CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-25241
https://notcve.org/view.php?id=CVE-2020-25241
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions. Se ha identificado una vulnerabilidad en la familia SIMATIC MV400 (todas las versiones anteriores a V7.0.6). La pila TCP subyacente de los productos afectados no comprueba correctamente el número de secuencia de los paquetes TCP RST entrantes. • https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdf • CWE-129: Improper Validation of Array Index CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27632
https://notcve.org/view.php?id=CVE-2020-27632
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. En la familia SIMATIC MV400 versiones anteriores a la v7.0.6, el generador ISN es inicializado con un valor constante y presenta incrementos constantes. Un atacante podría predecir y secuestrar sesiones de TCP • https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01 https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks •
CVSS: 7.8EPSS: 0%CPEs: 109EXPL: 0CVE-2019-13946
https://notcve.org/view.php?id=CVE-2019-13946
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device. Las versiones de la pila Profinet-IO (PNIO) anteriores a la V06.00 no limitan adecuadamente la asignación de recursos internos cuando se envían múltiples solicitudes legítimas de paquetes de diagnóstico a la interfaz DCE-RPC. Esto podría conducir a una condición de denegación de servicio debido a la falta de memoria para los dispositivos que incluyen una versión vulnerable de la pila. • https://cert-portal.siemens.com/productcert/html/ssa-780073.html https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10925
https://notcve.org/view.php?id=CVE-2019-10925
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Valid user credentials, but no user interaction are required. Successful exploitation compromises integrity and availability of the device. • http://www.securityfocus.com/bid/108725 https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10926
https://notcve.org/view.php?id=CVE-2019-10926
A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. • http://www.securityfocus.com/bid/108725 https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf https://ics-cert.us-cert.gov/advisories/ICSA-19-162-02 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information •