8 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. Dispositivos Siemens SIMATIC S7-1200 CPU en versiones anteriores a 4.0 permiten a atancantes remotos eludir un mecanismo de protección de "bloqueo de programa de usuario" a través de vectores no especificados. • http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-833048.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-075-01 • CWE-254: 7PK - Security Features •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1

Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. Siemens SIMATIC S7-1200 CPU suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44687 http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0

CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Vulnerabilidad de inyección CRLF en el servidor web integrado en dispositivos Siemens SIMATIC S7-1200 CPU 2.x y 3.x permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de vectores no especificados. • http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255. Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegación de servicio (transición de modo defecto) a través de paquetes HTTP manipulados, una vulnerabilidad diferente a CVE-2014-2255. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257. Dispositivos Siemens SIMATIC S7-1200 CPU PLC con firmware anterior a 4.0 permiten a atacantes remotos causar una denegación de servicio (transición de modo defecto) a través de paquetes ISO-TSAP manipulados, una vulnerabilidad diferente a CVE-2014-2257. • http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02 http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf • CWE-399: Resource Management Errors •