Page 4 of 26 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. Siemens SIMATIC S7-1200 CPU suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44687 http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Vulnerabilidad de inyección CRLF en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de vectores no especificados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255. Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegación de servicio (transición de modo defecto) a través de paquetes HTTP manipulados, una vulnerabilidad diferente a CVE-2014-2255. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257. Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegación de servicio (transición de modo defecto) a través de paquetes ISO-TSAP manipulados, una vulnerabilidad diferente a CVE-2014-2257. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-399: Resource Management Errors •

CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0

The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251. El generador de números aleatorios en dispositivos de Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 no tiene suficiente entropía, lo que facilita a atacantes remotos anular mecanismos de protección criptográfica y secuestrar sesiones a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-2251. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-310: Cryptographic Issues •