CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-51440
https://notcve.org/view.php?id=CVE-2023-51440
A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets. Se ha identificado una vulnerabilidad en: SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (todas las versiones), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (todas las versiones), SIPLUS NET CP 343-1 (6AG1343- 1EX30-7XE0) (todas las versiones), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (todas las versiones). Los productos afectados validan incorrectamente los números de secuencia TCP. Esto podría permitir que un atacante remoto no autenticado cree una condición de denegación de servicio inyectando paquetes TCP RST falsificados. • https://cert-portal.siemens.com/productcert/html/ssa-516818.html • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-25242
https://notcve.org/view.php?id=CVE-2020-25242
A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. • https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-131-07 • CWE-400: Uncontrolled Resource Consumption •