4 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 98EXPL: 0

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf https://cert-portal.siemens.com/productcert/html/ssa-349422.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 147EXPL: 0

Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. Se ha identificado una vulnerabilidad en Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Kits de desarrollo/evaluación para PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. variantes SIPLUS), SIMATIC ET200AL, SIMATIC ET200M (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN BA (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN HF (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN ST (incl. variantes SIPLUS) SIPLUS), SIMATIC ET200S (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN BA (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HA (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HF (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HS (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN ST (incl. variantes SIPLUS). SIPLUS), SIMATIC ET200SP IM155-6 PN/2 HF (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN/3 HF (incl. variantes SIPLUS) variantes SIPLUS), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, paneles exteriores SIMATIC HMI Comfort de 7" y 15" (incl. variantes SIPLUS), paneles SIMATIC HMI Comfort de 4" a 22" (incl. variantes SIPLUS), paneles móviles SIMATIC HMI KTP, acoplador SIMATIC PN/PN (incl. variantes SIPLUS NET), driver SIMATIC PROFINET, familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-1500 (incl. variantes SIPLUS). CPUs ET200 y variantes SIPLUS), SIMATIC S7-1500 Software Controller, familia de CPUs SIMATIC S7-300 (incl. CPUs ET200 y variantes SIPLUS), familia de CPUs SIMATIC S7-400 H V6 (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-400 PN/DP V6 e inferiores (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS), SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS). • https://cert-portal.siemens.com/productcert/html/ssa-473245.html https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 125EXPL: 0

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. SIPLUS), paneles exteriores SIMATIC HMI Comfort de 7" y 15" (incl. variantes SIPLUS), paneles SIMATIC HMI Comfort de 4" - 22" (incl. variantes SIPLUS), paneles SIMATIC ET 200SP Open Controller CPU 1515SP PC SIPLUS), paneles móviles SIMATIC HMI KTP KTP400F, KTP700, KTP700F, KTP900 y KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, familia SIMATIC RF600R, familia de CPUs SIMATIC S7-1500 (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf • CWE-125: Out-of-bounds Read •

CVSS: 7.1EPSS: 0%CPEs: 209EXPL: 0

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. Los paquetes de difusión PROFINET DCP especialmente elaborados podrían causar una condición de denegación de servicio de los productos afectados en un segmento Ethernet local (capa 2). Se requiere la interacción humana para recuperar los sistemas. • http://www.securityfocus.com/bid/98369 http://www.securitytracker.com/id/1038463 https://cert-portal.siemens.com/productcert/html/ssa-284673.html https://cert-portal.siemens.com/productcert/html/ssa-293562.html https://cert-portal.siemens.com/productcert/html/ssa-546832.html https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf https://ics-cert.us- • CWE-400: Uncontrolled Resource Consumption •