CVSS: 7.8EPSS: 0%CPEs: 152EXPL: 0CVE-2023-46156
https://notcve.org/view.php?id=CVE-2023-46156
12 Dec 2023 — Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. Los dispositivos afectados manejan incorrectamente paquetes especialmente manipulados enviados al puerto 102/tcp. Esto podría permitir que un atacante cree una condición de denegación de servicio. • https://cert-portal.siemens.com/productcert/html/ssa-280603.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 158EXPL: 0CVE-2023-28831
https://notcve.org/view.php?id=CVE-2023-28831
12 Sep 2023 — The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Las implementaciones de OPC UA (ANSI C y C++) en los productos afectados contienen una vulnerabilidad de desbordamiento de enteros que podría provocar que la aplicación se ejec... • https://cert-portal.siemens.com/productcert/html/ssa-118850.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 140EXPL: 0CVE-2022-38773
https://notcve.org/view.php?id=CVE-2022-38773
10 Jan 2023 — Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code. • https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdf • CWE-1326: Missing Immutable Root of Trust in Hardware •
CVSS: 7.8EPSS: 0%CPEs: 192EXPL: 0CVE-2021-40365
https://notcve.org/view.php?id=CVE-2021-40365
13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0CVE-2021-44693
https://notcve.org/view.php?id=CVE-2021-44693
13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0CVE-2021-44695
https://notcve.org/view.php?id=CVE-2021-44695
13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.5EPSS: 0%CPEs: 184EXPL: 0CVE-2021-44694
https://notcve.org/view.php?id=CVE-2021-44694
13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 223EXPL: 0CVE-2022-30694
https://notcve.org/view.php?id=CVE-2022-30694
08 Nov 2022 — The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. El endpoint de inicio de sesión /FormLogin en los servicios web afectados no aplica la verificación de origen adecuada. Esto podría permitir a atacantes remotos autenticados rastrear las actividades de otros usuarios mediante un ataque de Cross-Site Request Forgery (CSRF). • https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 0%CPEs: 89EXPL: 0CVE-2022-38465
https://notcve.org/view.php?id=CVE-2022-38465
11 Oct 2022 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9)... • https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 96EXPL: 0CVE-2021-37205
https://notcve.org/view.php?id=CVE-2021-37205
09 Feb 2022 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All v... • https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf • CWE-401: Missing Release of Memory after Effective Lifetime •