CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-51440
https://notcve.org/view.php?id=CVE-2023-51440
13 Feb 2024 — A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets. Se ha identificado una vulnerabilidad en: SIMATIC ... • https://cert-portal.siemens.com/productcert/html/ssa-516818.html • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-33737
https://notcve.org/view.php?id=CVE-2021-33737
14 Sep 2021 — A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3). Sending a specially crafte... • https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25242
https://notcve.org/view.php?id=CVE-2020-25242
12 May 2021 — A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. • https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 109EXPL: 0CVE-2019-13946
https://notcve.org/view.php?id=CVE-2019-13946
11 Feb 2020 — Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker ... • https://cert-portal.siemens.com/productcert/html/ssa-780073.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2018-4843
https://notcve.org/view.php?id=CVE-2018-4843
20 Mar 2018 — A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All v... • https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 181EXPL: 0CVE-2017-2681
https://notcve.org/view.php?id=CVE-2017-2681
11 May 2017 — Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Los paquetes PROFINET DCP especialmente diseñados que se envían en un segmento Ethernet local (capa 2) a un producto afectado podrían causar una condi... • http://www.securityfocus.com/bid/98369 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 209EXPL: 0CVE-2017-2680
https://notcve.org/view.php?id=CVE-2017-2680
11 May 2017 — Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. Los paquetes de difusión PROFINET DCP especialmente elaborados podrían causar una condición de denegación de servicio de los productos afectados en un segmento Ethernet local (capa 2). Se requiere la interacción humana para recuperar los sistemas. • http://www.securityfocus.com/bid/98369 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8673
https://notcve.org/view.php?id=CVE-2016-8673
23 Nov 2016 — A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). • https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8672 – Siemens SIMATIC Cookie Settings / Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-8672
22 Nov 2016 — A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). • https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.7EPSS: 0%CPEs: 13EXPL: 0CVE-2015-8214
https://notcve.org/view.php?id=CVE-2015-8214
27 Nov 2015 — A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. • http://www.securityfocus.com/bid/78345 • CWE-264: Permissions, Privileges, and Access Controls •