CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0CVE-2021-44693
https://notcve.org/view.php?id=CVE-2021-44693
13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: 184EXPL: 0CVE-2021-44694
https://notcve.org/view.php?id=CVE-2021-44694
13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 192EXPL: 0CVE-2021-40365
https://notcve.org/view.php?id=CVE-2021-40365
13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 192EXPL: 0CVE-2021-44695
https://notcve.org/view.php?id=CVE-2021-44695
13 Dec 2022 — Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. Los dispositivos afectados no procesan correctamente ciertos paquetes especialmente manipulados enviados al puerto 102/tcp, lo que podría permitir a un atacante provocar una denegación de servicio en el dispositivo. • https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 223EXPL: 0CVE-2022-30694
https://notcve.org/view.php?id=CVE-2022-30694
08 Nov 2022 — The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. El endpoint de inicio de sesión /FormLogin en los servicios web afectados no aplica la verificación de origen adecuada. Esto podría permitir a atacantes remotos autenticados rastrear las actividades de otros usuarios mediante un ataque de Cross-Site Request Forgery (CSRF). • https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2021-42029
https://notcve.org/view.php?id=CVE-2021-42029
12 Apr 2022 — A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. Se ha identificado una vulnerabilidad en SIMATIC STEP 7 (TIA Port... • https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 10%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2013-2780
https://notcve.org/view.php?id=CVE-2013-2780
22 Apr 2013 — Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port). Siemens SIMATIC S7-1200 PLCs v2.x y v3.x permite a atacantes remotos causar una denegación de servicio mediante paquetes especialmente creados hacia el puerto UDP 161 (puerto SNMP) • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2013-0700
https://notcve.org/view.php?id=CVE-2013-0700
22 Apr 2013 — Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). Siemens SIMATIC S7-1200 PLCs v2.x y v3.x ermite a atacantes remotos causar una denegación de servicios (transición de modo defecto e interrupción de control) a través de paquetes TCP manipulados dirigidos al puerto 102 (conocido como puerto ISO-TSAP). • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf •
CVSS: 6.1EPSS: 1%CPEs: 18EXPL: 0CVE-2012-3040
https://notcve.org/view.php?id=CVE-2012-3040
10 Oct 2012 — Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el servidor web SIMATIC S7-1200 PLCs v2.x hasta v3.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URI específicamente construida. • http://en.securitylab.ru/lab/PT-2012-50 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •