimatic_s7-300_cpu_314_firmwaresimatic_s7-400_v6_firmwarecp1604simatic_s7-300_cpu_314ek-ertec_200p_firmwaresimatic_et_200m_firmwaresimatic_s7-300_cpu_318-2_firmwaresimatic_s7-300_cpu_313_firmwaresimatic_et_200ssimatic_s7-400_dp_v7_firmwaredk_standard_ethernet_controller_firmwaresimatic_s7-300_cpu_318-2sinamics_s110sinamics_gm150_firmwaresinamics_g150sinamics_g130simatic_s7-300_cpu_315-2_dp_firmwaresimatic_s7-300_cpu_315simatic_s7-300_cpu_312_ifm_firmwaresinamics_g110mek-ertec_200psinamics_g110m_firmwaresinamics_gh150_firmwaresinamics_dcpsinamics_sl150simatic_et_200ecopnsimatic_pn\/pn_coupler_6es7158-3ad01-0xa0_firmwaresimatic_s7-300_cpu_314_ifmsimatic_s7-300_cpu_312_ifmsimatic_s7-300_cpu_314_ifm_firmwaresimatic_s7-300_cpu_316-2_dpsinamics_sm120_firmwaresinamics_g150_firmwaresinamics_s120sinamics_g130_firmwaresinamics_s120_firmwaresimatic_winac_rtx_\(f\)_firmwaresinamics_s110_firmwaresinamics_g120_firmwareSINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)SINAMICS SM120 V4.7 Control UnitSIPLUS ET 200SP IM 155-6 PN STSIMATIC ET 200MP IM 155-5 PN STSIPLUS ET 200S IM 151-8 PN/DP CPUSIPLUS S7-300 CPU 315-2 PN/DPSIMATIC S7-300 CPU 317T-3 PN/DPSINUMERIK 828DSINAMICS GL150 V4.7 Control UnitSIPLUS S7-300 CPU 317F-2 PN/DPSIPLUS ET 200SP IM 155-6 PN ST BA TX RAILSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIPLUS ET 200SP IM 155-6 PN HFDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200SIMATIC ET200ecoPN: IO-Link MasterSIMATIC ET200ecoPN, 8AI RTD/TC 8xM12SIMATIC ET 200SP IM 155-6 PN HFSIMATIC ET200ecoPN, 8DI, DC24V, 8xM12SIPLUS S7-300 CPU 314C-2 PN/DPSCALANCE X-200IRT family (incl. SIPLUS NET variants)SIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIMATIC PN/PN Coupler (incl. SIPLUS NET variants)SIMATIC S7-400 CPU 416-3 PN/DP V7SIMATIC S7-300 CPU 315F-2 PN/DPSINUMERIK 840D slSIMATIC ET 200pro IM 154-8 PN/DP CPUSIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12SINAMICS G150SINAMICS GH150 V4.7 Control UnitSIMATIC S7-300 CPU 314C-2 PN/DPSINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)SIMATIC ET200ecoPN, 4AO U/I 4xM12SIMATIC S7-400 CPU 414-3 PN/DP V7SINAMICS DCPSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12SIMATIC WinAC RTX 2010SIMATIC ET 200pro IM 154-3 PN HFSIMATIC ET 200M (incl. SIPLUS variants)SIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC ET 200S IM 151-8 PN/DP CPUSIMATIC S7-400 CPU 416F-3 PN/DP V7SINAMICS GM150 V4.7 Control UnitSIMATIC CP 1616Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ControllerSIPLUS ET 200SP IM 155-6 PN ST TX RAILSIMATIC S7-400 CPU 414F-3 PN/DP V7SIMATIC ET 200S IM 151-8F PN/DP CPUSIMATIC ET 200pro IM 154-8F PN/DP CPUDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200PSIMATIC S7-300 CPU 315-2 PN/DPSIMATIC ET 200MP IM 155-5 PN HFSIMATIC S7-300 CPU 319F-3 PN/DPSIPLUS ET 200MP IM 155-5 PN ST TX RAILSIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12SIMATIC S7-300 CPU 317-2 PN/DPSIMATIC ET 200SP IM 155-6 PN ST BASIMATIC S7-300 CPU 317TF-3 PN/DPSIMATIC ET 200SP IM 155-6 PN STSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SIPLUS S7-300 CPU 317-2 PN/DPSIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12SIMATIC ET 200pro IM 154-4 PN HFSIPLUS ET 200S IM 151-8F PN/DP CPUSIPLUS ET 200SP IM 155-6 PN ST BASIMATIC CP 1604SIMATIC S7-400 CPU 412-2 PN V7SIPLUS ET 200MP IM 155-5 PN HFSINAMICS DCMSIMOTIONSIMATIC S7-300 CPU 319-3 PN/DPSIMATIC ET200S (incl. SIPLUS variants)SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12SIMATIC S7-300 CPU 317F-2 PN/DPSIMATIC WinAC RTX F 2010SINAMICS S150SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12SINAMICS G110M V4.7 Control UnitSINAMICS G130SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12SIMATIC ET 200pro IM 154-8FX PN/DP CPUSIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12SIPLUS ET 200MP IM 155-5 PN STSINAMICS SL150 V4.7 Control UnitSIMATIC S7-300 CPU 315T-3 PN/DPSINAMICS S110 Control Unit
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-10953
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.41%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:02
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

Action-Not Available
Vendor-wagon/aABBPhoenix Contact GmbH & Co. KGSiemens AG
Product-ethernet_firmwarebacnet\/ip6es7211-1ae40-0xb0modicon_m221_firmwareknx_ip_firmwareknx_ipethernet6es7314-6eh04-0ab0modicon_m221pm554-tp-eth_firmware6es7314-6eh04-0ab0_firmware6ed1052-1cc01-0ba8pm554-tp-eth6es7211-1ae40-0xb0_firmwarepfc100_firmwarepfc100ilc_151_eth_firmwarebacnet\/ip_firmware6ed1052-1cc01-0ba8_firmwareilc_151_ethABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-10936
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.99% / 83.29%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 00:00
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1511csimatic_s7-1500_cpudk_standard_ethernet_controllersimatic_s7-400h_v6_firmwaresimatic_et_200sp_im_155-6_pn_st_firmwaresimatic_et_200ecopn_firmwaresimatic_s7-1200_cpu_1212csimatic_s7-1500s_cpusinamics_gl150_firmwaresimatic_s7-400_pn_v7_firmwaresimatic_s7-400_dp_v7sinamics_gl150simatic_s7-300_cpu_firmwaresimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-400_pn_v7simatic_hmi_comfort_panels_22\"simatic_et_200sp_im_155-6_pn\/2_hfsimatic_et_200pro_firmwaresimatic_profinet_driver_firmwaresimatic_s7-410_v8_firmwaresinamics_dcmsimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_et_200mp_im_155-5_pn_hfsimatic_hmi_ktp_mobile_panelssimatic_et_200mp_im_155-5_pn_basimatic_et_200sp_im_155-6_pn_stsinumerik_828dsimatic_hmi_comfort_panels_4\"sinamics_s150ek-ertec_200simatic_hmi_comfort_outdoor_panels_15\"simatic_s7-1200_cpu_1214c_firmwaresimatic_s7-300_cpusimatic_s7-300_cpu_314_firmwaresimatic_s7-1200_cpu_1211c_firmwaresimatic_et_200sp_im_155-6_pn_basimatic_s7-1200_cpu_1214csimatic_s7-400_v6_firmwaresimatic_et_200sp_im_155-6_pn_hssimatic_s7-300_cpu_314ek-ertec_200p_firmwaresimatic_s7-300_cpu_318-2_firmwaresimatic_s7-300_cpu_313_firmwaresimatic_et_200sp_im_155-6_pn_hfsinamics_gm150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_g150simatic_s7-300_cpu_312_ifm_firmwaresimatic_et_200mp_im_155-5_pn_hf_firmwaresimatic_et_200sp_im_155-6_pn\/2_hf_firmwaresinamics_sl150simatic_s7-1500t_cpu_firmwaresimatic_et_200mp_im_155-5_pn_stsimatic_et_200ecopnsimatic_et_200alsimatic_s7-300_cpu_312_ifmsimatic_s7-1500_cpu_1518simatic_s7-300_cpu_316-2_dpsimatic_pn\/pn_couplersinamics_s120simatic_s7-1500_cpu_1518_firmwaresimatic_cfu_pa_firmwaresimatic_et_200prosinumerik_840d_slsimatic_s7-300_cpu_313simatic_et_200sp_im_155-6_pn_hasimatic_cfu_pasinamics_s150_firmwaresimatic_et_200msinamics_dcm_firmwaresimatic_s7-400_v6sinamics_gm150simatic_et_200sp_im_155-6_pn_ba_firmwaresimatic_s7-400h_v6simatic_et_200al_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresimatic_s7-1500t_cpusimatic_s7-410_v8simatic_s7-1200_cpu_1212c_firmwaresimatic_et_200s_firmwaresimatic_s7-300_cpu_316-2_dp_firmwaresimatic_et_200mp_im_155-5_pn_st_firmwaresimatic_hmi_ktp_mobile_panels_firmwaresimatic_et_200sp_im_155-6_pn_ha_firmwaresimatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_s7-1500_cpu_1512csimatic_s7-300_cpu_315_firmwaresimatic_s7-300_cpu_315-2_dpsinamics_g120simatic_s7-1200_cpusinamics_sl150_firmwaresimatic_hmi_comfort_panels_22\"_firmwareek-ertec_200_firmwaresinamics_dcp_firmwaresimatic_winac_rtx_\(f\)_2010simatic_s7-1500_cpu_firmwaresimatic_et_200sp_im_155-6_pn\/3_hfsimatic_s7-1500s_cpu_firmwaresimatic_et_200m_firmwaresimatic_et_200ssimatic_profinet_driversimatic_s7-400_dp_v7_firmwaredk_standard_ethernet_controller_firmwaresimatic_s7-300_cpu_318-2simatic_s7-1500_cpu_1511c_firmwaresinamics_s110simatic_et_200sp_im_155-6_pn_hs_firmwaresimatic_et_200mp_im_155-5_pn_ba_firmwaresimatic_s7-300_cpu_315-2_dp_firmwaresimatic_pn\/pn_coupler_firmwaresimatic_s7-300_cpu_315sinamics_g110msinamics_g130ek-ertec_200psinamics_g110m_firmwaresinamics_dcpsimatic_s7-1200_cpu_firmwaresimatic_s7-300_cpu_314_ifmsimatic_s7-1200_cpu_1211csimatic_et_200sp_im_155-6_pn\/3_hf_firmwaresimatic_s7-300_cpu_314_ifm_firmwaresinamics_sm120_firmwaresinamics_g150_firmwaresimatic_et_200sp_im_155-6_pn_hf_firmwaresinamics_g130_firmwaresinamics_s120_firmwaresimatic_winac_rtx_\(f\)_firmwaresinamics_s110_firmwaresinamics_g120_firmwareSINAMICS GM150 V4.7 Control UnitSINUMERIK 840D slSIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12SIMATIC ET200ecoPN, 4AO U/I 4xM12SIPLUS ET 200MP IM 155-5 PN HF T1 RAILSINAMICS S110 Control UnitSIMATIC ET 200SP IM 155-6 PN HFSIMATIC S7-400 CPU 414F-3 PN/DP V7SIPLUS NET PN/PN CouplerSIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSINAMICS DCMSIPLUS ET 200SP IM 155-6 PN HFSIMATIC ET 200SP IM 155-6 PN STSIMATIC S7-300 CPU 315F-2 PN/DPSIMATIC HMI Comfort Panels (incl. SIPLUS variants)SIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-300 CPU 317TF-3 PN/DPSIMATIC ET 200SP IM 155-6 PN HSSIMATIC ET200ecoPN: IO-Link MasterSINAMICS S150 Control UnitSINAMICS G150 Control UnitSIMATIC PN/PN CouplerSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC ET 200SP IM 155-6 PN BASIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12SIMATIC S7-400 CPU 416F-3 PN/DP V7SIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIPLUS ET 200SP IM 155-6 PN ST TX RAILSIMATIC ET 200SP IM 155-6 PN/2 HFSINAMICS G110M V4.7 PN Control UnitSIMATIC S7-300 CPU 319-3 PN/DPSIMATIC ET 200pro IM 154-8F PN/DP CPUSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIMATIC ET 200SP IM 155-6 PN ST BASIMATIC ET 200S IM 151-8 PN/DP CPUSIMATIC CFU PASIMATIC ET 200MP IM 155-5 PN HFSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SINAMICS DCPSINAMICS G130 V4.7 Control UnitSIMATIC ET 200S IM 151-8F PN/DP CPUSIMATIC ET200ecoPN, 16DI, DC24V, 8xM12SIMATIC HMI Comfort Outdoor Panels (incl. SIPLUS variants)SIMATIC ET 200pro IM 154-4 PN HFSIMATIC S7-1500 Software ControllerSIMATIC ET 200MP IM 155-5 PN STSINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)SIPLUS S7-300 CPU 317-2 PN/DPSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC TDC CPU555SINAMICS GH150 V4.7 Control UnitSIMATIC ET200S (incl. SIPLUS variants)SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIMATIC ET 200SP IM 155-6 PN/3 HFSIPLUS S7-300 CPU 314C-2 PN/DPSIPLUS ET 200S IM 151-8F PN/DP CPUSIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12SIMATIC TDC CP51M1SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12SIMATIC WinAC RTX 2010SIMATIC ET 200MP IM 155-5 PN BASIMATIC ET 200pro IM 154-8FX PN/DP CPUSIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12SIMATIC HMI KTP Mobile PanelsDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200PSIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SIPLUS ET 200SP IM 155-6 PN ST BASIMATIC ET 200pro IM 154-3 PN HFSIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC S7-300 CPU 314C-2 PN/DPDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12SIMATIC PROFINET DriverDevelopment/Evaluation Kits for PROFINET IO: DK Standard Ethernet ControllerSINUMERIK 828DSIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12SIPLUS S7-300 CPU 315-2 PN/DPSIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12SIMATIC S7-300 CPU 315-2 PN/DPSIPLUS ET 200SP IM 155-6 PN ST BA TX RAILSIMATIC S7-300 CPU 319F-3 PN/DPSINAMICS GL150 V4.7 Control UnitSIMATIC ET 200M (incl. SIPLUS variants)SIMATIC ET 200pro IM 154-8 PN/DP CPUSIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIPLUS ET 200MP IM 155-5 PN STSIPLUS ET 200S IM 151-8 PN/DP CPUSIMATIC WinAC RTX F 2010SIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC ET 200AL IM 157-1 PNSIMATIC ET200ecoPN, 8DI, DC24V, 8xM12SIPLUS ET 200SP IM 155-6 PN STSIPLUS ET 200MP IM 155-5 PN ST TX RAILSIMATIC S7-400 CPU 412-2 PN V7SINAMICS SM120 V4.7 Control UnitSIPLUS ET 200MP IM 155-5 PN HFSINAMICS SL150 V4.7 Control UnitSINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)SIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)simatic_winac_rtx_\(f\)_2010simatic_tdc_cpu555_firmwaresimatic_et_200sp_firmwaresimatic_tdc_cp51m1_firmwaresiplus_s7-300_cpu_314simatic_s7-1500_cpusimatic_et200ecopn_firmwaresimatic_cfu_pasimatic_s7-400_h_v6_firmwareek-ertec_200p_firmwaresimatic_et_200m_firmwaresinamics_gm150simatic_profinet_driversimatic_s7-300_cpu_315f-2_dp_firmwaredk_standard_ethernet_controller_firmwaresimatic_s7-400_cpu_416-3_pn\/dpsinamics_gl150simatic_s7-300_cpu_317-2_dp_firmwaresimatic_et_200al_firmwaresimatic_s7-400_pn\/dp_v6_firmwaresinamics_s110sinamics_g150simatic_winac_rtx_2010simatic_s7-300_cpu_315-2_dp_firmwaresinamics_g130sinamics_g110msinamics_gh150simatic_et_200mp_firmwaresinamics_dcpsinamics_sl150simatic_et_200s_firmwaresimatic_et_200pro_firmwaresimatic_s7-410_cpu_firmwaresimatic_pn\/pn_coupler_6es7158-3ad01-0xa0sinamics_dcmsimatic_hmi_comfort_outdoor_panelssimatic_s7-400_cpu_412-2_pnsinamics_sm120sinamics_g120simatic_et200s_firmwaresimatic_s7-400_cpu_414-3_pn\/dpsinumerik_828dsimatic_s7-1200_cpusimatic_s7-300_cpu_319-3_pn\/dp_firmwaresinamics_s120ek-ertec_200_firmwaresimatic_s7-1500_controllersimatic_s7-300_cpu_314_firmwaresimatic_s7-300_cpu_317-2_pn\/dp_firmwaresinumerik_840d_sl
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2002-20001
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.68% / 94.32%
||
7 Day CHG~0.00%
Published-11 Nov, 2021 | 00:00
Updated-22 Aug, 2025 | 10:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.

Action-Not Available
Vendor-balasysstormshieldn/aHewlett Packard Enterprise (HPE)SUSEF5, Inc.Siemens AG
Product-aruba_cx_8400big-ip_ddos_hybrid_defenderbig-iq_centralized_managementbig-ip_webacceleratoraruba_cx_4100ibig-ip_application_visibility_and_reportingaruba_cx_6300mbig-ip_access_policy_managerf5os-aaruba_cx_6200faruba_cx_6410big-ip_global_traffic_managerbig-ip_local_traffic_managerarubaos-cxaruba_cx_8360-12cbig-ip_domain_name_systembig-ip_carrier-grade_nataruba_cx_6200mbig-ip_application_acceleration_managerscalance_w1750d_firmwarearuba_cx_8360-32y4caruba_cx_8325-48y8cbig-ip_websafearuba_cx_8360-16y2cstormshield_management_centeraruba_cx_8325-32caruba_cx_6405dheateraruba_cx_6300fbig-ip_ssl_orchestratoraruba_cx_8360-48y6cbig-ip_analyticsbig-ip_fraud_protection_servicebig-ip_service_proxyscalance_w1750dbig-ip_advanced_web_application_firewallaruba_cx_6100linux_enterprise_serverbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_edge_gatewayaruba_cx_8360-24xf2caruba_cx_8320traffix_signaling_delivery_controllerbig-ip_policy_enforcement_managerf5os-caruba_cx_8360-48xt4cstormshield_network_securitybig-ip_link_controllern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-29105
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 52.81%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 11:51
Updated-28 Jan, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).

Action-Not Available
Vendor-Siemens AG
Product-6gk1411-1ac00_firmware6gk1411-5ac00_firmware6gk1411-1ac006gk1411-5ac00SIMATIC Cloud Connect 7 CC716SIMATIC Cloud Connect 7 CC712
CWE ID-CWE-544
Missing Standardized Error Handling Mechanism
CVE-2020-35684
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.49%
||
7 Day CHG~0.00%
Published-19 Aug, 2021 | 11:19
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is set to be smaller than the size of the IP header, the TCP checksum computation function may read out of bounds (a low-impact write-out-of-bounds is also possible).

Action-Not Available
Vendor-hcc-embeddedn/aSiemens AG
Product-sentron_3wa_com190_firmwaresentron_3wl_com35_firmwaresentron_3wa_com190sentron_3wl_com35nichestackn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-27385
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.00%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsinamics_gm150simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_sm150isinamics_gl150_firmwaresinamics_gl150simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_gm150_firmwaresinamics_sm150simatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_gh150simatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_gh150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsinamics_sh150sinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_comfort_panels_4\"sinamics_sl150_firmwaresinamics_sm150i_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsinamics_sm120_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SINAMICS SM150iSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SINAMICS GH150SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SINAMICS GL150 (with option X30)SINAMICS SH150SIMATIC WinCC Runtime Advanced V15SINAMICS SL150SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SINAMICS SM120SINAMICS SM150
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-27942
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.91%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-06 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_crossbowRUGGEDCOM CROSSBOWruggedcom_crossbow
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-5391
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-5.10% / 89.58%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.F5, Inc.Siemens AGLinux Kernel Organization, IncMicrosoft Corporation
Product-ubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerenterprise_linux_server_euswindows_8.1big-ip_policy_enforcement_managerenterprise_linux_server_ausscalance_sc-600_firmwaresimatic_rf188_firmwareruggedcom_rm1224_firmwarebig-ip_local_traffic_managersimatic_net_cp_1243-7_lte_uswindows_10simatic_net_cp_1243-7_lte_us_firmwarescalance_w700_ieee_802.11a\/b\/g\/nsinema_remote_connect_serverenterprise_linux_workstationsimatic_net_cp_1243-1simatic_net_cp_1243-7_lte_eu_firmwaresimatic_rf185c_firmwarescalance_s615_firmwaresimatic_net_cp_1543sp-1enterprise_linux_desktopsimatic_net_cp_1543-1scalance_m-800_firmwaresimatic_net_cp_1242-7_firmwaresimatic_net_cp_1542sp-1_firmwarebig-ip_domain_name_systemsimatic_net_cp_1543sp-1_firmwarescalance_w1700_ieee_802.11ac_firmwareruggedcom_rox_iisimatic_net_cp_1542sp-1big-ip_edge_gatewaydebian_linuxlinux_kernelsimatic_net_cp_1543-1_firmwarescalance_sc-600simatic_net_cp_1242-7simatic_net_cp_1243-1_firmwarewindows_server_2008simatic_net_cp_1542sp-1_irc_firmwareenterprise_linux_serverwindows_server_2016windows_server_2012simatic_rf188big-ip_fraud_protection_serviceruggedcom_rox_ii_firmwarescalance_w700_ieee_802.11a\/b\/g\/n_firmwaresimatic_rf186c_firmwaresimatic_net_cp_1542sp-1_ircbig-ip_application_security_managerruggedcom_rm1224simatic_rf185cscalance_s615simatic_rf186cisimatic_net_cp_1243-8_ircbig-ip_access_policy_managersimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwaresimatic_rf188ci_firmwaresinema_remote_connect_server_firmwarewindows_rt_8.1big-ip_global_traffic_managerbig-ip_analyticssimatic_rf186cbig-ip_link_controllerscalance_w1700_ieee_802.11acwindows_7scalance_m-800enterprise_linux_server_tusbig-ip_advanced_firewall_managersimatic_rf188cisimatic_net_cp_1243-7_lte_euKernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2020-35683
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.86%
||
7 Day CHG~0.00%
Published-19 Aug, 2021 | 11:13
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.

Action-Not Available
Vendor-hcc-embeddedn/aSiemens AG
Product-7km9300-0ae02-0aa0nichestack7km9300-0ae02-0aa0_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-51440
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 09:00
Updated-16 Dec, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.

Action-Not Available
Vendor-Siemens AG
Product-siplus_net_cp_343-1_lean_firmwaresimatic_cp_343-1_leansimatic_cp_343-1simatic_cp_343-1_lean_firmwaresiplus_net_cp_343-1_leansiplus_net_cp_343-1_firmwaresimatic_cp_343-1_firmwaresiplus_net_cp_343-1SIPLUS NET CP 343-1SIMATIC CP 343-1SIPLUS NET CP 343-1 LeanSIMATIC CP 343-1 Lean
CWE ID-CWE-940
Improper Verification of Source of a Communication Channel
CVE-2021-25662
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.47%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsimatic_hmi_ktp_mobile_panels_ktp400fsimatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"simatic_hmi_comfort_panels_4\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsimatic_hmi_ktp_mobile_panels_ktp700_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SIMATIC WinCC Runtime Advanced V15
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-28766
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.77%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 09:03
Updated-11 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_7sj82_firmwaresiprotec_5_7sl82siprotec_5_7sj86_firmwaresiprotec_5_7sk82_firmwaresiprotec_5_7ke85siprotec_5_6md86_firmwaresiprotec_5_communication_module_ethba2el_firmwaresiprotec_5_7ve85siprotec_5_7sd86siprotec_5_7ut85_firmwaresiprotec_5_7vu85siprotec_5_7sj85_firmwaresiprotec_5_7vk87siprotec_5_7st86_firmwaresiprotec_5_7sx82siprotec_5_7sl87siprotec_5_7sj86siprotec_5_6md86siprotec_5_7vk87_firmwaresiprotec_5_7sa86siprotec_5_compact_7sx800siprotec_5_7ut87_firmwaresiprotec_5_7sl86siprotec_5_7sk85siprotec_5_7sj81siprotec_5_communication_module_ethbd2fo_firmwaresiprotec_5_7sk82siprotec_5_6md85_firmwaresiprotec_5_7ut82_firmwaresiprotec_5_compact_7sx800_firmwaresiprotec_5_communication_module_ethbb2fosiprotec_5_7um85siprotec_5_7st85siprotec_5_7sa84_firmwaresiprotec_5_7sx82_firmwaresiprotec_5_7sd84_firmwaresiprotec_5_6md89_firmwaresiprotec_5_7ut85siprotec_5_7sa82siprotec_5_7sa87_firmwaresiprotec_5_7sj85siprotec_5_communication_module_ethbb2fo_firmwaresiprotec_5_7sj82siprotec_5_7sl87_firmwaresiprotec_5_7sd87siprotec_5_7ve85_firmwaresiprotec_5_7sa82_firmwaresiprotec_5_7ut86siprotec_5_7st85_firmwaresiprotec_5_7sa87siprotec_5_6mu85siprotec_5_7sx85_firmwaresiprotec_5_6mu85_firmwaresiprotec_5_7um85_firmwaresiprotec_5_6md89siprotec_5_7sd82_firmwaresiprotec_5_7ut87siprotec_5_7ut86_firmwaresiprotec_5_7sd84siprotec_5_7sx85siprotec_5_7ss85_firmwaresiprotec_5_7ke85_firmwaresiprotec_5_6md85siprotec_5_7sl82_firmwaresiprotec_5_7vu85_firmwaresiprotec_5_7sk85_firmwaresiprotec_5_7sl86_firmwaresiprotec_5_7ut82siprotec_5_7sd82siprotec_5_communication_module_ethba2elsiprotec_5_7sj81_firmwaresiprotec_5_7sd86_firmwaresiprotec_5_communication_module_ethbd2fosiprotec_5_7sa86_firmwaresiprotec_5_7st86siprotec_5_7ss85siprotec_5_7sa84siprotec_5_7sd87_firmwareSIPROTEC 5 7ST85 (CP300)SIPROTEC 5 7SK82 (CP150)SIPROTEC 5 7UT86 (CP300)SIPROTEC 5 7SA82 (CP150)SIPROTEC 5 7SJ81 (CP100)SIPROTEC 5 7SD82 (CP100)SIPROTEC 5 6MU85 (CP300)SIPROTEC 5 6MD86 (CP300)SIPROTEC 5 7SJ81 (CP150)SIPROTEC 5 7SA82 (CP100)SIPROTEC 5 7SD82 (CP150)SIPROTEC 5 7SX82 (CP150)SIPROTEC 5 7SK85 (CP300)SIPROTEC 5 7SX85 (CP300)SIPROTEC 5 7SK82 (CP100)SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)SIPROTEC 5 7UT85 (CP300)SIPROTEC 5 7SJ82 (CP100)SIPROTEC 5 7SL87 (CP300)SIPROTEC 5 Communication Module ETH-BD-2FOSIPROTEC 5 7SJ82 (CP150)SIPROTEC 5 7ST86 (CP300)SIPROTEC 5 7UT82 (CP100)SIPROTEC 5 7SA86 (CP300)SIPROTEC 5 7UM85 (CP300)SIPROTEC 5 7UT87 (CP300)SIPROTEC 5 6MD85 (CP300)SIPROTEC 5 7VE85 (CP300)SIPROTEC 5 7SD87 (CP300)SIPROTEC 5 7SD86 (CP300)SIPROTEC 5 7VK87 (CP300)SIPROTEC 5 7VU85 (CP300)SIPROTEC 5 7SS85 (CP300)SIPROTEC 5 7SL82 (CP150)SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)SIPROTEC 5 7SJ86 (CP300)SIPROTEC 5 7SL86 (CP300)SIPROTEC 5 7KE85 (CP300)SIPROTEC 5 7UT82 (CP150)SIPROTEC 5 7SA87 (CP300)SIPROTEC 5 Compact 7SX800 (CP050)SIPROTEC 5 7SL82 (CP100)SIPROTEC 5 7SJ85 (CP300)SIPROTEC 5 6MD89 (CP300)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-25663
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.52% / 66.36%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-11 Mar, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.

Action-Not Available
Vendor-Siemens AG
Product-nucleus_netcapital_vstarnucleus_readystartnucleus_source_codeNucleus Source CodeNucleus NETCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11Nucleus ReadyStart V4Nucleus ReadyStart V3
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-25664
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.52% / 66.36%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-11 Mar, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3nucleus_readystart_v4capital_vstarnucleus_netnucleus_source_codeNucleus Source CodeNucleus NETCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11Nucleus ReadyStart V4Nucleus ReadyStart V3
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-25215
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-8
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.38% / 79.94%
||
7 Day CHG-0.12%
Published-29 Apr, 2021 | 00:55
Updated-16 Sep, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.Debian GNU/LinuxNetApp, Inc.Oracle CorporationSiemens AGFedora Project
Product-h300e500f_firmwarea250_firmwareh500scloud_backuptekelec_platform_distributionh300s_firmwareactive_iq_unified_managerh410sh300sh300e_firmwaresinec_infrastructure_network_services500fdebian_linuxh500eh410s_firmwarefedorah500s_firmwareh500e_firmwareh700s_firmwarea250h700ebindh700e_firmwareh700sBIND9
CWE ID-CWE-617
Reachable Assertion
CVE-2021-25143
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.76%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 19:03
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-scalance_w1750d_firmwareinstantscalance_w1750dAruba Instant Access Points
CVE-2018-25032
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 00:00
Updated-21 Aug, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Action-Not Available
Vendor-azulgotozlibn/aNetApp, Inc.Fedora ProjectDebian GNU/LinuxSparkle MotionSiemens AGMicrosoft CorporationPython Software FoundationApple Inc.MariaDB Foundation
Product-h410cmacospythonhci_compute_nodeh500s_firmwareh300s_firmwarescalance_sc642-2c_firmwaremac_os_xscalance_sc646-2c_firmwareh700s_firmwaremariadbscalance_sc622-2c_firmwaremanagement_services_for_element_softwarescalance_sc632-2c_firmwarezlibh410sh410s_firmwarenokogiriontap_select_deploy_administration_utilityscalance_sc636-2cfedorawindowsscalance_sc642-2cgotoassisth300sscalance_sc626-2czuluscalance_sc626-2c_firmwarescalance_sc636-2c_firmwareh410c_firmwarescalance_sc646-2cactive_iq_unified_managerscalance_sc622-2ce-series_santricity_os_controllerh700sdebian_linuxscalance_sc632-2ch500soncommand_workflow_automationn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22883
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-91.12% / 99.63%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:38
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Oracle CorporationNetApp, Inc.Siemens AGFedora Project
Product-sinec_infrastructure_network_servicespeoplesoft_enterprise_peopletoolsgraalvme-series_performance_analyzermysql_clusternosql_databasefedorajd_edwards_enterpriseone_toolsnode.jsNode
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2024-22040
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.08%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 10:21
Updated-16 Dec, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service.

Action-Not Available
Vendor-Siemens AG
Product-Desigo Fire Safety UL Compact Panel FC2025/2050Sinteso FS20 EN Fire Panel FC20 MP6Sinteso MobileSinteso FS20 EN X200 Cloud Distribution MP8Sinteso FS20 EN X200 Cloud Distribution MP7Cerberus PRO EN X200 Cloud Distribution IP8Cerberus PRO EN X300 Cloud Distribution IP8Cerberus PRO UL X300 Cloud DistributionCerberus PRO EN X200 Cloud Distribution IP7Cerberus PRO UL Compact Panel FC922/924Sinteso FS20 EN Fire Panel FC20 MP8Cerberus PRO EN Fire Panel FC72x IP7Desigo Fire Safety UL X300 Cloud DistributionSinteso FS20 EN Engineering ToolCerberus PRO EN Engineering ToolSinteso FS20 EN X300 Cloud Distribution MP8Sinteso FS20 EN Fire Panel FC20 MP7Cerberus PRO EN Fire Panel FC72x IP8Cerberus PRO EN X300 Cloud Distribution IP7Desigo Fire Safety UL Engineering ToolCerberus PRO UL Engineering ToolCerberus PRO EN Fire Panel FC72x IP6Sinteso FS20 EN X300 Cloud Distribution MP7sinteso_fs20_en_engineering_toolcerberus_pro_en_x300_cloud_distributioncerberus_pro_ul_engineering_toolcerberus_pro_en_engineering_tooldesigo_fire_safety_ul_engineering_toolcerberus_pro_ul_compact_panelsinteso_fs20_en_x300_cloud_distributionsinteso_fs20_en_fire_panel_fc20cerberus_pro_ul_x300_cloudcerberus_pro_en_x200_cloud_distributionsinteso_mobilesinteso_fs20_en_x200_cloud_distributiondesigo_fire_safety_ul_compact_panelcerberus_pro_en_fire_panel_fc72x
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-16890
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.40% / 80.09%
||
7 Day CHG~0.00%
Published-06 Feb, 2019 | 20:00
Updated-05 Aug, 2024 | 10:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

Action-Not Available
Vendor-NetApp, Inc.Debian GNU/LinuxOracle CorporationRed Hat, Inc.Canonical Ltd.F5, Inc.Siemens AGCURL
Product-libcurlclustered_data_ontapubuntu_linuxdebian_linuxcommunications_operations_monitorhttp_serversecure_global_desktopenterprise_linuxsinema_remote_connect_clientbig-ip_access_policy_managercurl
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-20094
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-2.54% / 85.15%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 11:09
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to crash the CodeMeter Runtime Server.

Action-Not Available
Vendor-wibun/aSiemens AG
Product-sicam_230pss_capesicam_230_firmwarecodemeterWibu-Systems CodeMeter
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-27827
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.13%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 00:00
Updated-03 Dec, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-openvswitchlldpd_projectn/aFedora ProjectRed Hat, Inc.Siemens AG
Product-simatic_net_cp_1243-8_irc_firmwaresimatic_net_cp_1543sp-1_firmwaresimatic_net_cp_1545-1_firmwaretim_1531_ircsinumerik_one_firmwareopenshift_container_platformsimatic_net_cp_1542sp-1_ircsimatic_net_cp_1543sp-1simatic_net_cp_1243-1tim_1531_irc_firmwaresimatic_net_cp_1542sp-1simatic_hmi_unified_comfort_panelssinumerik_onesimatic_net_cp_1543-1_firmwarevirtualizationsimatic_net_cp_1243-8_ircsimatic_net_cp_1243-1_firmwareenterprise_linuxfedorasimatic_net_cp_1543-1openvswitchsimatic_net_cp_1545-1simatic_net_cp_1542sp-1_irc_firmwareopenstacksimatic_hmi_unified_comfort_panels_firmwarelldpdsimatic_net_cp_1542sp-1_firmwarelldp/openvswitch
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 13
  • 14
  • Next
Details not found