CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-37172
https://notcve.org/view.php?id=CVE-2021-37172
10 Aug 2021 — A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device. • https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 63EXPL: 0CVE-2020-15782
https://notcve.org/view.php?id=CVE-2020-15782
28 May 2021 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9)... • https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 13%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2019-13940
https://notcve.org/view.php?id=CVE-2019-13940
11 Feb 2020 — A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP ... • https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 32EXPL: 0CVE-2019-13945
https://notcve.org/view.php?id=CVE-2019-13945
12 Dec 2019 — A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200... • https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.5EPSS: 2%CPEs: 147EXPL: 0CVE-2019-10936
https://notcve.org/view.php?id=CVE-2019-10936
10 Oct 2019 — Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. Se ha identificado una vulnerabilidad en Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Kits de desarrollo/evaluación para PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. variantes SIPLUS), SIMAT... • https://cert-portal.siemens.com/productcert/html/ssa-473245.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2019-10929
https://notcve.org/view.php?id=CVE-2019-10929
13 Aug 2019 — A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 ... • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2019-10943
https://notcve.org/view.php?id=CVE-2019-10943
13 Aug 2019 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf • CWE-345: Insufficient Verification of Data Authenticity CWE-353: Missing Support for Integrity Check •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2846
https://notcve.org/view.php?id=CVE-2016-2846
16 Mar 2016 — Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. Dispositivos Siemens SIMATIC S7-1200 CPU en versiones anteriores a 4.0 permiten a atancantes remotos eludir un mecanismo de protección de "bloqueo de programa de usuario" a través de vectores no especificados. • http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-833048.pdf • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 12%CPEs: 2EXPL: 2CVE-2015-5698 – Siemens SIMATIC S7-1200 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-5698
30 Aug 2015 — Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en el servidor web en dispositivos Siemens SIMATIC S7-1200 CPU con firmware en versiones anteriores a 4.1.3, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores no especificados. Siemens SIMATIC S7-1200 suf... • https://packetstorm.news/files/id/172315 • CWE-352: Cross-Site Request Forgery (CSRF) •