CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-37482
https://notcve.org/view.php?id=CVE-2023-37482
11 Feb 2025 — The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. • https://cert-portal.siemens.com/productcert/html/ssa-195895.html • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 152EXPL: 0CVE-2023-46156
https://notcve.org/view.php?id=CVE-2023-46156
12 Dec 2023 — Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations. Los dispositivos afectados manejan incorrectamente paquetes especialmente manipulados enviados al puerto 102/tcp. Esto podría permitir que un atacante cree una condición de denegación de servicio. • https://cert-portal.siemens.com/productcert/html/ssa-280603.html • CWE-416: Use After Free •
CVSS: 8.7EPSS: 0%CPEs: 158EXPL: 0CVE-2023-28831
https://notcve.org/view.php?id=CVE-2023-28831
12 Sep 2023 — The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Las implementaciones de OPC UA (ANSI C y C++) en los productos afectados contienen una vulnerabilidad de desbordamiento de enteros que podría provocar que la aplicación se ejec... • https://cert-portal.siemens.com/productcert/html/ssa-118850.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.2EPSS: 0%CPEs: 140EXPL: 0CVE-2022-38773
https://notcve.org/view.php?id=CVE-2022-38773
10 Jan 2023 — Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code. • https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdf • CWE-1326: Missing Immutable Root of Trust in Hardware •
CVSS: 7.8EPSS: 0%CPEs: 223EXPL: 0CVE-2022-30694
https://notcve.org/view.php?id=CVE-2022-30694
08 Nov 2022 — The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. El endpoint de inicio de sesión /FormLogin en los servicios web afectados no aplica la verificación de origen adecuada. Esto podría permitir a atacantes remotos autenticados rastrear las actividades de otros usuarios mediante un ataque de Cross-Site Request Forgery (CSRF). • https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 0%CPEs: 89EXPL: 0CVE-2022-38465
https://notcve.org/view.php?id=CVE-2022-38465
11 Oct 2022 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9)... • https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 1%CPEs: 96EXPL: 0CVE-2021-37205
https://notcve.org/view.php?id=CVE-2021-37205
09 Feb 2022 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All v... • https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 1%CPEs: 96EXPL: 0CVE-2021-37204
https://notcve.org/view.php?id=CVE-2021-37204
09 Feb 2022 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux... • https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.5EPSS: 1%CPEs: 96EXPL: 0CVE-2021-37185
https://notcve.org/view.php?id=CVE-2021-37185
09 Feb 2022 — A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All v... • https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 6.5EPSS: 0%CPEs: 72EXPL: 0CVE-2020-24513 – hw: information disclosure on some Intel Atom processors
https://notcve.org/view.php?id=CVE-2020-24513
09 Jun 2021 — Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una vulnerabilidad en la ejecución transitoria de omisión de dominios en algunos procesadores Intel Atom® puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors ... • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •