CVSS: 7.5EPSS: 0%CPEs: 157EXPL: 0CVE-2020-28400
https://notcve.org/view.php?id=CVE-2020-28400
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. Los dispositivos afectados contienen una vulnerabilidad que permite a un atacante no autentificado desencadenar una condición de denegación de servicio. La vulnerabilidad puede activarse si se envía una gran cantidad de paquetes de restablecimiento de DCP al dispositivo • https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03 https://cert-portal.siemens.com/productcert/html/ssa-599968.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2021-25667
https://notcve.org/view.php?id=CVE-2021-25667
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. Se ha identificado una vulnerabilidad en RUGGEDCOM RM1224 (Todas las versiones posteriores e incluyendo a V4.3 y anteriores a V6.4), SCALANCE M-800 (Todas las versiones posteriores e incluyendo a V4.3 y anteriores a V6.4), SCALANCE S615 (Todas las versiones posteriores e incluyendo a V4.3 y anteriores a V6.4), SCALANCE SC-600 Family (Todas las versiones posteriores e incluyendo a V2.0 y anteriores a V2.1.3), SCALANCE XB-200 (Todas las versiones anteriores a V4.1), SCALANCE XC-200 (Todas las versiones anteriores a V4.1), SCALANCE XF-200BA (Todas las versiones anteriores a V4.1), SCALANCE XM400 (Todas las versiones anteriores a V6.2), SCALANCE XP-200 (Todas las versiones anteriores a V4.1), SCALANCE XR-300WG (Todas las versiones anteriores a V4.1), SCALANCE XR500 (Todas las versiones anteriores a V6.2). Unos dispositivos afectados contienen una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el manejo de frames STP BPDU que podría permitir a un atacante remoto desencadenar una condición de denegación de servicio o una ejecución de código potencialmente remoto. • https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 181EXPL: 0CVE-2017-2681
https://notcve.org/view.php?id=CVE-2017-2681
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Los paquetes PROFINET DCP especialmente diseñados que se envían en un segmento Ethernet local (capa 2) a un producto afectado podrían causar una condición de denegación de servicio de ese producto. • http://www.securityfocus.com/bid/98369 http://www.securitytracker.com/id/1038463 https://cert-portal.siemens.com/productcert/html/ssa-293562.html https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 209EXPL: 0CVE-2017-2680
https://notcve.org/view.php?id=CVE-2017-2680
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. Los paquetes de difusión PROFINET DCP especialmente elaborados podrían causar una condición de denegación de servicio de los productos afectados en un segmento Ethernet local (capa 2). Se requiere la interacción humana para recuperar los sistemas. • http://www.securityfocus.com/bid/98369 http://www.securitytracker.com/id/1038463 https://cert-portal.siemens.com/productcert/html/ssa-284673.html https://cert-portal.siemens.com/productcert/html/ssa-293562.html https://cert-portal.siemens.com/productcert/html/ssa-546832.html https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf https://ics-cert.us- • CWE-400: Uncontrolled Resource Consumption •