CVSS: 5.3EPSS: 0%CPEs: 119EXPL: 0CVE-2020-28397
https://notcve.org/view.php?id=CVE-2020-28397
10 Aug 2021 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS ... • https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2020-15782
https://notcve.org/view.php?id=CVE-2020-15782
28 May 2021 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9)... • https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 13%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2019-13940
https://notcve.org/view.php?id=CVE-2019-13940
11 Feb 2020 — A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP ... • https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2013-2780
https://notcve.org/view.php?id=CVE-2013-2780
22 Apr 2013 — Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port). Siemens SIMATIC S7-1200 PLCs v2.x y v3.x permite a atacantes remotos causar una denegación de servicio mediante paquetes especialmente creados hacia el puerto UDP 161 (puerto SNMP) • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2013-0700
https://notcve.org/view.php?id=CVE-2013-0700
22 Apr 2013 — Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). Siemens SIMATIC S7-1200 PLCs v2.x y v3.x ermite a atacantes remotos causar una denegación de servicios (transición de modo defecto e interrupción de control) a través de paquetes TCP manipulados dirigidos al puerto 102 (conocido como puerto ISO-TSAP). • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf •
CVSS: 6.1EPSS: 2%CPEs: 18EXPL: 0CVE-2012-3040
https://notcve.org/view.php?id=CVE-2012-3040
10 Oct 2012 — Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el servidor web SIMATIC S7-1200 PLCs v2.x hasta v3.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URI específicamente construida. • http://en.securitylab.ru/lab/PT-2012-50 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2012-3037
https://notcve.org/view.php?id=CVE-2012-3037
25 Sep 2012 — The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. El PLC siemens SIMATIC S7-1200 2.x no protege de forma adecuada la clave privada del certificado de SIMATIC CONTROLLER Certification Authority, lo que permitiría a atacantes remotos espiar el servidor Web S7-1200 usando esta clave para crear certificados fals... • http://en.securitylab.ru/lab/PT-2012-48 • CWE-295: Improper Certificate Validation •