Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-27664

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-26 Mar, 2026 | 14:03
Updated At-14 Apr, 2026 | 18:24
Rejected At-
Credits

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:26 Mar, 2026 | 14:03
Updated At:14 Apr, 2026 | 18:24
Rejected At:
â–¼CVE Numbering Authority (CNA)

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.

Affected Products
Vendor
Siemens AGSiemens
Product
CPCI85 Central Processing/Communication
Default Status
unknown
Versions
Affected
  • From 0 before V26.10 (custom)
Vendor
Siemens AGSiemens
Product
SICORE Base system
Default Status
unknown
Versions
Affected
  • From 0 before V26.10.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-246443.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-246443.html
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2026/Apr/7
N/A
Hyperlink: http://seclists.org/fulldisclosure/2026/Apr/7
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:26 Mar, 2026 | 15:16
Updated At:14 Apr, 2026 | 19:16

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-787Secondaryproductcert@siemens.com
CWE ID: CWE-787
Type: Secondary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/html/ssa-246443.htmlproductcert@siemens.com
N/A
http://seclists.org/fulldisclosure/2026/Apr/7af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-246443.html
Source: productcert@siemens.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2026/Apr/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1157Records found
CVE-2021-25676
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.33% / 56.10%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 17:03
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.

Action-Not Available
Vendor-Siemens AG
Product-scalance_s615scalance_m-800_firmwarescalance_sc-600scalance_sc-600_firmwareruggedcom_rm1224_firmwarescalance_m-800scalance_s615_firmwareruggedcom_rm1224SCALANCE M-800RUGGEDCOM RM1224SCALANCE S615SCALANCE SC-600
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-25663
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.52% / 66.95%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 20:42
Updated-11 Mar, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.

Action-Not Available
Vendor-Siemens AG
Product-nucleus_netcapital_vstarnucleus_readystartnucleus_source_codeNucleus Source CodeNucleus NETCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11Nucleus ReadyStart V4Nucleus ReadyStart V3
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2022-3786
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-21.43% / 95.72%
||
7 Day CHG+0.80%
Published-01 Nov, 2022 | 00:00
Updated-14 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

Action-Not Available
Vendor-Fedora ProjectOpenSSLSiemens AGNode.js (OpenJS Foundation)
Product-opensslfedoranode.jsOpenSSLSCALANCE X204RNA EEC (HSR)Calibre ICESCALANCE X204RNA (HSR)SCALANCE X204RNA EEC (PRP)SIMATIC RTLS Locating ManagerSICAM GridPassMcenterSCALANCE X204RNA (PRP)SCALANCE X204RNA EEC (PRP/HSR)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46283
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.23%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-14 Jan, 2025 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalSIMATIC PCS neoTotally Integrated Automation Portal (TIA Portal) V18Opcenter Execution FoundationOpcenter QualityTotally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V14Totally Integrated Automation Portal (TIA Portal) V15.1SINEC NMS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-38380
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:26
Updated-02 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions < V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions < V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used. An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product.

Action-Not Available
Vendor-Siemens AG
Product-6gk7243-8rx30-0xe0_firmwaresimatic_cp_1243-7_lte_firmware6ag1543-1ax00-2xe0_firmwaresimatic_cp_1243-1_dnp36gk7543-1ax00-0xe0_firmwaresimatic_cp_1243-1_iec_firmwaresimatic_cp_1243-1_firmwaresimatic_cp_1243-1sinamics_s2106gk7243-8rx30-0xe0sinamics_s210_firmwaresimatic_cp_1243-1_dnp3_firmwaresimatic_cp_1242-7_v26ag1543-1ax00-2xe0simatic_cp_1242-7_v2_firmwaresimatic_cp_1243-1_iec6gk7543-1ax00-0xe0simatic_cp_1243-7_lteSIMATIC CP 1243-7 LTESIPLUS NET CP 1543-1SIMATIC CP 1542SP-1SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)SIMATIC CP 1543-1SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)SIPLUS ET 200SP CP 1543SP-1 ISECSINAMICS S210 (6SL5...)SIPLUS ET 200SP CP 1542SP-1 IRC TX RAILSIMATIC CP 1243-8 IRCSIMATIC CP 1542SP-1 IRCSIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)SIMATIC CP 1543SP-1SIMATIC CP 1243-1 (incl. SIPLUS variants)SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-39269
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.72%
||
7 Day CHG-0.10%
Published-08 Aug, 2023 | 09:20
Updated-12 Aug, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100P (32M) V4.X, RUGGEDCOM RSG2100P (32M) V5.X, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2100PNC (32M) V4.X, RUGGEDCOM RSG2100PNC (32M) V5.X, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rsg2488ncruggedcom_rs969ruggedcom_rsg2100_\(32m\)ruggedcom_rsg2100ruggedcom_rsg2300pruggedcom_rsg910cruggedcom_rs416ruggedcom_rs900_\(32m\)ruggedcom_i802ncruggedcom_m969fruggedcom_rosruggedcom_m2100ruggedcom_rs910lncruggedcom_rsg2300fruggedcom_rs900mnc-stnd-xxruggedcom_rs930wruggedcom_rmc8388ruggedcom_rsg2200ruggedcom_rsg2300ncruggedcom_rs969ncruggedcom_rsl910ncruggedcom_m2200fruggedcom_rs1600ruggedcom_rs910lruggedcom_rsg2288ncruggedcom_rs900m-stnd-c01ruggedcom_m969ruggedcom_rs900g_\(32m\)ruggedcom_rsg2200ncruggedcom_rs900m-stnd-xxruggedcom_rsg2100nc\(32m\)ruggedcom_m969ncruggedcom_i801ncruggedcom_rs900nc\(32m\)ruggedcom_rsg2300pfruggedcom_m2100fruggedcom_rsg2488fruggedcom_rsl910ruggedcom_rs900lruggedcom_rs401ncruggedcom_rs900lncruggedcom_rs900m-gets-c01ruggedcom_rs900ncruggedcom_rs900mnc-gets-c01ruggedcom_rs920wruggedcom_rs8000aruggedcom_rs416v2ruggedcom_rst916cruggedcom_rsg2300ruggedcom_rs8000ancruggedcom_rst2228pruggedcom_rs8000ncruggedcom_rsg908cruggedcom_i803ruggedcom_rmc30ncruggedcom_rs930lncruggedcom_rsg2488ruggedcom_rs900gruggedcom_rs416pnc_v2ruggedcom_rs8000tncruggedcom_rsg2288ruggedcom_rs900gfruggedcom_rs940gruggedcom_rsg920pncruggedcom_rsg2100fruggedcom_rmc8388ncruggedcom_rs910ruggedcom_rs930lruggedcom_rsg907rruggedcom_rs1600tncruggedcom_rs900gpncruggedcom_rs8000hncruggedcom_rs900wruggedcom_rp110ncruggedcom_rs900gncruggedcom_rsg2100pncruggedcom_i801ruggedcom_rs940gncruggedcom_rs416pncruggedcom_rsg2100pfruggedcom_rs416ncruggedcom_i800ruggedcom_rs900mnc-gets-xxruggedcom_rs940gfruggedcom_rst2228ruggedcom_i800ncruggedcom_rsg909rruggedcom_rs1600truggedcom_rs401ruggedcom_rs900ruggedcom_rs8000truggedcom_rs416pv2ruggedcom_rs416fruggedcom_rp110ruggedcom_rs920lncruggedcom_i803ncruggedcom_i802ruggedcom_rs910wruggedcom_m2200ncruggedcom_rsg2100pruggedcom_rs900gpfruggedcom_rs8000ruggedcom_rst916pruggedcom_rs900fruggedcom_rsg2200fruggedcom_rs1600ncruggedcom_rsg2100ncruggedcom_rs900gpruggedcom_rs900mnc-stnd-xx-c01ruggedcom_rsg920pruggedcom_rs416pruggedcom_rs900m-gets-xxruggedcom_m2100ncruggedcom_rs1600fruggedcom_m2200ruggedcom_rs416nc_v2ruggedcom_rs400ruggedcom_rs8000hruggedcom_rs1600fncruggedcom_rs416pfruggedcom_rs400fruggedcom_rsg2300pncruggedcom_rs920lruggedcom_rs910ncruggedcom_rs900gnc\(32m\)ruggedcom_rs400ncruggedcom_rmc30RUGGEDCOM RS8000RUGGEDCOM RS900LRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS900MNC-STND-XX-C01RUGGEDCOM RSG920P V4.XRUGGEDCOM RS401NCRUGGEDCOM RSG2100PNC (32M) V4.XRUGGEDCOM RS920LNCRUGGEDCOM RS910LRUGGEDCOM RS930WRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG2288NC V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600RUGGEDCOM i801NCRUGGEDCOM RS940GRUGGEDCOM RSG2100NC(32M) V4.XRUGGEDCOM i800NCRUGGEDCOM RS910RUGGEDCOM RSG908CRUGGEDCOM RS8000NCRUGGEDCOM RS400FRUGGEDCOM RS900NC(32M) V4.XRUGGEDCOM RS920LRUGGEDCOM RMC8388 V4.XRUGGEDCOM RS8000HRUGGEDCOM RS900LNCRUGGEDCOM RS8000TRUGGEDCOM RS910NCRUGGEDCOM RS416PFRUGGEDCOM RS900GRUGGEDCOM M2100FRUGGEDCOM RS900M-STND-XXRUGGEDCOM RS900WRUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900MNC-STND-XXRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG910CRUGGEDCOM RSG2300PFRUGGEDCOM RSG2288 V4.XRUGGEDCOM RS1600NCRUGGEDCOM RS969RUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RSG909RRUGGEDCOM RS416FRUGGEDCOM RS900GPFRUGGEDCOM RSG2100PRUGGEDCOM RS930LNCRUGGEDCOM RS416PRUGGEDCOM RSG920P V5.XRUGGEDCOM RSG2200NCRUGGEDCOM RS8000HNCRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS1600FRUGGEDCOM RS416NCRUGGEDCOM RS930LRUGGEDCOM RSG907RRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS910WRUGGEDCOM RSG2300 V5.XRUGGEDCOM RS940GNCRUGGEDCOM RS900GNCRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RS940GFRUGGEDCOM RS910LNCRUGGEDCOM RSG2288NC V4.XRUGGEDCOM RSG2488 V5.XRUGGEDCOM RMC30RUGGEDCOM RS900GFRUGGEDCOM RS8000ANCRUGGEDCOM RMC8388NC V4.XRUGGEDCOM RS1600TRUGGEDCOM M969FRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RS400NCRUGGEDCOM RS900MNC-GETS-C01RUGGEDCOM RS900M-GETS-C01RUGGEDCOM RSG2488NC V4.XRUGGEDCOM M2200FRUGGEDCOM RP110RUGGEDCOM i801RUGGEDCOM RS416v2 V4.XRUGGEDCOM RS416NCv2 V4.XRUGGEDCOM RS8000TNCRUGGEDCOM RSG2300P V4.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RS920WRUGGEDCOM RS900FRUGGEDCOM M2200RUGGEDCOM RS900MNC-GETS-XXRUGGEDCOM RSG2300NC V5.XRUGGEDCOM RS900GNC(32M) V4.XRUGGEDCOM RS900RUGGEDCOM RSG2100RUGGEDCOM M969NCRUGGEDCOM RS416PNCRUGGEDCOM RS1600FNCRUGGEDCOM RS400RUGGEDCOM RS900NC(32M) V5.XRUGGEDCOM RS1600TNCRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM M969RUGGEDCOM RS416PNCv2 V4.XRUGGEDCOM M2200NCRUGGEDCOM RS8000ARUGGEDCOM i803RUGGEDCOM RSG2100PNCRUGGEDCOM RSG920PNC V5.XRUGGEDCOM RSG2100NCRUGGEDCOM RSG2488FRUGGEDCOM RP110NCRUGGEDCOM RSG2200RUGGEDCOM RSG2488NC V5.XRUGGEDCOM RSL910NCRUGGEDCOM RS969NCRUGGEDCOM RS416RUGGEDCOM RST2228PRUGGEDCOM i800RUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-GETS-XXRUGGEDCOM RST916PRUGGEDCOM RS416PNCv2 V5.XRUGGEDCOM RS416NCv2 V5.XRUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSL910RUGGEDCOM RSG2100PFRUGGEDCOM RS900GPRUGGEDCOM RST916CRUGGEDCOM RS900GPNCRUGGEDCOM RSG2100FRUGGEDCOM RSG2488 V4.XRUGGEDCOM i802RUGGEDCOM RS900GNC(32M) V5.XRUGGEDCOM RST2228RUGGEDCOM RS401RUGGEDCOM RSG2300NC V4.XRUGGEDCOM RSG920PNC V4.XRUGGEDCOM i802NCRUGGEDCOM i803NCRUGGEDCOM M2100RUGGEDCOM RSG2300FRUGGEDCOM RSG2300PNC V4.XRUGGEDCOM RS900NCRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RMC30NCRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RSG2200FRUGGEDCOM M2100NCRUGGEDCOM RSG2100P (32M) V5.X
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-36324
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.54% / 81.38%
||
7 Day CHG+0.47%
Published-10 Aug, 2022 | 11:18
Updated-14 Apr, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xp208_\(eip\)_firmwarescalance_xr528-6m_l3scalance_xc208g_eec_firmwarescalance_m-800_firmwarescalance_xm416-4c_l3scalance_xr-300eecscalance_xc206-2sfp_g_firmwarescalance_xr324wg_firmwarescalance_w700_ieee_802.11ac_firmwarescalance_xc-200scalance_xb208_firmwarescalance_xb213-3ld_firmwarescalance_xc208g_poe_firmwarescalance_xm408-4c_firmwarescalance_xm416-4cscalance_xr528-6m_firmwarescalance_xc206-2scalance_xr528-6m_2hr2_l3scalance_xp208eecscalance_xr552-12m_2hr2_l3scalance_xp-200scalance_xc206-2sfp_eecscalance_xc216_firmwarescalance_xp216_firmwarescalance_xr528-6mscalance_xr526-8c_firmwarescalance_xb216scalance_xr328-4c_wg_firmwarescalance_xr526_firmwarescalance_xr552scalance_xp208eec_firmwarescalance_xf204-2ba_irt_firmwarescalance_xr-300wgscalance_xp208scalance_xc206-2g_poe__firmwarescalance_xr526scalance_xc224_scalance_xr552-12m_firmwarescalance_xr324-4m_poe_firmwarescalance_xm408-4c_l3scalance_xr552-12m_2hr2scalance_xr552-12scalance_xb213-3_firmwarescalance_xf204-2ba_dnascalance_xp208poe_eec_firmwarescalance_xc224-4c_g_eec_firmwarescalance_xr326-2c_poe_wg_firmwarescalance_xp216eec_firmwarescalance_xc208g_\(e\/ip\)scalance_xc224-4c_g_scalance_xm416-4c_l3_firmwarescalance_xr524_firmwarescalance_xr524-8cscalance_xc216scalance_xc224-4c_g_\(e\/ip\)scalance_xc216-4c_g_\(e\/ip\)scalance_xc216-4c_g_\(e\/ip\)_firmwarescalance_xb208scalance_xp216eecscalance_xc208eec_firmwarescalance_xc208gscalance_xr524-8c_l3scalance_xr552-12_firmwarescalance_xr324-4m_eec_firmwarescalance_xc216eec_firmwarescalance_xm408-4cscalance_xr-300eec_firmwarescalance_xr500scalance_xc216-4c_firmwarescalance_xb-200scalance_xb-200_firmwarescalance_xc216eecscalance_w700_ieee_802.11nscalance_xr324-4m_eecscalance_xc216-4c_gscalance_xr324-4m_poe_tsscalance_xc208_firmwarescalance_xp216poe_eec_firmwarescalance_xr528-6m_l3_firmwarescalance_xc224-4c_g_\(e\/ip\)_firmwarescalance_xp208_\(eip\)scalance_xr528scalance_xb205-3ldscalance_xr326-2c_poe_wgscalance_xc216-4c_g_eec_firmwarescalance_xr528-6m_2hr2scalance_xf-200ba_firmwarescalance_xm408-8c_l3scalance_xb205-3ld_firmwarescalance_xc206-2g_poe_scalance_xm408-4c_l3_firmwarescalance_xr552-12mscalance_xm400scalance_xc208eecscalance_xb213-3ldscalance_xr524-8c_firmwarescalance_xr-300poe_firmwarescalance_xr324-12m_firmwarescalance_xr528_firmwarescalance_xr-300_firmwarescalance_xc-200_firmwarescalance_xc224-4c_g_eecscalance_xb205-3scalance_xc206-2sfp_gscalance_xr526-8c_l3_firmwarescalance_xm416-4c_firmwarescalance_xc216-4cscalance_xr324-4m_poescalance_xr528-6m_2hr2_firmwarescalance_xc224-4c_g__firmwarescalance_xr328-4c_wgscalance_xb216_firmwarescalance_xr526-8c_l3scalance_xc208g_firmwarescalance_xr324wgscalance_xc208scalance_xr324-12m_tsscalance_xp216_\(eip\)scalance_xb213-3scalance_xc208g_poescalance_xr500_firmwarescalance_xm408-8c_firmwarescalance_xr-300poescalance_w700_ieee_802.11acscalance_xc206-2sfp_g_\(e\/ip\)_firmwarescalance_xr-300wg_firmwarescalance_xm408-8cscalance_w700_ieee_802.11ax_firmwarescalance_xc206-2sfp_g_eecscalance_xp216scalance_m-800scalance_xr-300scalance_xp208_firmwarescalance_xp208poe_eecscalance_xm408-8c_l3_firmwarescalance_xf-200bascalance_xc208g_\(e\/ip\)_firmwarescalance_xm400_firmwarescalance_xc206-2sfp_g_\(e\/ip\)scalance_xc206-2sfp_eec_firmwarescalance_w700_ieee_802.11axscalance_xf204-2ba_dna_firmwarescalance_w700_ieee_802.11n_firmwarescalance_xc216-4c_g_firmwarescalance_xc208g_eecscalance_xc206-2_firmwarescalance_xp216poe_eecscalance_xr524-8c_l3_firmwarescalance_xr526-8cscalance_xr528-6m_2hr2_l3_firmwarescalance_xp-200_firmwarescalance_s615scalance_xr324-4m_poe_ts_firmwarescalance_xr552-12m_2hr2_l3_firmwarescalance_xc206-2g_poe_eecscalance_xb205-3_firmwarescalance_xr324-12m_ts_firmwarescalance_xr552_firmwarescalance_s615_firmwarescalance_xr524scalance_xp216_\(eip\)_firmwarescalance_xc206-2g_poe_eec_firmwarescalance_xf204-2ba_irtscalance_xr324-12mscalance_xc224__firmwarescalance_xr552-12m_2hr2_firmwarescalance_xc216-4c_g_eecscalance_xc206-2sfp_g_eec_firmwareSCALANCE M876-4 (EU)SCALANCE WAM763-1SCALANCE W1748-1 M12SCALANCE XC224-4C G (EIP Def.)SCALANCE W734-1 RJ45 (USA)SCALANCE XC206-2SFP GSCALANCE XR524-8C, 24VSCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE XC216-4CSCALANCE SC646-2CSCALANCE XC206-2G PoE (54 V DC)SCALANCE XR328-4C WG (28xGE, DC 24V)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE M826-2 SHDSL-RouterSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W1788-2 M12SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE W774-1 M12 EECSCALANCE WUM766-1 (USA)SCALANCE XP216SCALANCE W778-1 M12 EECSCALANCE XP216POE EECSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE SC642-2CSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XC208GSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE SC632-2CSCALANCE XC224SCALANCE XM408-4C (L3 int.)SCALANCE XB213-3 (SC, PN)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XC208G PoE (54 V DC)SCALANCE WAM766-1 EEC (US)SCALANCE W778-1 M12 EEC (USA)SCALANCE W786-2IA RJ45SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE XC208SCALANCE XB208 (E/IP)SCALANCE XR552-12MSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE M876-3 (ROK)SCALANCE MUM853-1 (EU)SCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE WAM766-1 EECSCALANCE XR526-8C, 2x230VSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSCALANCE XR526-8C, 1x230VSCALANCE XR524-8C, 24V (L3 int.)SCALANCE M874-3SCALANCE XM408-8CSCALANCE M876-4 (NAM)SCALANCE W786-2 SFPSCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE XM416-4CSCALANCE XC216-3G PoESCALANCE XR524-8C, 2x230VSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XB205-3LD (SC, E/IP)SCALANCE XC216-4C G EECSCALANCE WUM766-1SCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE MUM856-1 (EU)SCALANCE XC206-2SFP G EECSCALANCE M874-2SCALANCE W734-1 RJ45SCALANCE W748-1 M12SCALANCE XF204-2BA DNASCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE SC626-2CSCALANCE XP208EECSCALANCE XF204 DNASCALANCE XR528-6MSCALANCE WAM766-1SCALANCE W788-1 RJ45SCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE W786-2 RJ45SCALANCE XP208 (Ethernet/IP)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE XB205-3 (ST, PN)SCALANCE XB216 (E/IP)SCALANCE XC208G PoESCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE WAM766-1 (US)SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE M804PBSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE XC206-2SFPSCALANCE SC636-2CSCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE W788-2 M12 EECSCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204SIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SCALANCE SC622-2CSCALANCE WUM763-1SCALANCE MUM856-1 (RoW)SIPLUS NET SCALANCE XC206-2SFPSCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-25661
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.92%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsimatic_hmi_ktp_mobile_panels_ktp400fsimatic_hmi_comfort_outdoor_panels_7\"simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresimatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"simatic_hmi_comfort_panels_4\"_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_outdoor_panels_7\"_firmwaresimatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsimatic_hmi_ktp_mobile_panels_ktp700_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SIMATIC WinCC Runtime Advanced V15
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2023-35921
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.96%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-13 Nov, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv540_s_firmwaresimatic_mv540_ssimatic_mv560_x_firmwaresimatic_mv560_usimatic_mv560_u_firmwaresimatic_mv550_s_firmwaresimatic_mv540_hsimatic_mv550_h_firmwaresimatic_mv550_ssimatic_mv560_xsimatic_mv550_hsimatic_mv540_h_firmwareSIMATIC MV560 USIMATIC MV540 SSIMATIC MV540 HSIMATIC MV550 HSIMATIC MV550 SSIMATIC MV560 Xsimatic_mv540_ssimatic_mv560_usimatic_mv540_hsimatic_mv550_ssimatic_mv560_xsimatic_mv550_h
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-33736
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.60% / 69.52%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.

Action-Not Available
Vendor-Siemens AG
Product-opcenter_qualityOpcenter Quality V13.1Opcenter Quality V13.2
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2022-31812
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.40% / 60.58%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 15:03
Updated-22 Aug, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-sipass_integratedSiPass integrated
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-29884
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.39% / 80.41%
||
7 Day CHG+0.49%
Published-12 Jul, 2022 | 10:06
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-sicam_a8000_cp-8000sicam_a8000_cp-8021_firmwaresicam_a8000_cp-8022sicam_a8000_cp-8000_firmwaresicam_a8000_cp-8021sicam_a8000_cp-8022_firmwareCP-8022 MASTER MODULE WITH GPRSCP-8021 MASTER MODULECP-8000 MASTER MODULE WITH I/O -25/+70°CCP-8000 MASTER MODULE WITH I/O -40/+70°C
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2022-28328
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.70%
||
7 Day CHG-0.18%
Published-12 Apr, 2022 | 09:08
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-scalance_w1788-2ia_m12scalance_w1788-2ia_m12_firmwarescalance_w1788-2_m12_firmwarescalance_w1788-1_m12_firmwarescalance_w1788-2_eec_m12_firmwarescalance_w1788-1_m12scalance_w1788-2_eec_m12scalance_w1788-2_m12SCALANCE W1788-1 M12SCALANCE W1788-2IA M12SCALANCE W1788-2 M12SCALANCE W1788-2 EEC M12
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27194
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.96%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually.

Action-Not Available
Vendor-Siemens AG
Product-simatic_pcs_neototally_integrated_automation_portalsinetplanSIMATIC PCS neo (Administration Console)SINETPLANTIA Portal
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-26380
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.90%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-26649
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.6||CRITICAL
EPSS-1.15% / 78.53%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-21 Apr, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x208_pro_firmwarescalance_x212-2ldscalance_x201-3p_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204irtscalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x204irtscalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x204irt_pro_firmwarescalance_x202-2irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x212-2ld_firmwarescalance_x212-2scalance_xf204_firmwarescalance_x204-2ts_firmwarescalance_xf204-2ba_irtscalance_x216_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_xf208_firmwarescalance_xf202-2p_irt_firmwarescalance_x208_firmwarescalance_x208_proscalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_x202-2irt_firmwarescalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204irt_proscalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_xf204irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_x204irt_firmwarescalance_xf204scalance_x206-1ldscalance_x224_firmwareSCALANCE XF201-3P IRTSCALANCE XF204-2BA IRTSCALANCE X202-2P IRTSCALANCE X202-2P IRT PROSCALANCE X204-2TSSCALANCE X206-1SCALANCE XF204IRTSCALANCE X204IRTSCALANCE X200-4P IRTSCALANCE X224SCALANCE XF208SCALANCE X208SCALANCE XF204-2SCALANCE X204-2LD TSSCALANCE X208PROSCALANCE X204-2LDSCALANCE X204-2SCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE XF206-1SCALANCE X201-3P IRTSCALANCE X206-1LDSCALANCE X212-2SCALANCE XF202-2P IRTSCALANCE X204-2FMSCALANCE XF204SCALANCE X202-2IRTSCALANCE X204IRT PRO
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25751
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.87% / 83.12%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26335
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.87% / 83.12%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-26334
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.87% / 83.12%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 09:07
Updated-03 Aug, 2024 | 05:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_x308-2m_ts_firmwarescalance_x307-3_firmwarescalance_xr324-12mscalance_x310fescalance_x310fe_firmwarescalance_xr324-4m_eecscalance_x308-2ldscalance_x320-1fe_firmwaresiplus_net_scalance_x308-2scalance_xr324-4m_poe_firmwarescalance_x308-2scalance_x307-2eecscalance_xr324-4m_eec_firmwarescalance_x308-2_firmwarescalance_x304-2fe_firmwarescalance_xr324-12m_ts_firmwarescalance_x306-1ldfe_firmwarescalance_x307-2eec_firmwarescalance_x320-1-2ldfesiplus_net_scalance_x308-2_firmwarescalance_x308-2lh_firmwarescalance_x302-7eec_firmwarescalance_x308-2lhscalance_x307-3ld_firmwarescalance_x310scalance_x320-1-2ldfe_firmwarescalance_xr324-12m_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2lh\+scalance_x310_firmwarescalance_x308-2m_poescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xr324-12m_tsscalance_x308-2m_tsscalance_x308-2m_firmwarescalance_x320-1fescalance_x408-2scalance_xr324-4m_poescalance_x306-1ldfescalance_x307-3ldscalance_x308-2mscalance_x408-2_firmwarescalance_x307-3scalance_x304-2fescalance_xr324-4m_poe_tsscalance_xr324-4m_poe_ts_firmwarescalance_x302-7eecSCALANCE XR324-12M TS (24V)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE XR324-4M EEC (24V, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X307-3SCALANCE X308-2MSCALANCE XR324-12M (24V, ports on rear)SCALANCE X308-2SCALANCE X308-2M PoESCALANCE X310FESCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE X308-2LH+SCALANCE X302-7 EEC (24V, coated)SCALANCE X307-2 EEC (230V, coated)SCALANCE X307-3LDSCALANCE X308-2LHSCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR324-4M PoE (24V, ports on front)SCALANCE X302-7 EEC (2x 230V)SCALANCE X408-2SIPLUS NET SCALANCE X308-2SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE X302-7 EEC (230V)SCALANCE X307-2 EEC (24V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SCALANCE X302-7 EEC (2x 24V, coated)SCALANCE X308-2LDSCALANCE X307-2 EEC (24V)SCALANCE X304-2FESCALANCE X310SCALANCE X307-2 EEC (2x 24V)SCALANCE X307-2 EEC (230V)SCALANCE XR324-12M (24V, ports on front)SCALANCE X320-1 FESCALANCE X302-7 EEC (2x 24V)SCALANCE X306-1LD FESCALANCE X308-2M TSSCALANCE XR324-4M PoE (230V, ports on front)SCALANCE X307-2 EEC (2x 230V)SCALANCE X302-7 EEC (24V)SCALANCE X302-7 EEC (230V, coated)SCALANCE X302-7 EEC (2x 230V, coated)SCALANCE X320-1-2LD FESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SCALANCE XR324-12M (230V, ports on front)SCALANCE XR324-4M EEC (2x 24V, ports on front)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25622
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 00:00
Updated-21 Apr, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

Action-Not Available
Vendor-Siemens AG
Product-simatic_tdc_cpu555_firmwaresimatic_tdc_cp51m1_firmwaresimatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-1500_cpusimatic_cfu_pasimatic_tdc_cp51m1simatic_s7-400_pn\/dp_v7simatic_s7-410_v8_firmwaresimatic_s7-1500_cpu_firmwaresimatic_cfu_diqsimatic_s7-400h_v6_firmwaresimatic_tdc_cpu555simatic_winac_rtxsimit_simulation_platformsimatic_cfu_diq_firmwaresimatic_s7-400h_v6simatic_s7-410_v10simatic_s7-410_v8simatic_s7-300_cpu_firmwaresimatic_s7-410_v10_firmwaresimatic_winac_rtx_firmwaresimatic_cfu_pa_firmwaresimatic_s7-300_cpuSINAMICS S110SIMATIC CFU DIQSIMATIC ET 200pro IM 154-8F PN/DP CPUSIMATIC ET 200SP IM 155-6 PN HFSIMATIC TDC CP51M1SINAMICS G115DSIMATIC ET200ecoPN, AI 8xRTD/TC, M12-LSIMATIC S7-300 CPU 315F-2 PN/DPSINAMICS V90SIMATIC S7-400 CPU 414F-3 PN/DP V7SIPLUS ET 200S IM 151-8 PN/DP CPUSIMATIC ET200ecoPN, CM 4x IO-Link, M12-LSIMATIC S7-400 CPU 416F-3 PN/DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7SIMATIC S7-300 CPU 315-2 PN/DPSIMATIC ET 200MP IM 155-5 PN HFSINAMICS S150SIMATIC S7-300 CPU 319-3 PN/DPSINAMICS G120 (incl. SIPLUS variants)SIPLUS S7-300 CPU 317F-2 PN/DPSIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-LSIMATIC PN/PN CouplerSIMATIC WinAC RTX F 2010SIMATIC TDC CPU555SIMATIC CFU PASIMATIC ET 200S IM 151-8F PN/DP CPUSINAMICS S210 (6SL5...)SINAMICS G110MSIPLUS HCS4300 CIM4310SIMATIC ET200ecoPN, CM 8x IO-Link, M12-LSIMATIC S7-300 CPU 317F-2 PN/DPSIPLUS ET 200SP IM 155-6 PN HFSIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS S7-300 CPU 315-2 PN/DPSIMATIC S7-400 CPU 414-3 PN/DP V7SIMATIC ET200ecoPN, DI 16x24VDC, M12-LSIPLUS S7-300 CPU 314C-2 PN/DPSIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC ET200ecoPN, DI 8x24VDC, M12-LSIPLUS HCS4200 CIM4210CSIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-LSIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC ET 200pro IM 154-8FX PN/DP CPUSINAMICS G150SIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIMATIC S7-300 CPU 315T-3 PN/DPSINAMICS S120 (incl. SIPLUS variants)SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC S7-300 CPU 317-2 PN/DPSIPLUS ET 200MP IM 155-5 PN HFSINAMICS DCMSIMATIC ET 200SP IM 155-6 PN/3 HFSIMATIC S7-300 CPU 319F-3 PN/DPSIPLUS NET PN/PN CouplerSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC ET 200pro IM 154-8 PN/DP CPUSIMATIC S7-300 CPU 317T-3 PN/DPSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIMATIC ET 200SP IM 155-6 PN/2 HFSIMATIC ET 200SP IM 155-6 MF HFSIMATIC ET 200S IM 151-8 PN/DP CPUSIPLUS HCS4200 CIM4210SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)SIMATIC S7-400 CPU 416-3 PN/DP V7SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SIMATIC S7-300 CPU 317TF-3 PN/DPSIMATIC PN/MF CouplerSIMATIC WinAC RTX 2010SINAMICS G130SIPLUS ET 200S IM 151-8F PN/DP CPUSIMATIC S7-400 CPU 412-2 PN V7SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SIMATIC ET 200AL IM 157-1 PNSIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-26648
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.87% / 75.26%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 10:06
Updated-21 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_xf201-3p_irtscalance_x208_pro_firmwarescalance_x212-2ldscalance_x201-3p_irtscalance_x204-2ldscalance_xf208scalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_xf204irtscalance_xf204-2ba_irt_firmwarescalance_x206-1scalance_x204-2ld_ts_firmwarescalance_x204irtscalance_x201-3p_irt_proscalance_x204-2fmscalance_x204-2ld_tsscalance_x208scalance_x200-4p_irtscalance_x204irt_pro_firmwarescalance_x202-2irtscalance_x202-2p_irtscalance_x204-2scalance_x224scalance_x206-1_firmwarescalance_x204-2_firmwarescalance_xf204-2scalance_xf206-1scalance_x202-2p_irt_firmwarescalance_x206-1ld_firmwarescalance_x212-2ld_firmwarescalance_x212-2scalance_xf204_firmwarescalance_x204-2ts_firmwarescalance_xf204-2ba_irtscalance_x216_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_xf208_firmwarescalance_xf202-2p_irt_firmwarescalance_x208_firmwarescalance_x208_proscalance_xf204-2_firmwarescalance_x202-2p_irt_proscalance_x202-2irt_firmwarescalance_xf202-2p_irtscalance_x200-4p_irt_firmwarescalance_x204irt_proscalance_x216scalance_xf201-3p_irt_firmwarescalance_x204-2fm_firmwarescalance_x204-2tsscalance_xf204irt_firmwarescalance_x201-3p_irt_pro_firmwarescalance_x204irt_firmwarescalance_xf204scalance_x206-1ldscalance_x224_firmwareSCALANCE XF201-3P IRTSCALANCE XF204-2BA IRTSCALANCE X202-2P IRTSCALANCE X202-2P IRT PROSCALANCE X204-2TSSCALANCE X206-1SCALANCE XF204IRTSCALANCE X204IRTSCALANCE X200-4P IRTSCALANCE X224SCALANCE XF208SCALANCE X208SCALANCE XF204-2SCALANCE X204-2LD TSSCALANCE X208PROSCALANCE X204-2LDSCALANCE X204-2SCALANCE X216SCALANCE X212-2LDSCALANCE X201-3P IRT PROSCALANCE XF206-1SCALANCE X201-3P IRTSCALANCE X206-1LDSCALANCE X212-2SCALANCE XF202-2P IRTSCALANCE X204-2FMSCALANCE XF204SCALANCE X202-2IRTSCALANCE X204IRT PRO
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-16556
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400_firmwaresimatic_s7-400h_v6simatic_s7-400simatic_s7-400_pn\/dp_v7simatic_s7-410_firmwaresimatic_s7-400h_firmwaresimatic_s7-410simatic_s7-400h_v6_firmwaresimatic_s7-400h SIMATIC S7-400 CPU 412-2 DP V7 SIMATIC S7-400 CPU 414F-3 PN/DP V7 SIMATIC S7-400 CPU 416-3 DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7 SIMATIC S7-400 CPU 416F-3 PN/DP V7 SIMATIC S7-400 CPU 416F-2 DP V7 SIMATIC S7-400 CPU 414-2 DP V7SIPLUS S7-400 CPU 416-3 V7SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SIMATIC S7-410 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 417-4 DP V7SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-2 DP V7 SIMATIC S7-400 CPU 414-3 PN/DP V7 SIMATIC S7-400 CPU 414-3 DP V7SIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-400 CPU 417-4 V7 SIMATIC S7-400 CPU 412-1 DP V7SIMATIC S7-400 CPU 412-2 PN V7
CWE ID-CWE-20
Improper Input Validation
CVE-2018-16557
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.09% / 25.99%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-400_pn\/dp_v7_firmwaresimatic_s7-400_firmwaresimatic_s7-400simatic_s7-400_pn\/dp_v7simatic_s7-410_firmwaresimatic_s7-400h_firmwaresimatic_s7-410simatic_s7-400h SIMATIC S7-400 CPU 412-2 DP V7 SIMATIC S7-400 CPU 414F-3 PN/DP V7 SIMATIC S7-400 CPU 416-3 DP V7SIPLUS S7-400 CPU 416-3 PN/DP V7 SIMATIC S7-400 CPU 416F-3 PN/DP V7 SIMATIC S7-400 CPU 416F-2 DP V7 SIMATIC S7-400 CPU 414-2 DP V7SIPLUS S7-400 CPU 416-3 V7SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SIMATIC S7-410 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 417-4 DP V7SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-2 DP V7 SIMATIC S7-400 CPU 414-3 PN/DP V7 SIMATIC S7-400 CPU 414-3 DP V7SIPLUS S7-400 CPU 414-3 PN/DP V7SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) SIMATIC S7-400 CPU 416-3 PN/DP V7SIPLUS S7-400 CPU 417-4 V7 SIMATIC S7-400 CPU 412-1 DP V7SIMATIC S7-400 CPU 412-2 PN V7
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-52504
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.15% / 36.12%
||
7 Day CHG+0.01%
Published-12 Aug, 2025 | 11:16
Updated-12 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.

Action-Not Available
Vendor-Siemens AG
Product-SIPROTEC 4 Compact 7RW80SIPROTEC 4 Compact 7SD80SIPROTEC 4 7VU683SIPROTEC 4 7SA522SIPROTEC 4 6MD63SIPROTEC 4 7SD610SIPROTEC 4 7SA6SIPROTEC 4 7UT612SIPROTEC 4 7UT613SIPROTEC 4 Compact 7SJ80SIPROTEC 4 6MD66SIPROTEC 4 7VK61SIPROTEC 4 Compact 7SK80SIPROTEC 4 6MD61SIPROTEC 4 Compact 7SK81SIPROTEC 4 7ST6SIPROTEC 4 7VE6SIPROTEC 4 7SJ66SIPROTEC 4 6MD665SIPROTEC 4 7SD5SIPROTEC 4 7UT63SIPROTEC 4 7SJ61SIPROTEC 4 7SJ62SIPROTEC 4 7SS52SIPROTEC 4 7SJ63SIPROTEC 4 7UM61SIPROTEC 4 7UM62SIPROTEC 4 Compact 7SJ81SIPROTEC 4 7SJ64
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-0778
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-7.5||HIGH
EPSS-7.13% / 91.56%
||
7 Day CHG-0.99%
Published-15 Mar, 2022 | 17:05
Updated-14 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinite loop in BN_mod_sqrt() reachable when parsing certificates

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Action-Not Available
Vendor-Debian GNU/LinuxTenable, Inc.NetApp, Inc.MariaDB FoundationFedora ProjectOpenSSLSiemens AGNode.js (OpenJS Foundation)
Product-debian_linuxsantricity_smi-s_providernode.jsopenssla250mariadb500fclustered_data_ontap500f_firmwarea250_firmwarenessusclustered_data_ontap_antivirus_connectorstoragegridfedoracloud_volumes_ontap_mediatorOpenSSLSCALANCE WAM763-1SCALANCE X302-7 EEC (230V)SCALANCE W1748-1 M12SCALANCE X310FESCALANCE W734-1 RJ45 (USA)RUGGEDCOM ROX RX1400SIMATIC MV540 SSCALANCE XR524-8C, 24VSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-1500 CPU 1517F-3 PN/DPSCALANCE XR324-12M TS (24V)SIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1215C DC/DC/RlySIMATIC RF650RSIPLUS NET SCALANCE XC206-2SCALANCE XC206-2G PoE (54 V DC)SCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XR324-4M EEC (24V, ports on front)SINAMICS Startdrive V16SCALANCE XP216EECSIMATIC S7-1500 CPU 1513-1 PNSCALANCE XC216EECSINAUT ST7CCSCALANCE X208PROSCALANCE XR324WG (24 x FE, AC 230V)SIMATIC Drive Controller CPU 1507D TFSIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC RF680RRUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1512SIMATIC PCS 7 TeleControlSCALANCE XR552-12M (2HR2, L3 int.)SIMATIC S7-1200 CPU 1211C DC/DC/DCSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SIPLUS ET 200SP CPU 1512SP F-1 PNSIRIUS Soft Starter ES V16 (TIA Portal)SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSIPLUS S7-1500 CPU 1518HF-4 PNSIPLUS NET CP 443-1 AdvancedSCALANCE X302-7 EEC (2x 230V, coated)SIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1518HF-4 PNSIPLUS NET CP 1242-7 V2SCALANCE WUM766-1 (USA)SCALANCE XP216SIMATIC CP 443-1 AdvancedSIMATIC NET PC Software V14SCALANCE XR324-4M EEC (2x 24V, ports on front)SIMATIC MV550 SSCALANCE XP216POE EECSCALANCE X306-1LD FESCALANCE X307-2 EEC (24V)SCALANCE X201-3P IRTSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE W1750D (JP)SCALANCE X202-2P IRT PROIndustrial Edge - SIMATIC S7 Connector AppSCALANCE SC642-2CSCALANCE XR526-8C, 24V (L3 int.)SIPLUS S7-1500 CPU 1515F-2 PNSIMATIC CP 1543-1SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE XC224SCALANCE XM408-4C (L3 int.)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XC208G PoE (54 V DC)SCALANCE X307-2 EEC (2x 230V)SCALANCE X308-2M PoESCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE W786-2IA RJ45SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSCALANCE XB213-3 (SC, E/IP)SIMATIC Drive Controller CPU 1504D TFSCALANCE XR526-8C, 24VSCALANCE X200-4P IRTSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1200 CPU 1212C DC/DC/RlySCALANCE XB208 (E/IP)SIPLUS S7-1200 CPU 1214 AC/DC/RLYSCALANCE XP216 (Ethernet/IP)SIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSCALANCE XB205-3 (ST, E/IP)SIMATIC RF186CSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSCALANCE MUM853-1 (EU)RUGGEDCOM CROSSBOW Station Access Controller (SAC)SCALANCE W1750D (ROW)Security Configuration Tool (SCT)SCALANCE X212-2SIMATIC S7-1500 CPU 1517-3 PN/DPSIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC CP 343-1 AdvancedSCALANCE XF204-2BASCALANCE XR326-2C PoE WGSIMATIC STEP 7 V5TIA AdministratorSCALANCE W774-1 RJ45 (USA)SCALANCE X308-2LDSINAUT Software ST7scSCALANCE XC216-3G PoE (54 V DC)SCALANCE WAM766-1 EECSCALANCE XR526-8C, 2x230VSIMOTIONSCALANCE XC206-2SFP G (EIP DEF.)SIMATIC Process Historian OPC UA ServerSCALANCE XR526-8C, 1x230VSINEC INSSCALANCE XR524-8C, 24V (L3 int.)SCALANCE X408-2SCALANCE XM408-8CSCALANCE M874-3SCALANCE X302-7 EEC (24V, coated)SCALANCE M876-4 (NAM)SCALANCE X202-2IRTSIMATIC S7-1200 CPU 1214C DC/DC/RlySCALANCE X212-2LDSIMATIC Cloud Connect 7 CC712SIPLUS S7-1500 CPU 1515R-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE X206-1LDSCALANCE XC216-3G PoESIMATIC STEP 7 V17SIMATIC CP 1628SINAMICS DCC V15.1SCALANCE XR528-6M (2HR2, L3 int.)SIMATIC CP 1243-1SIMATIC RF685RSCALANCE XR324-4M PoE (24V, ports on rear)SIPLUS ET 200SP CPU 1512SP-1 PN RAILSCALANCE X206-1SCALANCE XC216-4C G EECSCALANCE WUM766-1SCALANCE XC216-4C GSIPLUS S7-1500 CPU 1516-3 PN/DPSCALANCE XB213-3LD (SC, E/IP)SCALANCE XR524-8C, 1x230VSCALANCE W788-2 RJ45SCALANCE XF204-2SCALANCE MUM856-1 (EU)SCALANCE X308-2MSCALANCE XC206-2SFP G EECSIMATIC CP 1243-7 LTE USSCALANCE W734-1 RJ45SCALANCE W748-1 M12SIMATIC S7-1200 CPU 1215C DC/DC/DCSCALANCE XF204-2BA DNASCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR526-8C, 2x230V (L3 int.)SIMATIC WinCC V15.1SIMATIC S7-1200 CPU 1214C DC/DC/DCSIMATIC HMI Unified Comfort Panels familySCALANCE X320-1 FESIMATIC S7-1500 CPU 1515R-2 PNSIRIUS Soft Starter ES V17 (TIA Portal)SCALANCE X307-2 EEC (230V, coated)SIMATIC S7-1500 Software Controller V2SCALANCE X307-2 EEC (2x 230V, coated)SIPLUS S7-1200 CPU 1214C AC/DC/RLYSIMATIC S7-1500 CPU 1517H-3 PNSCALANCE XF202-2P IRTSCALANCE XR528-6MRUGGEDCOM ROX MX5000SIMATIC S7-1200 CPU 1211C AC/DC/RlySINAMICS DCC V16SIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1200 CP 1243-1SCALANCE W788-1 RJ45RUGGEDCOM ROX RX1511SIMATIC S7-1500 CPU 1518-4 PN/DPSCALANCE X307-2 EEC (2x 24V, coated)SIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSCALANCE XP208 (Ethernet/IP)SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSCALANCE XB205-3 (ST, PN)SIMATIC S7-1200 CPU 1212C AC/DC/RlySCALANCE XB216 (E/IP)SIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1517T-3 PN/DPSIMATIC RF188CISCALANCE X302-7 EEC (230V, coated)RUGGEDCOM ROX RX1510SCALANCE XC208G PoESINEC NMSSCALANCE XR524-8C, 2x230V (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSCALANCE WAM766-1 (US)SCALANCE W788-1 M12SIMATIC S7-1500 CPU 1512C-1 PNSCALANCE XC206-2G PoE EEC (54 V DC)SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC WinCC V7.5RUGGEDCOM ROX RX1501SCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE XB216 (PN)SCALANCE XC216SIPLUS NET SCALANCE XC216-4CSCALANCE XF204SIMATIC S7-1500 CPU 1511F-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSCALANCE XB205-3LD (SC, PN)SCALANCE SC622-2CRUGGEDCOM ROX MX5000RESIMATIC RF610RSCALANCE WUM763-1SIMATIC S7-1200 CPU 1212FC DC/DC/RlySIPLUS S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1513R-1 PNSCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE X304-2FESIMATIC S7-1500 CPU 1518T-4 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSCALANCE XC208G EECSCALANCE XR328-4C WG (28xGE, AC 230V)SIMATIC S7-1500 CPU 1515TF-2 PNSCALANCE X224SCALANCE X308-2SIMATIC ET 200SP CPU 1510SP F-1 PNRUGGEDCOM RM1224 LTE(4G) NAMSIMATIC S7-1500 CPU 1511T-1 PNSIMOCODE ES V16SIPLUS S7-1500 CPU 1516-3 PN/DP RAILSCALANCE X204IRTSCALANCE X204-2LD TSSCALANCE X204-2FMSCALANCE M876-4 (EU)SIMATIC S7-1500 CPU 1517TF-3 PN/DPSCALANCE XC224-4C G (EIP Def.)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE XC206-2SFP GSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC CP 1542SP-1SCALANCE X302-7 EEC (2x 24V)SIMATIC PDMSCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE X307-3SCALANCE XF201-3P IRTSCALANCE XC216-4CSIPLUS ET 200SP CP 1543SP-1 ISEC TX RAILSIPLUS S7-1200 CPU 1212C AC/DC/RLYSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SCALANCE XR324-12M (230V, ports on rear)SCALANCE XF206-1SCALANCE SC646-2CRUGGEDCOM ROX RX1536SCALANCE X201-3P IRT PROSCALANCE X308-2LHSCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSCALANCE M826-2 SHDSL-RouterSIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSCALANCE W1788-2 M12SIMATIC WinCC V7.3SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X202-2P IRTSCALANCE W1750D (USA)SIMATIC PCS 7 V9.1SCALANCE W774-1 M12 EECRUGGEDCOM ROX RX1524SIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1200 CPU 1211C DC/DC/RlySIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIMATIC WinCC V17SIPLUS S7-1200 CPU 1215C DC/DC/DCSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SIMATIC S7-1200 CPU 1214C AC/DC/RlySCALANCE LPE9403SIMATIC S7-1200 CPU 1212FC DC/DC/DCSIPLUS NET SCALANCE X202-2P IRTSINAMICS Startdrive V15.1SCALANCE W778-1 M12 EECSCALANCE XR324-12M (230V, ports on front)SIMATIC S7-1200 CPU 1217C DC/DC/DCTeleControl Server Basic V3SCALANCE XR324-4M PoE (24V, ports on front)SIMATIC Logon V1.6SIMATIC CP 1242-7 V2SIMATIC MV540 HSIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC S7-1500 CPU 1515F-2 PNSCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE X307-2 EEC (2x 24V)SIMOCODE ES V15.1SCALANCE XC208GSIMATIC RF360RSCALANCE SC632-2CSCALANCE XB213-3 (SC, PN)SIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC MV550 HTIA Portal Cloud V16SCALANCE XF208SIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC CP 443-1 OPC UASCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SIPLUS ET 200SP CPU 1512SP F-1 PN RAILSCALANCE XF204IRTSCALANCE WAM766-1 EEC (US)SIMATIC CP 1243-8 IRCSIRIUS Safety ES V17 (TIA Portal)SCALANCE W778-1 M12 EEC (USA)SIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-PLCSIM AdvancedSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1200 CPU 1215 DC/DC/RLYSCALANCE X320-1-2LD FESIRIUS Soft Starter ES V15.1 (TIA Portal)SCALANCE XC208SIMATIC S7-1200 CPU 1214FC DC/DC/RlySIPLUS ET 200SP CP 1543SP-1 ISECSCALANCE XR552-12MSIMATIC CP 1543SP-1SIMATIC CP 1626SINAMICS Startdrive V17SCALANCE M876-3 (ROK)SIMATIC S7-1200 CPU 1214FC DC/DC/DCSIMATIC S7-1500 CPU 1516T-3 PN/DPSIPLUS S7-1200 CPU 1212C DC/DC/DCSIMOTION SCOUT TIA V5.4SCALANCE X216SIPLUS S7-1500 CPU 1513F-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIMATIC RF185CSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE XR324-12M (24V, ports on front)SCALANCE X204-2LDSCALANCE X204-2TSSCALANCE X308-2 RD (inkl. SIPLUS variants)SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC PCS 7 V9.0SIMATIC RF166CSIPLUS S7-1500 CPU 1511-1 PN TX RAILSCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSIMATIC WinCC V16SIPLUS S7-1500 CPU 1511F-1 PNSIMATIC S7-1200 CPU 1215C AC/DC/RlySIMATIC ET 200SP CPU 1512SP-1 PNBFCClientSIMATIC NET PC Software V15SCALANCE S615 EEC LAN-RouterSIMATIC S7-1200 CPU 1215FC DC/DC/RlySCALANCE W786-2 SFPTIA Portal Cloud V17SCALANCE X302-7 EEC (2x 24V, coated)SIMATIC MV560 XSCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE X308-2LH+SIPLUS NET CP 343-1 AdvancedSCALANCE XM416-4CSCALANCE X204IRT PROSIMATIC MV560 USIMATIC RF186CISCALANCE XR524-8C, 2x230VSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSCALANCE X204-2SIMATIC STEP 7 V15.1SCALANCE XB205-3LD (SC, E/IP)SIMATIC Cloud Connect 7 CC716Industrial Edge - OPC UA ConnectorSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIPLUS S7-1200 CPU 1214 DC/DC/RLYSCALANCE XR326-2C PoE WG (without UL)SCALANCE W721-1 RJ45SCALANCE XR324WG (24 X FE, DC 24V)SIMOCODE ES V17SCALANCE W748-1 RJ45SCALANCE XR524-8C, 1x230V (L3 int.)SIMATIC RF188CSCALANCE XR324-12M (24V, ports on rear)SIPLUS S7-1200 CPU 1214C DC/DC/DCSIMATIC CP 1243-7 LTE EUSCALANCE XF204-2BA IRTSIMATIC NET PC Software V17OpenPCS 7 V9.1SIPLUS ET 200SP CPU 1510SP-1 PNOpenPCS 7 V8.2SCALANCE M874-2SIMATIC STEP 7 V16SIMATIC S7-1200 CPU 1215FC DC/DC/DCSCALANCE XC224-4C GSCALANCE XB213-3LD (SC, PN)SIMATIC S7-1500 CPU 1515-2 PNSCALANCE X302-7 EEC (2x 230V)SCALANCE XP208EECSCALANCE XF204 DNASCALANCE X307-3LDSIMATIC RF615RRUGGEDCOM ROX RX1500SCALANCE X310SIMATIC S7-1500 CPU 1518TF-4 PN/DPSCALANCE WAM766-1SIMATIC S7-1500 CPU 1518F-4 PN/DPSINEMA Remote Connect ServerSCALANCE XR324-4M PoE (230V, ports on front)SIPLUS S7-1200 CPU 1215 DC/DC/DCSIMATIC PCS 7 V8.2SCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE X208SIMATIC ET 200SP CPU 1512SP F-1 PNSCALANCE W786-2 RJ45SIMATIC S7-1500 CPU 1513F-1 PNRUGGEDCOM RM1224 LTE(4G) EUSIMATIC NET PC Software V16SIPLUS S7-1200 CPU 1212 AC/DC/RLYSCALANCE X302-7 EEC (24V)SCALANCE X308-2M TSSIMOTION SCOUT TIA V5.3SIMATIC WinCC Unified (TIA Portal)SCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSIMATIC PCS neo (Administration Console)SIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSCALANCE M804PBSIMATIC CP 1545-1SCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE M876-4SCALANCE SC636-2CSCALANCE XC206-2SFPSIMATIC WinCC V7.4SCALANCE W788-2 M12 EECSIPLUS S7-1200 CP 1243-1 RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSCALANCE X307-2 EEC (24V, coated)SCALANCE MUM856-1 (RoW)TIM 1531 IRCSIPLUS NET SCALANCE XC206-2SFPSIPLUS NET CP 1543-1SCALANCE X307-2 EEC (230V)SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIPLUS TIM 1531 IRCSIPLUS ET 200SP CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPOpenPCS 7 V9.0
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-44694
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.20%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_s7-1500_cpu_1507ssimatic_s7-1200_cpu_12_1214fcsimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511csimatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pc_firmwaresimatic_s7-1200_cpu_12_1214c_firmwaresimatic_s7-1200_cpu_12_1211csimatic_s7-1500_cpu_1508s_f_firmwaresimatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1512spf-1simatic_s7-1500_cpu_1513-1simatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1517-3_pnsimatic_s7-1500_cpu_1515-2_pn_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dpsimatic_s7-1500_cpu_1513r-1simatic_s7-1200_cpu_1215_fcsimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1500_cpu_1517f-3_pn\/dp_firmwaresimatic_s7-1200_cpu_12_1215csimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1511-1_pnsimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1518f-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1500_cpu_1518-4_pn_firmwaresiplus_tim_1531_irc_firmwaresimatic_s7-1500_cpu_1518-4_dp_firmwaresimatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1511f-1_pn_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dpsimatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1508s_fsimatic_s7-1500_cpu_15prof-2_firmwaresimatic_s7-1500_cpu_1513f-1_pnsimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517-3_pn_firmwaresimatic_s7-1500_cpu_1517-3_dpsimatic_s7-1200_cpu_12_1214csimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1214csiplus_tim_1531_ircsimatic_s7-1500_cpu_15prof-2simatic_s7-1500_cpu_1516tf-3simatic_s7-1500_cpu_1516f-3_pn\/dp_firmwaresimatic_s7-1500_cpu_151511f-1_firmwaresimatic_s7-1500_cpu_1507s_f_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1511t-1simatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1515-2_pnsimatic_s7-1200_cpu_1214_fcsimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaretim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1516-3_pnsimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1518f-4_pn\/dpsimatic_s7-1500_cpu_1508s_firmwaresimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1200_cpu_12_1212fcsimatic_s7-1500_cpu_151511c-1simatic_s7-1500_cpu_1518tf-4_firmwaresiplus_s7-1200_cp_1243-1simatic_s7-1500_cpu_1511f-1_pnsimatic_s7-1500_cpu_1507s_fsimatic_s7-1500_cpu_1518simatic_s7-1500_cpu_1513-1_pn_firmwaresimatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pcsimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_pn_firmwaresiplus_et_200sp_cp_1543sp-1_isec_firmwaresimatic_s7-1500_cpu_1518_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1214_fc_firmwaresiplus_s7-1200_cp_1243-1_railsimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpsiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_s7-1200_cpu_1215_fc_firmwaresimatic_s7-1200_cpu_12_1215fc_firmwaresimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_15pro-2simatic_s7-1500_cpu_1518-4_pnsimatic_s7-1200_cpu_12_1212c_firmwaresimatic_s7-1200_cpu_12_1212fc_firmwaresimatic_s7-1500_cpu_1511-1_pn_firmwaresimatic_s7-1500_cpu_15pro-2_firmwaresimatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1500_cpu_151511c-1_firmwaresimatic_s7-1200_cpu_12_1217csimatic_s7-1500_cpu_1518-4_pn\/dp_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1200_cpu_12_1217c_firmwaresimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_151511f-1simatic_s7-1500_software_controller_firmwaresimatic_s7-1500_cpu_1511-1simatic_s7-1500_cpu_1518-4_dpsimatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1513-1_pnsimatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1200_cpu_12_1215fcsiplus_et_200sp_cp_1543sp-1_isecsimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1512csimatic_s7-1500_cpu_1516f-3_pn\/dpsimatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_railsimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_12_1214fc_firmwaresimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1517-3_dp_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1200_cpu_12_1212csimatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515tf-2siplus_s7-1200_cp_1243-1_rail_firmwaresimatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1518-4_pn\/dpsiplus_s7-1200_cp_1243-1_firmwaresimatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1517-3_pn\/dp_firmwaresimatic_s7-1500_cpu_1516-3_dpsimatic_s7-1500_cpu_1508ssimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3_pn\/dpsimatic_s7-1500_cpu_1515f-2_pn_firmwaresimatic_s7-1500_cpu_1515t-2_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_railsimatic_s7-1500_cpu_1516-3_dp_firmwaresimatic_s7-1200_cpu_12_1215c_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_1515f-2simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2_pnsimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1500_cpu_1516-3_pn_firmwaresimatic_s7-1200_cpu_12_1211c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-1500_cpu_1507s_firmwaresimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518t-4SIMATIC S7-1500 CPU 1512C-1 PNSIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 CPU 1511T-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1510SP-1 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1511TF-1 PNSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1517H-3 PNSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 CPU 1518HF-4 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-PLCSIM AdvancedSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1517H-3 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 CPU 1511C-1 PNSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC Drive Controller CPU 1507D TFSIMATIC Drive Controller CPU 1504D TFSIMATIC S7-1500 CPU 1513R-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1512SP F-1 PNTIM 1531 IRCSIPLUS S7-1500 CPU 1511F-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 Software Controller V2SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1513-1 PNSIPLUS ET 200SP CPU 1510SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIPLUS ET 200SP CPU 1510SP-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIPLUS S7-1500 CPU 1515R-2 PN TX RAILSIMATIC S7-1500 CPU 1512SP-1 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSIMATIC S7-1500 CPU 1511-1 PNSIMATIC S7-1500 CPU 1517T-3 PN/DPSIPLUS S7-1500 CPU 1518HF-4 PNSIPLUS S7-1500 CPU 1513-1 PNSIPLUS S7-1500 CPU 1515R-2 PNSIMATIC S7-1500 CPU 1513F-1 PNSIMATIC S7-1500 CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIPLUS S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37182
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.34%
||
7 Day CHG-0.14%
Published-14 Jun, 2022 | 09:21
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xm408-8cscalance_xr552-12m_2hr2_firmwarescalance_xr524-8c_l3_firmwarescalance_xr528-6mscalance_xm416-4cscalance_xm408-4c_firmwarescalance_xr552-12m_2hr2_l3_firmwarescalance_xm408-4c_l3_firmwarescalance_xr526-8c_l3scalance_xm408-8c_l3scalance_xr528-6m_2hr2_firmwarescalance_xr526-8c_l3_firmwarescalance_xr528-6m_2hr2scalance_xr528-6m_2hr2_l3_firmwarescalance_xm408-8c_firmwarescalance_xr528-6m_l3scalance_xr528-6m_firmwarescalance_xm416-4c_l3scalance_xr552-12m_2hr2_l3scalance_xm416-4c_firmwarescalance_xr524-8cscalance_xr528-6m_2hr2_l3scalance_xr552-12m_firmwarescalance_xr524-8c_firmwarescalance_xm408-4cscalance_xr552-12mscalance_xm416-4c_l3_firmwarescalance_xr526-8c_firmwarescalance_xm408-8c_l3_firmwarescalance_xr524-8c_l3scalance_xm408-4c_l3scalance_xr552-12m_2hr2scalance_xr526-8cscalance_xr528-6m_l3_firmwareSCALANCE XR526-8C, 1x230VSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XR524-8C, 24VSCALANCE XM408-4CSCALANCE XM416-4C (L3 int.)SCALANCE XR552-12M (2HR2)SCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE XR524-8C, 2x230VSCALANCE XR526-8C, 24VSCALANCE XR528-6M (2HR2)SCALANCE XM416-4CSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE XR528-6M (L3 int.)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE XM408-8CSCALANCE XM408-4C (L3 int.)SCALANCE XM408-8C (L3 int.)SCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XR526-8C, 2x230VSCALANCE XR552-12MSCALANCE XR524-8C, 1x230VSCALANCE XR524-8C, 24V (L3 int.)SCALANCE XR528-6M
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2021-37206
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.82%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_with_cpu_variant_cp300siprotec_5_with_cpu_variant_cp100siprotec_5_with_cpu_variant_cp050SIPROTEC 5 relays with CPU variants CP050SIPROTEC 5 relays with CPU variants CP300SIPROTEC 5 relays with CPU variants CP100
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37204
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.01% / 83.73%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:16
Updated-18 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1simatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_1512spf-1simatic_drive_controller_cpu_1507d_tf_firmwaresimatic_s7-1500_cpu_1513-1simatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_1513r-1simatic_s7-1500_cpu_1511-1simatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_1214csimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1516tf-3simatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1500_cpu_1511t-1simatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515tf-2tim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1515t-2_firmwaresimatic_drive_controller_cpu_1504d_tfsimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1500_cpu_1518tf-4_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2simatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518t-4simatic_et_200sp_open_controller_cpu_1515sp_pc2SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4LinuxTIM 1531 IRCSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-PLCSIM AdvancedSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIMATIC Drive Controller familySIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC S7-1500 Software ControllerSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CVE-2021-37185
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.01% / 83.73%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:16
Updated-18 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

Action-Not Available
Vendor-Siemens AG
Product-simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_s7-1500_cpu_1516t-3simatic_s7-1500_cpu_1510sp_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2simatic_s7-1500_cpu_1511t-1_firmwaresimatic_s7-1500_cpu_1512sp-1simatic_s7-1500_cpu_1510sp-1simatic_s7-1200_cpu_1212csimatic_s7-1500_cpu_1515t-2simatic_s7-1500_cpu_1512spf-1simatic_drive_controller_cpu_1507d_tf_firmwaresimatic_s7-1500_cpu_1513-1simatic_s7-1500_cpu_1515tf-2_firmwaretim_1531_ircsimatic_s7-1200_cpu_1212fc_firmwaresimatic_s7-1500_cpu_1510spsimatic_s7-1500_cpu_1518f-4_firmwaresimatic_s7-1200_cpu_1217csimatic_s7-1500_cpu_1513r-1simatic_s7-1500_cpu_1511-1simatic_s7-1200_cpu_1215c_firmwaresimatic_s7-1500_cpu_1517f-3_firmwaresimatic_s7-1500_cpu_1511-1_firmwaresimatic_s7-1500_cpu_1518tf-4simatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1500_cpu_1515f-2_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_s7-1500_cpu_1518hf-4simatic_s7-1200_cpu_1214fc_firmwaresimatic_s7-1500_cpu_cpu_1513prof-2_firmwaresimatic_s7-1200_cpu_1215csimatic_s7-1500_cpu_1515r-2simatic_s7-1500_cpu_1516tf-3_firmwaresimatic_s7-1500_cpu_1516-3_firmwaresimatic_s7-1500_cpu_1513f-1simatic_s7-1500_cpu_1511c-1simatic_s7-1500_cpu_1517-3simatic_s7-1500_cpu_1518t-4_firmwaresimatic_s7-1500_cpu_1517f-3simatic_s7-1500_cpu_1512spf-1_firmwaresimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-1500_cpu_1517tf-3_firmwaresimatic_s7-1500_cpu_1516f-3_firmwaresimatic_s7-1500_cpu_cpu_1513pro-2_firmwaresimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1500_cpu_1517-3_firmwaresimatic_s7-1200_cpu_1214csimatic_s7-1500_software_controllersimatic_s7-1500_cpu_1516tf-3simatic_s7-1500_cpu_1511c-1_firmwaresimatic_s7-1500_cpu_1516t-3_firmwaresimatic_s7-1500_cpu_1518hf-4_firmwaresimatic_s7-1500_cpu_1511t-1simatic_drive_controller_cpu_1504d_tf_firmwaresimatic_s7-1500_cpu_1517tf-3simatic_s7-1500_cpu_1511f-1simatic_s7-1500_cpu_1515tf-2tim_1531_irc_firmwaresimatic_s7-1500_cpu_1515-2_firmwaresimatic_s7-1500_cpu_1516pro-2_firmwaresimatic_s7-1500_cpu_1511tf-1simatic_s7-1500_cpu_1515-2simatic_s7-1500_cpu_1518-4simatic_s7-1500_cpu_1511tf-1_firmwaresimatic_s7-1500_cpu_1516pro_f_firmwaresimatic_s7-plcsim_advanced_firmwaresimatic_s7-1500_cpu_1510sp-1_firmwaresimatic_s7-1500_cpu_1516-3simatic_s7-1200_cpu_1214fcsimatic_s7-1500_cpu_1515t-2_firmwaresimatic_drive_controller_cpu_1504d_tfsimatic_drive_controller_cpu_1507d_tfsimatic_s7-1500_cpu_1511f-1_firmwaresimatic_s7-1500_cpu_1518tf-4_firmwaresimatic_s7-1500_cpu_1512sp-1_firmwaresimatic_s7-1200_cpu_1215fc_firmwaresimatic_s7-1500_cpu_1512c-1simatic_s7-1500_cpu_cpu_1513prof-2simatic_s7-1500_cpu_1515f-2simatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1516f-3simatic_s7-1200_cpu_1215fcsimatic_s7-1500_cpu_1518f-4simatic_s7-1500_cpu_1516pro_fsimatic_s7-1500_cpu_1513r-1_firmwaresimatic_s7-1500_cpu_1512c-1_firmwaresimatic_s7-1500_cpu_1513f-1_firmwaresimatic_s7-1200_cpu_1212fcsimatic_s7-1500_cpu_1516pro-2simatic_s7-1500_cpu_1515r-2_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1513-1_firmwaresimatic_s7-1500_cpu_1518-4_firmwaresimatic_s7-1500_cpu_1518t-4simatic_et_200sp_open_controller_cpu_1515sp_pc2TIM 1531 IRCSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-PLCSIM AdvancedSIMATIC Drive Controller familySIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC S7-1500 Software ControllerSIPLUS TIM 1531 IRCSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CVE-2021-33720
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.42%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-siprotec_5_with_cpu_variant_cp300siprotec_5_with_cpu_variant_cp100siprotec_5_with_cpu_variant_cp050SIPROTEC 5 relays with CPU variants CP050SIPROTEC 5 relays with CPU variants CP300SIPROTEC 5 relays with CPU variants CP100
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-31890
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-2.50% / 85.35%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:32
Updated-11 Mar, 2025 | 09:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3talon_tc_compactnucleus_nettalon_tc_compact_firmwareapogee_pxc_compactapogee_modular_equiment_controller_firmwareapogee_pxc_compact_firmwareapogee_modular_equiment_controllerapogee_modular_building_controllercapital_vstarapogee_pxc_modular_firmwareapogee_pxc_modularnucleus_readystart_v4talon_tc_modular_firmwaretalon_tc_modularapogee_modular_building_controller_firmwarenucleus_source_codePLUSCONTROL 1st GenSIMOTICS CONNECT 400Capital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11
CWE ID-CWE-240
Improper Handling of Inconsistent Structural Elements
CVE-2021-31882
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 80.57%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-11 Mar, 2025 | 09:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3talon_tc_compactnucleus_nettalon_tc_compact_firmwareapogee_pxc_compactapogee_modular_equiment_controller_firmwareapogee_pxc_compact_firmwareapogee_modular_equiment_controllerapogee_modular_building_controllercapital_vstarapogee_pxc_modular_firmwareapogee_pxc_modulartalon_tc_modular_firmwaretalon_tc_modularapogee_modular_building_controller_firmwarenucleus_source_codeCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-31881
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-1.41% / 80.57%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 11:31
Updated-11 Mar, 2025 | 09:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)

Action-Not Available
Vendor-Siemens AG
Product-nucleus_readystart_v3talon_tc_compactnucleus_nettalon_tc_compact_firmwareapogee_pxc_compactapogee_modular_equiment_controller_firmwareapogee_pxc_compact_firmwareapogee_modular_equiment_controllerapogee_modular_building_controllercapital_vstarapogee_pxc_modular_firmwareapogee_pxc_modulartalon_tc_modular_firmwaretalon_tc_modularapogee_modular_building_controller_firmwarenucleus_source_codeCapital Embedded AR Classic 431-422Capital Embedded AR Classic R20-11
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-31340
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.19%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 19:47
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.

Action-Not Available
Vendor-Siemens AG
Product-simatic_reader_rf650r_fcc_firmwaresimatic_reader_rf650r_cmiit_firmwaresimatic_reader_rf680r_cmiitsimatic_reader_rf685r_fccsimatic_reader_rf610r_etsi_firmwaresimatic_reader_rf615r_etsi_firmwaresimatic_rf360rsimatic_reader_rf650r_aribsimatic_reader_rf610r_fccsimatic_reader_rf680r_fccsimatic_reader_rf685r_arib_firmwaresimatic_rf186c_firmwaresimatic_reader_rf615r_cmiitsimatic_rf188c_firmwaresimatic_reader_rf685r_fcc_firmwaresimatic_rf185csimatic_reader_rf680r_cmiit_firmwaresimatic_reader_rf685r_etsisimatic_rf360r_firmwaresimatic_rf186cisimatic_rf188csimatic_reader_rf610r_cmiit_firmwaresimatic_reader_rf610r_fcc_firmwaresimatic_rf185c_firmwaresimatic_reader_rf615r_fccsimatic_reader_rf615r_fcc_firmwaresimatic_reader_rf680r_etsisimatic_reader_rf680r_fcc_firmwaresimatic_reader_rf610r_etsisimatic_reader_rf680r_arib_firmwaresimatic_reader_rf685r_cmiit_firmwaresimatic_rf186ci_firmwaresimatic_rf166c_firmwaresimatic_rf188ci_firmwaresimatic_reader_rf650r_cmiitsimatic_reader_rf650r_fccsimatic_rf166csimatic_reader_rf685r_cmiitsimatic_reader_rf680r_aribsimatic_reader_rf650r_etsisimatic_reader_rf610r_cmiitsimatic_reader_rf650r_arib_firmwaresimatic_reader_rf680r_etsi_firmwaresimatic_reader_rf615r_etsisimatic_rf186csimatic_reader_rf650r_etsi_firmwaresimatic_reader_rf685r_aribsimatic_reader_rf615r_cmiit_firmwaresimatic_reader_rf685r_etsi_firmwaresimatic_rf188ciSIMATIC Reader RF650R ARIBSIMATIC Reader RF650R ETSISIMATIC Reader RF680R CMIITSIMATIC Reader RF615R ETSISIMATIC RF166CSIMATIC Reader RF685R CMIITSIMATIC RF185CSIMATIC Reader RF610R CMIITSIMATIC Reader RF685R ETSISIMATIC Reader RF615R CMIITSIMATIC RF188CISIMATIC Reader RF610R ETSISIMATIC Reader RF685R FCCSIMATIC Reader RF615R FCCSIMATIC RF186CSIMATIC RF360RSIMATIC Reader RF680R ARIBSIMATIC Reader RF685R ARIBSIMATIC RF188CSIMATIC Reader RF680R ETSISIMATIC Reader RF610R FCCSIMATIC Reader RF650R CMIITSIMATIC RF186CISIMATIC Reader RF680R FCCSIMATIC Reader RF650R FCC
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-27383
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.06%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsinamics_gm150simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_sm150isinamics_gl150_firmwaresinamics_gl150simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_gm150_firmwaresinamics_sm150simatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_gh150simatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_gh150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsinamics_sh150sinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_comfort_panels_4\"sinamics_sl150_firmwaresinamics_sm150i_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsinamics_sm120_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SINAMICS SM150iSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SINAMICS GH150SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SINAMICS GL150 (with option X30)SINAMICS SH150SIMATIC WinCC Runtime Advanced V15SINAMICS SL150SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SINAMICS SM120SINAMICS SM150
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-27385
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.50%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsinamics_gm150simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_sm150isinamics_gl150_firmwaresinamics_gl150simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_gm150_firmwaresinamics_sm150simatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_gh150simatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_gh150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsinamics_sh150sinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_comfort_panels_4\"sinamics_sl150_firmwaresinamics_sm150i_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsinamics_sm120_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SINAMICS SM150iSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SINAMICS GH150SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SINAMICS GL150 (with option X30)SINAMICS SH150SIMATIC WinCC Runtime Advanced V15SINAMICS SL150SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SINAMICS SM120SINAMICS SM150
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-27386
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.06%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsinamics_gm150simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresinamics_sm150isinamics_gl150_firmwaresinamics_gl150simatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_hmi_comfort_panels_4\"_firmwaresinamics_gm150_firmwaresinamics_sm150simatic_hmi_comfort_outdoor_panels_7\"_firmwaresinamics_gh150simatic_hmi_ktp_mobile_panels_ktp700_firmwaresinamics_gh150_firmwaresinamics_sl150simatic_hmi_comfort_panels_22\"simatic_hmi_ktp_mobile_panels_ktp700fsinamics_sh150sinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsinamics_sh150_firmwaresimatic_hmi_comfort_outdoor_panels_7\"sinamics_sm120simatic_hmi_ktp_mobile_panels_ktp700simatic_hmi_comfort_outdoor_panels_15\"_firmwaresimatic_hmi_comfort_panels_4\"sinamics_sl150_firmwaresinamics_sm150i_firmwaresimatic_hmi_ktp_mobile_panels_ktp900simatic_hmi_comfort_outdoor_panels_15\"simatic_hmi_comfort_panels_22\"_firmwaresimatic_wincc_runtime_advancedsinamics_sm120_firmwareSIMATIC WinCC Runtime Advanced V16SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) SINAMICS SM150iSIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants)SINAMICS GH150SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS GM150 (with option X30)SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F SINAMICS GL150 (with option X30)SINAMICS SH150SIMATIC WinCC Runtime Advanced V15SINAMICS SL150SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) SINAMICS SM120SINAMICS SM150
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-6568
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.21%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 13:40
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

Action-Not Available
Vendor-Siemens AG
Product-simatic_rf182ccp1604_firmwaresimatic_hmi_ktp_mobile_panels_ktp900_firmwaresimatic_s7-400_pn\/dpsimatic_s7-400_pn_firmwaresimatic_et_200_sp_open_controller_cpu_1515sp_pc2simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmwaresimatic_teleservice_adapter_ie_standard_firmwaresimatic_s7-1500_firmwaresinamics_s150_firmwaresimatic_rf600rsimatic_winac_rtxsinamics_gm150sinamics_s210sinamics_gl150_firmwaresimatic_s7-400_pnsimatic_teleservice_adapter_ie_advanced_firmwaretim_1531_ircsimatic_cp343-1_advancedsinamics_gl150sitop_psu8600_firmwaresimatic_s7-300simatic_rf188csimatic_hmi_comfort_panelssimatic_teleservice_adapter_ie_advancedsitop_ups1600simatic_rf185c_firmwaresimatic_ipc_diagmonitorsitop_managersimatic_winac_rtx_firmwaresinamics_gh150simatic_s7-300_firmwaresimatic_hmi_ktp_mobile_panels_ktp700_firmwarecp1616simatic_rf600r_firmwaresimatic_cp443-1_advanced_firmwaresimatic_hmi_ktp_mobile_panels_ktp700fsimatic_cp343-1_advanced_firmwaresimatic_cp443-1_opc_uasimatic_s7-1500t_firmwaresinamics_sm120simatic_cp443-1_advancedsimatic_s7-1500f_firmwaresimocode_pro_v_eipsitop_ups1600_firmwaresinamics_s210_firmwarecp1616_firmwaresimatic_hmi_ktp_mobile_panels_ktp900sinamics_s150sinamics_sl150_firmwaresimatic_s7-1500ssimatic_cp443-1_firmwarecp1604simatic_s7-1500_software_controllersimocode_pro_v_pnsimatic_rf186c_firmwaresimatic_hmi_ktp_mobile_panels_ktp400fsimatic_rf188c_firmwaresimatic_hmi_comfort_outdoor_panels_firmwaresimatic_rf185csimatic_s7-1500simatic_hmi_ktp_mobile_panels_ktp700f_firmwaresitop_psu8600simatic_s7-400_pn\/dp_firmwaresimatic_teleservice_adapter_ie_basictim_1531_irc_firmwaresimatic_hmi_ktp_mobile_panels_ktp900f_firmwaresimatic_hmi_ktp_mobile_panels_ktp400f_firmwaresimatic_s7-1500tsimatic_s7-1500s_firmwaresinamics_gm150_firmwaresinamics_sm150sinamics_g150sinamics_g130simatic_rf181-eip_firmwaresimatic_s7-1500fsinamics_gh150_firmwaresinamics_sl150simatic_rf182c_firmwaresinamics_sm150_firmwaresimatic_hmi_ktp_mobile_panels_ktp900fsimatic_cp443-1simatic_hmi_comfort_outdoor_panelssimatic_teleservice_adapter_ie_standardsimatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_rf181-eipsimatic_hmi_ktp_mobile_panels_ktp700simatic_teleservice_adapter_ie_basic_firmwaresinamics_g150_firmwaresimatic_rf186csimatic_et_200_sp_open_controller_cpu_1515sp_pcsimocode_pro_v_eip_firmwaresinamics_s120sinamics_g130_firmwaresimocode_pro_v_pn_firmwaresimatic_hmi_comfort_panels_firmwaresinamics_s120_firmwaresimatic_s7-plcsim_advancedsimatic_wincc_runtime_advancedsinamics_sm120_firmwareSINAMICS S150 V4.6 Control UnitSIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)SINAMICS G130 V4.7 SP1 Control UnitSINAMICS G150 V4.7 Control UnitSINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)SIMATIC ET 200S IM151-8F PN/DP CPUSIMATIC CP 443-1 OPC UASITOP UPS1600 (incl. SIPLUS variants)SINAMICS G130 V4.6 Control UnitSIMATIC Teleservice Adapter IE StandardSINAMICS G150 V5.1 SP1 Control UnitSINAMICS S150 V4.7 SP1 Control UnitSIMATIC RF186CSIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 317F-2 PN/DPSINAMICS GH150 V4.7 (Control Unit)SIMATIC CP 443-1 AdvancedSINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)SIMATIC S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 317-2 PN/DPSIMATIC S7-300 CPU 317TF-3 PN/DPSIMATIC RF600R familySIMATIC CP 443-1SIMOCODE pro V PROFINET (incl. SIPLUS variants)SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900FSINAMICS SL150 V4.8 (Control Unit)SINAMICS GM150 V4.8 (Control Unit)SIMATIC WinCC Runtime AdvancedSINAMICS G150 V4.7 SP1 Control UnitSIMATIC ET 200pro IM154-8F PN/DP CPUSIMATIC S7-300 CPU 317T-3 PN/DPSIMATIC CP 343-1 AdvancedSIMATIC RF185CSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SINAMICS SM120 V4.7 (Control Unit)SIMATIC S7-300 CPU 319-3 PN/DPSIMATIC Teleservice Adapter IE AdvancedSINAMICS SM150 V4.8 (Control Unit)SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SINAMICS GH150 V4.8 (Control Unit)SIPLUS ET 200S IM151-8 PN/DP CPUSITOP PSU8600SINAMICS G150 V5.1 Control UnitSIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)SINAMICS G130 V4.7 Control UnitSINAMICS S150 V5.1 SP1 Control UnitSINAMICS SL150 V4.7 (Control Unit)SINAMICS G130 V4.8 Control UnitSIMATIC CP 1604SIMATIC S7-1500 Software ControllerSINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)SIPLUS ET 200S IM151-8F PN/DP CPUSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC ET 200pro IM154-8 PN/DP CPUSIMATIC RF182CSINAMICS S210SIPLUS S7-300 CPU 317F-2 PN/DPSIPLUS NET CP 443-1SIPLUS S7-300 CPU 314C-2 PN/DPSINAMICS G130 V5.1 SP1 Control UnitSIMATIC WinAC RTX 2010SIMATIC ET 200S IM151-8 PN/DP CPUSINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)SIMATIC CP 1616SINAMICS GM150 V4.7 (Control Unit)SINAMICS S150 V5.1 Control UnitSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)SIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS NET CP 343-1 AdvancedSINAMICS S150 V4.7 Control UnitSINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)SINAMICS GL150 V4.8 (Control Unit)SIMATIC Teleservice Adapter IE BasicSIPLUS NET CP 443-1 AdvancedSITOP ManagerSINAMICS G130 V5.1 Control UnitSINAMICS SM120 V4.8 (Control Unit)SIPLUS S7-300 CPU 315-2 PN/DPSIMATIC S7-PLCSIM AdvancedSIMATIC S7-300 CPU 315-2 PN/DPSINAMICS GL150 V4.7 (Control Unit)SIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)TIM 1531 IRC (incl. SIPLUS NET variants)SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC WinAC RTX F 2010SINAMICS G150 V4.6 Control UnitSIMATIC RF188CSIMATIC RFID 181EIPSIMATIC ET 200pro IM154-8FX PN/DP CPUSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC IPC DiagMonitorSINAMICS S150 V4.8 Control UnitSINAMICS G150 V4.8 Control Unit
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-46891
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-1.07% / 77.78%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-20 Aug, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-sinec_insSINEC INSsinec_ins
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-28400
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-1.08% / 77.88%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-14 Apr, 2026 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_x201-3p_irtscalance_xr324-4m_eecruggedcom_rm1224_firmwarescalance_x206-1scalance_x320-1fe_firmwareek-ertec_200_evaulation_kit_firmwarescalance_xp-200scalance_xr324-4m_eec_firmwarescalance_xf-200bascalance_x208simatic_mv500softnet-ie_pnioscalance_x204-2_scalance_x206-1_firmwarescalance_s615_firmwarescalance_x204_irtscalance_m-800_firmwarescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xc-200_firmwarescalance_xf204-2ba_irtscalance_xr324-12m_tssimatic_profinet_driver_firmwarescalance_xf208_firmwarescalance_xr-300wg_firmwarescalance_x306-1ldfescalance_x202-2p_irt_proscalance_x304-2fescalance_x204-2fm_firmwarescalance_x204-2tssimatic_mv500_firmwarescalance_xr324-4m_poe_ts_firmwarescalance_xf204scalance_x200-4_p_irtscalance_x308-2lh\+scalance_xm400scalance_x307-3_firmwarescalance_xf204_irtscalance_xf-200ba_firmwarescalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_x310fe_firmwarescalance_xf204-2ba_irt_firmwarescalance_x308-2ldscalance_w700simocode_prov_ethernet\/ipsimatic_net_cp1604_firmwarescalance_x308-2scalance_xr324-12m_ts_firmwareruggedcom_rm1224scalance_x204-2ld_tsscalance_s615scalance_x224simatic_net_cm_1542-1scalance_x302-7eec_firmwarescalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x200-4_p_irt_firmwarescalance_x308-2m_tsscalance_xr324-4m_poeek-ertec_200p_evaluation_kitsimocode_prov_profinetscalance_w700_firmwarescalance_x307-3ldscalance_x204_irt_pro_firmwareek-ertec_200_evaulation_kitscalance_w1700_firmwarescalance_xf201-3p_irt_firmwarescalance_xb-200_firmwaresimatic_net_cp1616_firmwarescalance_xc-200scalance_xr324-4m_poe_tssimatic_net_cp1616scalance_m-800scalance_x201-3p_irt_pro_firmwaresimatic_cfu_pa_firmwarescalance_x208pro_firmwarescalance_xr324-12mscalance_x212-2ldsimatic_s7-1200scalance_x310fesimatic_cfu_pasimocode_prov_profinet_firmwarescalance_xr-300wgscalance_x201-3p_irt_prosimatic_power_line_booster_plbscalance_x308-2_firmwarescalance_x204-2fmscalance_xm400_firmwaresimatic_power_line_booster_plb_firmwaresimocode_prov_ethernet\/ip_firmwarescalance_x306-1ldfe_firmwarescalance_x320-3ldfe_firmwarescalance_x307-3ld_firmwarescalance_x308-2lhscalance_x310simatic_net_cm_1542-1_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2m_poescalance_x202-2_irtscalance_xf204_firmwarescalance_x308-2m_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf204-2_firmwarescalance_xf202-2p_irtscalance_x308-2mscalance_xr500_firmwarescalance_x202-2_irt_firmwarescalance_x206-1ldscalance_w1700scalance_xf204_irt_firmwarescalance_x308-2m_ts_firmwarescalance_xf201-3p_irtscalance_x204-2ldscalance_xf208simatic_net_dk-16xx_pn_ioscalance_xr324-4m_poe_firmwarescalance_x204-2ld_ts_firmwarescalance_x307-2eecscalance_x304-2fe_firmwaredk_standard_ethernet_controller_evaluation_kitsimatic_profinet_driverdk_standard_ethernet_controller_evaluation_kit_firmwarescalance_x307-2eec_firmwarescalance_x308-2lh_firmwarescalance_x320-3ldfeek-ertec_200p_evaluation_kit_firmwarescalance_x204-2_firmwarescalance_xf206-1scalance_xr324-12m_firmwaresimatic_s7-1200_firmwarescalance_x310_firmwarescalance_x206-1ld_firmwarescalance_xp-200_firmwarescalance_x212-2simatic_net_cp1626_firmwarescalance_x204-2ts_firmwarescalance_x208proscalance_x320-1fescalance_x216_firmwarescalance_xb-200scalance_xf202-2p_irt_firmwaresoftnet-ie_pnio_firmwarescalance_x208_firmwarescalance_xr500simatic_ie\/pb-link_v3simatic_ie\/pb-link_v3_firmwarescalance_x307-3simatic_net_cp1626scalance_x216simatic_net_cp1604scalance_xf204-2_scalance_x224_firmwarescalance_x302-7eecSCALANCE X302-7 EEC (230V)SCALANCE W1748-1 M12SCALANCE MUM853-1 (A1)SCALANCE X310FESCALANCE W734-1 RJ45 (USA)SIMATIC MV540 SSCALANCE XR524-8C, 24VSCALANCE XR324-12M TS (24V)SIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1215C DC/DC/RlySCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XC206-2G PoE (54 V DC)SCALANCE XR324-4M EEC (24V, ports on front)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE X208PROSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XR552-12M (2HR2, L3 int.)SIMATIC S7-1200 CPU 1211C DC/DC/DCSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE X302-7 EEC (2x 230V, coated)SIMATIC CM 1542-1SCALANCE XP216SCALANCE XR324-4M EEC (2x 24V, ports on front)SIMATIC MV550 SSCALANCE XP216POE EECSCALANCE X306-1LD FESCALANCE X307-2 EEC (24V)SCALANCE X201-3P IRTSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE X202-2P IRT PROSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE XC224SCALANCE XM408-4C (L3 int.)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XC208G PoE (54 V DC)SCALANCE W786-2IA RJ45SCALANCE X307-2 EEC (2x 230V)SCALANCE X308-2M PoESCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE X200-4P IRTSIMATIC IE/PB-LINKSIMATIC S7-1200 CPU 1212C DC/DC/RlySCALANCE XB208 (E/IP)SIPLUS S7-1200 CPU 1214 AC/DC/RLYSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE MUM853-1 (EU)SCALANCE X212-2SIPLUS S7-1200 CPU 1215FC DC/DC/DCSCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE X308-2LDSCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE XR526-8C, 2x230VSIMATIC PROFINET DriverSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR526-8C, 1x230VSCALANCE MUM856-1 (A1)SCALANCE XR524-8C, 24V (L3 int.)SCALANCE X408-2SCALANCE M874-3SCALANCE XM408-8CSCALANCE X302-7 EEC (24V, coated)SCALANCE M876-4 (NAM)SCALANCE X202-2IRTSCALANCE X212-2LDSIMATIC S7-1200 CPU 1214C DC/DC/RlySCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE X206-1LDSCALANCE XC216-3G PoESCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE X206-1SCALANCE XC216-4C G EECSCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XF204-2SCALANCE MUM856-1 (EU)SCALANCE X308-2MSCALANCE XC206-2SFP G EECSCALANCE W734-1 RJ45SCALANCE W748-1 M12SIMATIC S7-1200 CPU 1215C DC/DC/DCSCALANCE XF204-2BA DNASCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR526-8C, 2x230V (L3 int.)SIMATIC S7-1200 CPU 1214C DC/DC/DCSCALANCE X320-1 FESCALANCE X307-2 EEC (230V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SIPLUS S7-1200 CPU 1214C AC/DC/RLYSCALANCE XF202-2P IRTSCALANCE XR528-6MSIMATIC Power Line Booster PLB, Base ModuleSIPLUS SIMOCODE pro V basic unit 2SIMATIC S7-1200 CPU 1211C AC/DC/RlySCALANCE W788-1 RJ45SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XP208 (Ethernet/IP)SCALANCE XB205-3 (ST, PN)SIMATIC S7-1200 CPU 1212C AC/DC/RlySCALANCE XB216 (E/IP)SIMOCODE pro V EIP 24V DCSCALANCE X302-7 EEC (230V, coated)SCALANCE XC208G PoESCALANCE XR524-8C, 2x230V (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC CFU PASCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ControllerSIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SIPLUS NET SCALANCE X308-2SIMATIC S7-1200 CPU 1212FC DC/DC/RlySCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE X304-2FESIMATIC CFU DIQSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE X224SCALANCE X308-2SCALANCE X204IRTSCALANCE X204-2LD TSSCALANCE X204-2FMSCALANCE M876-4 (EU)SCALANCE XC224-4C G (EIP Def.)SCALANCE XC206-2SFP GSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE X302-7 EEC (2x 24V)SCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE MUM856-1 (B1)SCALANCE X307-3SCALANCE XC216-4CSCALANCE XF201-3P IRTSIMOCODE pro V PN 110-240V AC/DCSIPLUS S7-1200 CPU 1212C AC/DC/RLYSCALANCE XF206-1SCALANCE XR324-12M (230V, ports on rear)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SOFTNET-IE PNIOSCALANCE X201-3P IRT PROSCALANCE X308-2LHSCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE M826-2 SHDSL-RouterSIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSCALANCE W1788-2 M12SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X202-2P IRTSCALANCE W774-1 M12 EECSIMATIC S7-1200 CPU 1211C DC/DC/RlySIPLUS S7-1200 CPU 1215C DC/DC/DCSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SIMATIC S7-1200 CPU 1214C AC/DC/RlySIMATIC S7-1200 CPU 1212FC DC/DC/DCSCALANCE W778-1 M12 EECSCALANCE XR324-12M (230V, ports on front)SIMATIC S7-1200 CPU 1217C DC/DC/DCSCALANCE XR324-4M PoE (24V, ports on front)SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC CP 1604SIMATIC MV540 HSCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE X307-2 EEC (2x 24V)SCALANCE XC208GSCALANCE XB213-3 (SC, PN)SIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC MV550 HSCALANCE XF208SCALANCE MUM853-1 (B1)SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XF204IRTSIMOCODE pro V EIP 110-240V AC/DCSCALANCE W778-1 M12 EEC (USA)SIPLUS S7-1200 CPU 1215 DC/DC/RLYSCALANCE X320-1-2LD FESCALANCE XC208SIMATIC S7-1200 CPU 1214FC DC/DC/RlySCALANCE XR552-12MSIMATIC CP 1626SCALANCE M876-3 (ROK)SIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1212C DC/DC/DCSCALANCE X216SCALANCE XR526-8C, 1x230V (L3 int.)Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200SCALANCE XR324-12M (24V, ports on front)SCALANCE X204-2LDSCALANCE X204-2TSSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE MUM856-1 (CN)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSIMATIC S7-1200 CPU 1215C AC/DC/RlySCALANCE M874-3 3G-Router (CN)SCALANCE S615 EEC LAN-RouterSCALANCE W786-2 SFPSCALANCE X302-7 EEC (2x 24V, coated)SIMATIC S7-1200 CPU 1215FC DC/DC/RlySCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SIMATIC MV560 XSCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE X308-2LH+SCALANCE XM416-4CSCALANCE X204IRT PROSIMATIC MV560 USCALANCE XR524-8C, 2x230VSIMATIC S7-1200 CPU V4 family (incl. SIPLUS variants)SCALANCE X204-2SCALANCE XB205-3LD (SC, E/IP)SIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214 DC/DC/RLYSCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE XR324-12M (24V, ports on rear)SIPLUS S7-1200 CPU 1214C DC/DC/DCSCALANCE XF204-2BA IRTSCALANCE M874-2SIMATIC S7-1200 CPU 1215FC DC/DC/DCSCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE X302-7 EEC (2x 230V)SCALANCE XP208EECSCALANCE XF204 DNASCALANCE X307-3LDSCALANCE X310SCALANCE XR324-4M PoE (230V, ports on front)SIPLUS S7-1200 CPU 1215 DC/DC/DCSCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE X208SCALANCE W786-2 RJ45RUGGEDCOM RM1224 LTE(4G) EUSIPLUS S7-1200 CPU 1212 AC/DC/RLYSCALANCE X302-7 EEC (24V)SCALANCE X308-2M TSSCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSCALANCE M804PBSCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE M876-4SCALANCE XC206-2SFPSIMATIC CP 1616Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200PSCALANCE W788-2 M12 EECSCALANCE X307-2 EEC (24V, coated)SCALANCE MUM856-1 (RoW)SIMATIC NET DK-16xx PN IOSIPLUS NET SCALANCE XC206-2SFPSCALANCE X307-2 EEC (230V)SIMOCODE pro V PN 24V DCdevelopment_evaluation_kits_for_profinet_io_ek_ertec_200pscalance_m816-1_adsl-router_annex_bscalence_x204_2tsscalence_m874_3scalance_m826-2_shdsl-routerscalance_m812-1_adsl-router_annex_bscalance_m816_1_adsl_router_annex_adevelopment_evaluation_kits_for_profinet_io_ek_ertec_200scalence_m874_2scalance_x200_4p_irtscalance_w1788_2ia_m12scalance_x201_3p_irt_proscalence_x204_2ldscalance_w1748_1_m12scalancce_x204_2scalance_m876_3_rokscalence_202_2p_irt_proscalance_w1788_2_eec_m12scalence_x204_2ld_tsscalance_w700_ieee_802.11n_familyscalance_m804pbscalance_s615scalance_x201_3p_irtscalance_w1788_2_m12scalance_m876_4_namscalance_m876_4_eudevelopment_evaluation_kits_for_profinet_io_dk_standard_ethernet_controllerscalance_m812-1_adsl-router_annex_ascalance_w1788_1_m12scalence_x204_2fmruggedcom_rm1224scalance_m876_3_evdoscalancce_x202_2p_irt
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-40944
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.02% / 5.04%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 09:44
Updated-13 Jan, 2026 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state. This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation.

Action-Not Available
Vendor-Siemens AG
Product-SIPLUS NET PN/PN CouplerSIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIPLUS ET 200SP IM 155-6 PN HFSIMATIC ET 200SP IM 155-6 PN/3 HFSIMATIC ET 200AL IM 157-1 PNSIPLUS ET 200MP IM 155-5 PN HFSIMATIC PN/MF CouplerSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC ET 200SP IM 155-6 PN R1SIMATIC ET 200SP IM 155-6 PN/2 HFSIMATIC ET 200MP IM 155-5 PN HFSIMATIC PN/PN CouplerSIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIMATIC ET 200SP IM 155-6 MF HF
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-40797
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.20%
||
7 Day CHG-0.01%
Published-09 Sep, 2025 | 08:48
Updated-14 Oct, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a out-of-bounds read vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-user_management_componentsimatic_pcs_neoSIMATIC PCS neo V4.1SIMATIC PCS neo V6.0SIMATIC PCS neo V5.0User Management Component (UMC)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-43647
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.73% / 72.74%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-200 SMART CPU CR40SIMATIC S7-200 SMART CPU ST60SIMATIC S7-200 SMART CPU SR40SIMATIC S7-200 SMART CPU ST30SIMATIC S7-200 SMART CPU SR30SIMATIC S7-200 SMART CPU SR60SIMATIC S7-200 SMART CPU CR60SIMATIC S7-200 SMART CPU SR20SIMATIC S7-200 SMART CPU ST40SIMATIC S7-200 SMART CPU ST20simatic_s7-200_smart_cpu_st60
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-25242
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.20%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover.

Action-Not Available
Vendor-Siemens AG
Product-simatic_net_cp_343-1_standard_firmwaresimatic_net_cp_343-1_advancedsimatic_net_cp_343-1_standardsimatic_net_cp_343-1_leansimatic_net_cp_343-1_advanced_firmwaresimatic_net_cp_343-1_lean_firmwareSIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants)SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-37993
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 40.70%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-18 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_reader_rf650r_fcc_firmwaresimatic_reader_rf680r_cmiitsimatic_rf1170r_firmwaresimatic_reader_rf650r_cmiit_firmwaresimatic_reader_rf685r_fccsimatic_reader_rf650r_aribsimatic_reader_rf615r_etsi_firmwaresimatic_rf360rsimatic_reader_rf680r_fccsimatic_reader_rf610r_fccsimatic_reader_rf610r_etsi_firmwaresimatic_reader_rf685r_arib_firmwaresimatic_reader_rf615r_cmiitsimatic_rf186c_firmwaresimatic_reader_rf685r_fcc_firmwaresimatic_rf188c_firmwaresimatic_reader_rf680r_cmiit_firmwaresimatic_reader_rf685r_etsisimatic_rf185csimatic_rf360r_firmwaresimatic_rf1140r_firmwaresimatic_rf186cisimatic_rf1140rsimatic_rf188csimatic_reader_rf610r_cmiit_firmwaresimatic_reader_rf610r_fcc_firmwaresimatic_rf185c_firmwaresimatic_reader_rf615r_fccsimatic_reader_rf680r_etsisimatic_reader_rf615r_fcc_firmwaresimatic_reader_rf680r_fcc_firmwaresimatic_reader_rf610r_etsisimatic_reader_rf685r_cmiit_firmwaresimatic_reader_rf680r_arib_firmwaresimatic_rf186ci_firmwaresimatic_rf166c_firmwaresimatic_rf188ci_firmwaresimatic_reader_rf650r_fccsimatic_reader_rf650r_cmiitsimatic_reader_rf685r_cmiitsimatic_rf166csimatic_reader_rf680r_aribsimatic_rf1170rsimatic_reader_rf650r_etsisimatic_reader_rf610r_cmiitsimatic_reader_rf650r_arib_firmwaresimatic_reader_rf680r_etsi_firmwaresimatic_reader_rf615r_etsisimatic_reader_rf650r_etsi_firmwaresimatic_rf186csimatic_reader_rf685r_aribsimatic_reader_rf615r_cmiit_firmwaresimatic_reader_rf685r_etsi_firmwaresimatic_rf188ciSIMATIC Reader RF650R ARIBSIMATIC Reader RF650R ETSISIMATIC Reader RF680R CMIITSIMATIC Reader RF615R ETSISIMATIC RF166CSIMATIC Reader RF685R CMIITSIMATIC RF185CSIMATIC Reader RF610R CMIITSIMATIC Reader RF685R ETSISIMATIC Reader RF615R CMIITSIMATIC RF188CISIMATIC Reader RF610R ETSISIMATIC Reader RF685R FCCSIMATIC Reader RF615R FCCSIMATIC RF186CSIMATIC RF360RSIMATIC Reader RF680R ARIBSIMATIC RF1140RSIMATIC Reader RF685R ARIBSIMATIC RF1170RSIMATIC Reader RF680R ETSISIMATIC RF188CSIMATIC Reader RF610R FCCSIMATIC Reader RF650R CMIITSIMATIC RF186CISIMATIC Reader RF680R FCCSIMATIC Reader RF650R FCC
CWE ID-CWE-284
Improper Access Control
CVE-2024-37992
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 47.10%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:36
Updated-18 Sep, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application.

Action-Not Available
Vendor-Siemens AG
Product-simatic_reader_rf650r_fcc_firmwaresimatic_reader_rf680r_cmiitsimatic_rf1170r_firmwaresimatic_reader_rf650r_cmiit_firmwaresimatic_reader_rf685r_fccsimatic_reader_rf650r_aribsimatic_reader_rf615r_etsi_firmwaresimatic_rf360rsimatic_reader_rf680r_fccsimatic_reader_rf610r_fccsimatic_reader_rf610r_etsi_firmwaresimatic_reader_rf685r_arib_firmwaresimatic_reader_rf615r_cmiitsimatic_rf186c_firmwaresimatic_reader_rf685r_fcc_firmwaresimatic_rf188c_firmwaresimatic_reader_rf680r_cmiit_firmwaresimatic_reader_rf685r_etsisimatic_rf185csimatic_rf360r_firmwaresimatic_rf1140r_firmwaresimatic_rf186cisimatic_rf1140rsimatic_rf188csimatic_reader_rf610r_cmiit_firmwaresimatic_reader_rf610r_fcc_firmwaresimatic_rf185c_firmwaresimatic_reader_rf615r_fccsimatic_reader_rf680r_etsisimatic_reader_rf615r_fcc_firmwaresimatic_reader_rf680r_fcc_firmwaresimatic_reader_rf610r_etsisimatic_reader_rf685r_cmiit_firmwaresimatic_reader_rf680r_arib_firmwaresimatic_rf186ci_firmwaresimatic_rf166c_firmwaresimatic_rf188ci_firmwaresimatic_reader_rf650r_fccsimatic_reader_rf650r_cmiitsimatic_reader_rf685r_cmiitsimatic_rf166csimatic_reader_rf680r_aribsimatic_rf1170rsimatic_reader_rf650r_etsisimatic_reader_rf610r_cmiitsimatic_reader_rf650r_arib_firmwaresimatic_reader_rf680r_etsi_firmwaresimatic_reader_rf615r_etsisimatic_reader_rf650r_etsi_firmwaresimatic_rf186csimatic_reader_rf685r_aribsimatic_reader_rf615r_cmiit_firmwaresimatic_reader_rf685r_etsi_firmwaresimatic_rf188ciSIMATIC Reader RF650R ARIBSIMATIC Reader RF650R ETSISIMATIC Reader RF680R CMIITSIMATIC Reader RF615R ETSISIMATIC RF166CSIMATIC Reader RF685R CMIITSIMATIC RF185CSIMATIC Reader RF610R CMIITSIMATIC Reader RF685R ETSISIMATIC Reader RF615R CMIITSIMATIC RF188CISIMATIC Reader RF610R ETSISIMATIC Reader RF685R FCCSIMATIC Reader RF615R FCCSIMATIC RF186CSIMATIC RF360RSIMATIC Reader RF680R ARIBSIMATIC RF1140RSIMATIC Reader RF685R ARIBSIMATIC RF1170RSIMATIC Reader RF680R ETSISIMATIC RF188CSIMATIC Reader RF610R FCCSIMATIC Reader RF650R CMIITSIMATIC RF186CISIMATIC Reader RF680R FCCSIMATIC Reader RF650R FCC
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2020-25241
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.02%
||
7 Day CHG~0.00%
Published-15 Mar, 2021 | 17:03
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.

Action-Not Available
Vendor-Siemens AG
Product-simatic_mv420_sr-p_firmwaresimatic_mv440_srsimatic_mv420_sr-b_firmwaresimatic_mv420_sr-psimatic_mv440_sr_firmwaresimatic_mv420_sr-b_body_firmwaresimatic_mv420_sr-b_bodysimatic_mv440_ur_firmwaresimatic_mv420_sr-bsimatic_mv440_ursimatic_mv420_sr-p_body_firmwaresimatic_mv440_hrsimatic_mv440_hr_firmwaresimatic_mv420_sr-p_bodySIMATIC MV400 family
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-27942
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.49%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:02
Updated-06 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_crossbowRUGGEDCOM CROSSBOWruggedcom_crossbow
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-22041
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.45%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 10:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service.

Action-Not Available
Vendor-Siemens AG
Product-Desigo Fire Safety UL Compact Panel FC2025/2050Sinteso FS20 EN Fire Panel FC20 MP6Sinteso MobileSinteso FS20 EN X200 Cloud Distribution MP8Sinteso FS20 EN X200 Cloud Distribution MP7Cerberus PRO EN X200 Cloud Distribution IP8Cerberus PRO EN X300 Cloud Distribution IP8Cerberus PRO UL X300 Cloud DistributionCerberus PRO EN X200 Cloud Distribution IP7Cerberus PRO UL Compact Panel FC922/924Sinteso FS20 EN Fire Panel FC20 MP8Cerberus PRO EN Fire Panel FC72x IP7Desigo Fire Safety UL X300 Cloud DistributionSinteso FS20 EN Engineering ToolCerberus PRO EN Engineering ToolSinteso FS20 EN X300 Cloud Distribution MP8Sinteso FS20 EN Fire Panel FC20 MP7Cerberus PRO EN Fire Panel FC72x IP8Cerberus PRO EN X300 Cloud Distribution IP7Desigo Fire Safety UL Engineering ToolCerberus PRO UL Engineering ToolCerberus PRO EN Fire Panel FC72x IP6Sinteso FS20 EN X300 Cloud Distribution MP7cerberus_pro_en_x300_cloud_distributioncerberus_pro_ul_engineering_toolcerberus_pro_en_engineering_tooldesigo_fire_safety_ul_engineering_toolcerberus_pro_ul_compact_panelsinteso_fs20_en_x300_cloud_distributionsinteso_fs20_en_fire_panel_fc20cerberus_pro_ul_x300_cloudcerberus_pro_en_x200_cloud_distributionsinteso_mobilesinteso_fs20_en_x200_cloud_distributiondesigo_fire_safety_ul_compact_panelcerberus_pro_en_fire_panel_fc72x
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 23
  • 24
  • Next
Details not found