CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2019-10929
https://notcve.org/view.php?id=CVE-2019-10929
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf https://www.us-cert.gov/ics/advisories/icsa-19-344-04 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2909
https://notcve.org/view.php?id=CVE-2014-2909
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Vulnerabilidad de inyección CRLF en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de vectores no especificados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2014-2908 – Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-2908
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. Siemens SIMATIC S7-1200 CPU suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44687 http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2250
https://notcve.org/view.php?id=CVE-2014-2250
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251. El generador de números aleatorios en dispositivos de Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 no tiene suficiente entropía, lo que facilita a atacantes remotos anular mecanismos de protección criptográfica y secuestrar sesiones a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-2251. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2252
https://notcve.org/view.php?id=CVE-2014-2252
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253. Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegación de servicio (transición de modo defecto) a través de paquetes PROFINET manipulados, una vulnerabilidad diferente a CVE-2014-2253. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-399: Resource Management Errors •