CVSS: 5.9EPSS: 13%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2019-13940
https://notcve.org/view.php?id=CVE-2019-13940
11 Feb 2020 — A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP ... • https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 32EXPL: 0CVE-2019-13945
https://notcve.org/view.php?id=CVE-2019-13945
12 Dec 2019 — A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200... • https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.5EPSS: 2%CPEs: 147EXPL: 0CVE-2019-10936
https://notcve.org/view.php?id=CVE-2019-10936
10 Oct 2019 — Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. Se ha identificado una vulnerabilidad en Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Kits de desarrollo/evaluación para PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. variantes SIPLUS), SIMAT... • https://cert-portal.siemens.com/productcert/html/ssa-473245.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2019-10929
https://notcve.org/view.php?id=CVE-2019-10929
13 Aug 2019 — A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 ... • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2019-10943
https://notcve.org/view.php?id=CVE-2019-10943
13 Aug 2019 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf • CWE-345: Insufficient Verification of Data Authenticity CWE-353: Missing Support for Integrity Check •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-13815
https://notcve.org/view.php?id=CVE-2018-13815
13 Dec 2018 — A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. The vulnerability, if exploited, could cause a Denial-of-Service ... • http://www.securityfocus.com/bid/105928 • CWE-400: Uncontrolled Resource Consumption CWE-410: Insufficient Resource Pool •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-13800
https://notcve.org/view.php?id=CVE-2018-13800
10 Oct 2018 — A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow ... • http://www.securityfocus.com/bid/105542 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.7EPSS: 3%CPEs: 76EXPL: 0CVE-2017-12741
https://notcve.org/view.php?id=CVE-2017-12741
26 Dec 2017 — Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually. Se ha identificado una vulnerabilidad en Development/Evaluation Kits para PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits para PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits para PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incluidas las variantes SIPLUS), SIMATIC ET200MP IM155-5 PN BA (incluid... • https://cert-portal.siemens.com/productcert/html/ssa-141614.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 181EXPL: 0CVE-2017-2681
https://notcve.org/view.php?id=CVE-2017-2681
11 May 2017 — Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. Los paquetes PROFINET DCP especialmente diseñados que se envían en un segmento Ethernet local (capa 2) a un producto afectado podrían causar una condi... • http://www.securityfocus.com/bid/98369 • CWE-400: Uncontrolled Resource Consumption •