NotCVE - vendor:"Siemens" product:"Cpu 1516pro-2 Pn"

10 results (0.003 seconds)

CVSS: 6.9EPSS: 0%CPEs: 80EXPL: 0

CVE-2024-46887

https://notcve.org/view.php?id=CVE-2024-46887

08 Oct 2024 — The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. • https://cert-portal.siemens.com/productcert/html/ssa-054046.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-862: Missing Authorization •

CVSS: 5.1EPSS: 0%CPEs: 91EXPL: 0

CVE-2024-46886

https://notcve.org/view.php?id=CVE-2024-46886

08 Oct 2024 — The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. • https://cert-portal.siemens.com/productcert/html/ssa-876787.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.2EPSS: 0%CPEs: 140EXPL: 0

CVE-2022-38773

https://notcve.org/view.php?id=CVE-2022-38773

10 Jan 2023 — Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code. • https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdf • CWE-1326: Missing Immutable Root of Trust in Hardware •

CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0

CVE-2021-44693

https://notcve.org/view.php?id=CVE-2021-44693

13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 7.5EPSS: 0%CPEs: 184EXPL: 0

CVE-2021-44694

https://notcve.org/view.php?id=CVE-2021-44694

13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •

CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0

CVE-2021-44695

https://notcve.org/view.php?id=CVE-2021-44695

13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •

CVSS: 7.8EPSS: 0%CPEs: 192EXPL: 0

CVE-2021-40365

https://notcve.org/view.php?id=CVE-2021-40365

CVSS: 7.8EPSS: 0%CPEs: 223EXPL: 0

CVE-2022-30694

https://notcve.org/view.php?id=CVE-2022-30694

08 Nov 2022 — The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. El endpoint de inicio de sesión /FormLogin en los servicios web afectados no aplica la verificación de origen adecuada. Esto podría permitir a atacantes remotos autenticados rastrear las actividades de otros usuarios mediante un ataque de Cross-Site Request Forgery (CSRF). • https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0

CVE-2021-42029

https://notcve.org/view.php?id=CVE-2021-42029

12 Apr 2022 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Port... • https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 119EXPL: 0

CVE-2020-28397

https://notcve.org/view.php?id=CVE-2020-28397

10 Aug 2021 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS ... • https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf • CWE-863: Incorrect Authorization •