CVSS: 7.8EPSS: 2%CPEs: 68EXPL: 0CVE-2019-6575
https://notcve.org/view.php?id=CVE-2019-6575
17 Apr 2019 — A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.... • https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 0CVE-2018-13812
https://notcve.org/view.php?id=CVE-2018-13812
13 Dec 2018 — A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/M... • http://www.securityfocus.com/bid/105922 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 0CVE-2018-13813
https://notcve.org/view.php?id=CVE-2018-13813
13 Dec 2018 — A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/M... • http://www.securityfocus.com/bid/105922 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2018-13814
https://notcve.org/view.php?id=CVE-2018-13814
13 Dec 2018 — A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web ser... • http://www.securityfocus.com/bid/105931 • CWE-20: Improper Input Validation CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.1EPSS: 0%CPEs: 181EXPL: 0CVE-2017-2681
https://notcve.org/view.php?id=CVE-2017-2681
11 May 2017 — Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Los paquetes PROFINET DCP especialmente diseñados que se envían en un segmento Ethernet local (capa 2) a un producto afectado podrían causar una condi... • http://www.securityfocus.com/bid/98369 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 1%CPEs: 209EXPL: 0CVE-2017-2680
https://notcve.org/view.php?id=CVE-2017-2680
11 May 2017 — Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. Los paquetes de difusión PROFINET DCP especialmente elaborados podrían causar una condición de denegación de servicio de los productos afectados en un segmento Ethernet local (capa 2). Se requiere la interacción humana para recuperar los sistemas. • http://www.securityfocus.com/bid/98369 • CWE-400: Uncontrolled Resource Consumption •