Page 2 of 10 results (0.009 seconds)

CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf https://www.us-cert.gov/ics/advisories/icsa-19-344-04 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). Siemens SIMATIC S7-1200 PLCs v2.x y v3.x ermite a atacantes remotos causar una denegación de servicios (transición de modo defecto e interrupción de control) a través de paquetes TCP manipulados dirigidos al puerto 102 (conocido como puerto ISO-TSAP). • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port). Siemens SIMATIC S7-1200 PLCs v2.x y v3.x permite a atacantes remotos causar una denegación de servicio mediante paquetes especialmente creados hacia el puerto UDP 161 (puerto SNMP) • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el servidor web SIMATIC S7-1200 PLCs v2.x hasta v3.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URI específicamente construida. • http://en.securitylab.ru/lab/PT-2012-50 http://osvdb.org/86130 http://secunia.com/advisories/50816 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. El PLC siemens SIMATIC S7-1200 2.x no protege de forma adecuada la clave privada del certificado de SIMATIC CONTROLLER Certification Authority, lo que permitiría a atacantes remotos espiar el servidor Web S7-1200 usando esta clave para crear certificados falsificados. • http://en.securitylab.ru/lab/PT-2012-48 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-263-01.pdf • CWE-295: Improper Certificate Validation •