CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2259
https://notcve.org/view.php?id=CVE-2014-2259
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets. Dispositivos de Siemens SIMATIC S7-1500 CPU PLC con firmware anterior a 1.5.0 permiten a atacantes remotos causar una denegación de servicio (transición de modo defecto) a través de paquetes HTTPS manipulados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2251
https://notcve.org/view.php?id=CVE-2014-2251
The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors. El generador de números aleatorios en dispositivos de Siemens SIMATIC S7-1500 CPU PLC con firmware anterior a 1.5.0 no tiene suficiente entropía, lo que facilita a atacantes remotos derrotar mecanismos de protección criptográficos y secuestrar sesiones a través de vectores no especificados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2255
https://notcve.org/view.php?id=CVE-2014-2255
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets. Dispositivos de Siemens SIMATIC S7-1500 CPU PLC con firmware anterior a 1.5.0 permiten a atacantes remotos causar una denegación de servicio (transición de modo defecto) a través de paquetes HTTP manipulados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2249
https://notcve.org/view.php?id=CVE-2014-2249
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en dispositivos SIMATIC S7-1500 CPU PLC de Siemens con versión de firmware anterior a 1.5.0 y dispositivos SIMATIC S7-1200 CPU PLC con versión de firmware anterior a 4.0 de Siemens, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas por medio de vectores desconocidos. • http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01 http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •