CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44102
https://notcve.org/view.php?id=CVE-2024-44102
12 Nov 2024 — A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured... • https://cert-portal.siemens.com/productcert/html/ssa-454789.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-45117
https://notcve.org/view.php?id=CVE-2021-45117
21 Mar 2022 — The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. Los stubs de pila ANSI C autogenerados por OPC (en los NodeSets) no manejan todos los casos de error. Esto puede conllevar a una desreferencia de puntero NULL • https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-40142
https://notcve.org/view.php?id=CVE-2021-40142
27 Aug 2021 — In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. En OPC Foundation Local Discovery Server (LDS) versiones anteriores a 1.04.402.463, unos atacantes remotos pueden causar una denegación de servicio (DoS) mediante el envío de mensajes cuidadosamente diseñados que conllevan a el Acceso a una Ubicación de Memoria Después del Final de un... • https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 5%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0CVE-2019-6575
https://notcve.org/view.php?id=CVE-2019-6575
17 Apr 2019 — A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.... • https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4836
https://notcve.org/view.php?id=CVE-2018-4836
25 Jan 2018 — A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations. Se ha identificado una vulnerabilidad en TeleControl Server Basic en versiones anteriores a la 3.1. Un atacante autenticado con una cuenta de privilegios bajos en el puerto 8000/tcp de TeleControl Server Basic podría escalar sus privilegios y realizar operaciones adm... • http://www.securityfocus.com/bid/102897 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4837
https://notcve.org/view.php?id=CVE-2018-4837
25 Jan 2018 — A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition. Se ha identificado una vulnerabilidad en TeleControl Server Basic en versiones anteriores a la 3.1. Un atacante con acceso al servidor web de Telecontrol Server Basic (puerto... • http://www.securityfocus.com/bid/102819 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4835
https://notcve.org/view.php?id=CVE-2018-4835
25 Jan 2018 — A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information. Se ha identificado una vulnerabilidad en TeleControl Server Basic en versiones anteriores a la 3.1. Un atacante con acceso de red al puerto 8000/tcp de TeleControl Server Basic podría evadir el mecanismo de autenticación y leer información limitada. • http://www.securityfocus.com/bid/102894 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 6.9EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7165
https://notcve.org/view.php?id=CVE-2016-7165
15 Nov 2016 — A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (... • http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •