Filtered by vendor Siemens
Subscriptions
Filtered by product Simatic S7-1500 Cpu 1512c
Subscriptions
Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-10943 | 1 Siemens | 22 Simatic Et 200sp Open Controller Cpu 1515sp Pc, Simatic Et 200sp Open Controller Cpu 1515sp Pc2, Simatic Et 200sp Open Controller Cpu 1515sp Pc2 Firmware and 19 more | 2024-08-04 | 7.5 High |
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. | ||||
CVE-2019-10936 | 1 Siemens | 130 Dk Standard Ethernet Controller, Dk Standard Ethernet Controller Firmware, Ek-ertec 200 and 127 more | 2024-08-04 | 7.5 High |
Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. | ||||
CVE-2019-10929 | 1 Siemens | 33 Simatic Cp 1626, Simatic Cp 1626 Firmware, Simatic Et 200sp Open Controller Cpu 1515sp Pc and 30 more | 2024-08-04 | 5.9 Medium |
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices. | ||||
CVE-2021-44693 | 1 Siemens | 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more | 2024-08-04 | 4.9 Medium |
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | ||||
CVE-2021-44695 | 1 Siemens | 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more | 2024-08-04 | 4.9 Medium |
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | ||||
CVE-2021-44694 | 1 Siemens | 184 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 181 more | 2024-08-04 | 5.5 Medium |
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | ||||
CVE-2021-42029 | 1 Siemens | 71 Simatic S7-1200 Cpu, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1212c and 68 more | 2024-08-04 | 7.8 High |
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. | ||||
CVE-2021-40365 | 1 Siemens | 192 Simatic Et 200 Sp Open Controller Cpu 1515sp Pc, Simatic Et 200 Sp Open Controller Cpu 1515sp Pc Firmware, Simatic S7-1200 Cpu 1211c and 189 more | 2024-08-04 | 7.5 High |
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | ||||
CVE-2022-30694 | 1 Siemens | 223 6ag1151-8ab01-7ab0, 6ag1151-8ab01-7ab0 Firmware, 6ag1151-8fb01-2ab0 and 220 more | 2024-08-03 | 6.5 Medium |
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack. |
Page 1 of 1.