CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2846
https://notcve.org/view.php?id=CVE-2016-2846
Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. Dispositivos Siemens SIMATIC S7-1200 CPU en versiones anteriores a 4.0 permiten a atancantes remotos eludir un mecanismo de protección de "bloqueo de programa de usuario" a través de vectores no especificados. • http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-833048.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-075-01 • CWE-254: 7PK - Security Features •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2909
https://notcve.org/view.php?id=CVE-2014-2909
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Vulnerabilidad de inyección CRLF en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de vectores no especificados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2014-2908 – Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-2908
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. Siemens SIMATIC S7-1200 CPU suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44687 http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2250
https://notcve.org/view.php?id=CVE-2014-2250
The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251. El generador de números aleatorios en dispositivos de Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 no tiene suficiente entropía, lo que facilita a atacantes remotos anular mecanismos de protección criptográfica y secuestrar sesiones a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-2251. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2252
https://notcve.org/view.php?id=CVE-2014-2252
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253. Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegación de servicio (transición de modo defecto) a través de paquetes PROFINET manipulados, una vulnerabilidad diferente a CVE-2014-2253. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-399: Resource Management Errors •