18 results (0.009 seconds)

CVSS: 6.9EPSS: 0%CPEs: 82EXPL: 0

The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. • https://cert-portal.siemens.com/productcert/html/ssa-054046.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 5.1EPSS: 0%CPEs: 141EXPL: 0

The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. • https://cert-portal.siemens.com/productcert/html/ssa-876787.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 152EXPL: 0

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. Los dispositivos afectados manejan incorrectamente paquetes especialmente manipulados enviados al puerto 102/tcp. Esto podría permitir que un atacante cree una condición de denegación de servicio. Es necesario reiniciar para restaurar las operaciones normales. • https://cert-portal.siemens.com/productcert/html/ssa-280603.html https://cert-portal.siemens.com/productcert/html/ssa-592380.html https://cert-portal.siemens.com/productcert/pdf/ssa-280603.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-592380.pdf • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 158EXPL: 0

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Las implementaciones de OPC UA (ANSI C y C++) en los productos afectados contienen una vulnerabilidad de desbordamiento de enteros que podría provocar que la aplicación se ejecute en un bucle infinito durante la validación del certificado. Esto podría permitir que un atacante remoto no autenticado cree una condición de denegación de servicio enviando un certificado especialmente manipulado. • https://cert-portal.siemens.com/productcert/html/ssa-118850.html https://cert-portal.siemens.com/productcert/html/ssa-711309.html https://cert-portal.siemens.com/productcert/pdf/ssa-118850.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-711309.pdf • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0

Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation •