Filtered by vendor Siemens Subscriptions
Filtered by product Simatic S7-1200 Cpu 1215 Fc Firmware Subscriptions
Total 10 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3449 13 Checkpoint, Debian, Fedoraproject and 10 more 172 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 169 more 2024-09-17 5.9 Medium
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVE-2012-3037 1 Siemens 18 Simatic S7-1200, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1211c Firmware and 15 more 2024-09-17 N/A
The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate.
CVE-2012-3040 1 Siemens 18 Simatic S7-1200, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1211c Firmware and 15 more 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
CVE-2013-2780 1 Siemens 18 Simatic S7-1200, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1211c Firmware and 15 more 2024-08-06 N/A
Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port).
CVE-2013-0700 1 Siemens 18 Simatic S7-1200, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1211c Firmware and 15 more 2024-08-06 N/A
Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port).
CVE-2021-44693 1 Siemens 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more 2024-08-04 4.9 Medium
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
CVE-2021-44695 1 Siemens 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more 2024-08-04 4.9 Medium
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
CVE-2021-44694 1 Siemens 184 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 181 more 2024-08-04 5.5 Medium
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
CVE-2021-40365 1 Siemens 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more 2024-08-04 7.5 High
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
CVE-2022-30694 1 Siemens 223 6ag1151-8ab01-7ab0, 6ag1151-8ab01-7ab0 Firmware, 6ag1151-8fb01-2ab0 and 220 more 2024-08-03 6.5 Medium
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.