5 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials. Se ha identificado una vulnerabilidad en la familia de SIMATIC S7-300 CPU (incluyendo las CPU ET200 relacionadas y las variantes SIPLUS) (Todas las versiones), familia SIMATIC S7-400 CPU (incluyendo las variantes SIPLUS) (Todas las versiones), SIMATIC WinAC RTX (F) 2010 (Todas las versiones), SINUMERIK 840D sl (Todas las versiones). • https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. • http://www.securityfocus.com/bid/94820 http://www.securitytracker.com/id/1037434 https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05 https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system. • http://www.securityfocus.com/bid/94820 http://www.securitytracker.com/id/1037434 https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05 https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. Dispositivos Siemens SIMATIC S7-400 PN CPU con el firmware v6 anterior a v6.0.3 permite a atacantes remotos causar una denegación de servicio (interrupción del servicio) a través de paquetes ICMP especialmente diseñados. • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-589272.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-02.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-589272.pdf •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets. Dispositivos Siemens SIMATIC S7-400 PN CPU con firmware v5.x, permite a atacantes remotos provocar una denegación de servicio (modo de transición por defecto e interrupción del servicio) a través de (1) tráfico HTTP mal formado o (2) paquetes IP mal formados • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-617264.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-02.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-617264.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •