CVE-2019-10936
https://notcve.org/view.php?id=CVE-2019-10936
Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. Se ha identificado una vulnerabilidad en Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Kits de desarrollo/evaluación para PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. variantes SIPLUS), SIMATIC ET200AL, SIMATIC ET200M (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN BA (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN HF (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN ST (incl. variantes SIPLUS) SIPLUS), SIMATIC ET200S (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN BA (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HA (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HF (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HS (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN ST (incl. variantes SIPLUS). SIPLUS), SIMATIC ET200SP IM155-6 PN/2 HF (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN/3 HF (incl. variantes SIPLUS) variantes SIPLUS), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, paneles exteriores SIMATIC HMI Comfort de 7" y 15" (incl. variantes SIPLUS), paneles SIMATIC HMI Comfort de 4" a 22" (incl. variantes SIPLUS), paneles móviles SIMATIC HMI KTP, acoplador SIMATIC PN/PN (incl. variantes SIPLUS NET), driver SIMATIC PROFINET, familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-1500 (incl. variantes SIPLUS). CPUs ET200 y variantes SIPLUS), SIMATIC S7-1500 Software Controller, familia de CPUs SIMATIC S7-300 (incl. CPUs ET200 y variantes SIPLUS), familia de CPUs SIMATIC S7-400 H V6 (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-400 PN/DP V6 e inferiores (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS), SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS). • https://cert-portal.siemens.com/productcert/html/ssa-473245.html https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-11458
https://notcve.org/view.php?id=CVE-2018-11458
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. • http://www.securityfocus.com/bid/106185 https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf • CWE-190: Integer Overflow or Wraparound •
CVE-2018-11465
https://notcve.org/view.php?id=CVE-2018-11465
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. • http://www.securityfocus.com/bid/106185 https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf • CWE-125: Out-of-bounds Read CWE-248: Uncaught Exception •
CVE-2018-11462
https://notcve.org/view.php?id=CVE-2018-11462
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. • http://www.securityfocus.com/bid/106185 https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2018-11464
https://notcve.org/view.php?id=CVE-2018-11464
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. • http://www.securityfocus.com/bid/106185 https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf • CWE-248: Uncaught Exception •