Filtered by vendor Siemens Subscriptions
Filtered by product Simatic Cp 1616 Firmware Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-37194 1 Siemens 10 Simatic Cp 1604, Simatic Cp 1604 Firmware, Simatic Cp 1616 and 7 more 2024-09-19 6.7 Medium
A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.
CVE-2023-37195 1 Siemens 10 Simatic Cp 1604, Simatic Cp 1604 Firmware, Simatic Cp 1616 and 7 more 2024-09-19 4.4 Medium
A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.
CVE-2017-2681 1 Siemens 155 Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware, Ek-ertec 200 Pn Io and 152 more 2024-09-10 6.5 Medium
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.
CVE-2017-2680 1 Siemens 183 S110 Pn, Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware and 180 more 2024-09-10 6.5 Medium
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.
CVE-2019-13946 1 Siemens 101 Dk Standard Ethernet Controller, Ek-ertec 200, Ek-ertec 200 Firmware and 98 more 2024-08-05 7.5 High
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.