Siemens SCALANCE W1750D Buffer Overflow (CVE-2023-22785)
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.1AI Score
0.004EPSS
Siemens SCALANCE W1750D Improper Input Validation (CVE-2023-22787)
An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. This plugin...
7.5CVSS
7.2AI Score
0.001EPSS
Siemens SCALANCE W1750D Buffer Overflow (CVE-2023-22780)
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.1AI Score
0.004EPSS
Siemens SCALANCE W1750D Buffer Overflow (CVE-2023-22786)
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.1AI Score
0.004EPSS
Siemens SCALANCE W1750D Command Injection (CVE-2023-22789)
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This plugin...
8.8CVSS
8.3AI Score
0.001EPSS
Siemens SCALANCE W1750D Exposure of Sensitive Information to an Unauthorized Actor (CVE-2023-22791)
A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in...
5.4CVSS
6.6AI Score
0.0004EPSS
Siemens SCALANCE W1750D Buffer Overflow (CVE-2023-22782)
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities.....
9.8CVSS
9.1AI Score
0.004EPSS
Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.5CVSS
7.5AI Score
0.001EPSS
Cisco NX-OS Software Link Layer Discovery Protocol DoS (cisco-sa-nxos-lldp-dos-z7PncTgt)
According to its self-reported version, Cisco NX-OS System Software is affected by a denial of service (DoS) vulnerability. The vulnerability lies in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software and could allow an unauthenticated, adjacent attacker to cause a denial of.....
6.6CVSS
6.6AI Score
0.0004EPSS
Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific...
7.2AI Score
0.0004EPSS
Multiple Siemens Products Communication Channel Source Verification Error Vulnerability
The SIMATIC CP 343-1 is a communication processor (CP) that provides Ethernet communication for the SIMATIC S7-300 cpu. SIPLUS Extreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS....
7.5CVSS
7AI Score
0.0005EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.7AI Score
0.033EPSS
Siemens SCALANCE SC-600 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.1CVSS
7.8AI Score
0.002EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.8AI Score
0.002EPSS
GLSA-202402-07 : Xen: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202402-07 (Xen: Multiple Vulnerabilities) grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain...
8.8CVSS
7.8AI Score
EPSS
Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)
A vulnerability was found in Moby (Docker Engine) where the data directory (typically /var/lib/docker) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...
6.3CVSS
6.5AI Score
0.0005EPSS
Siemens SCALANCE LPE9403 Allocation of Resources Without Limits or Throttling (CVE-2021-39293)
The fix for CVE-2021-33196 can be bypassed by crafted inputs. As a result, the NewReader and OpenReader functions in archive/zip can still cause a panic or an unrecoverable fatal error when reading an archive that claims to contain a large number of files, regardless of its actual size. This...
7.5CVSS
7.8AI Score
0.003EPSS
Siemens SCALANCE LPE9403 Path Traversal (CVE-2021-41103)
A vulnerability was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended...
7.8CVSS
7.7AI Score
0.0004EPSS
Siemens SCALANCE LPE9403 Improper Preservation of Permissions (CVE-2021-41089)
A vulnerability was found in Moby (Docker Engine) where attempting to copy files using 'docker cp' into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be...
6.3CVSS
6.8AI Score
0.0005EPSS
Siemens SCALANCE LPE9403 Path Traversal (CVE-2020-27304)
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled...
9.8CVSS
9.6AI Score
0.003EPSS
Siemens SCALANCE LPE9403 Allocation of Resources Without Limits or Throttling (CVE-2021-33910)
The use of alloca function with an uncontrolled size in function unit_name_path_escape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. This plugin only works with Tenable.ot. Please visit.....
5.5CVSS
6AI Score
0.0004EPSS
Siemens SCALANCE LPE9403 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-41092)
A vulnerability was found in the Docker CLI where running 'docker login my-private-registry.example.com' with a misconfigured configuration file (typically ~/.docker/config.json) listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...
7.5CVSS
7.5AI Score
0.001EPSS
Siemens SCALANCE LPE9403 Improper Initialization (CVE-2021-20317)
A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. This plugin only works with...
4.4CVSS
6.3AI Score
0.0004EPSS
Siemens SCALANCE OpenSSL NULL Pointer Dereference (CVE-2023-0216)
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS...
7.5CVSS
7.5AI Score
0.001EPSS
Siemens SCALANCE OpenSSL NULL Pointer Dereference (CVE-2023-0217)
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could.....
7.5CVSS
7.4AI Score
0.001EPSS
Siemens SCALANCE OpenSSL Allocation of Resources Without Limits or Throttling (CVE-2023-2650)
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...
6.5CVSS
7.2AI Score
0.001EPSS
Siemens SCALANCE OpenSSL Out-of-bounds Read (CVE-2022-4203)
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate.....
4.9CVSS
6.7AI Score
0.001EPSS
Siemens SCALANCE OpenSSL NULL Pointer Dereference (CVE-2023-0401)
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail....
7.5CVSS
7.6AI Score
0.004EPSS
Siemens SCALANCE OS Command Injection (CVE-2023-49692)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2.2), SCALANCE M804PB (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M812-1 ADSL- Router (Annex B...
7.2CVSS
6.9AI Score
0.0005EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
9.1CVSS
9.1AI Score
0.002EPSS
Siemens SCALANCE Use of Weak Hash (CVE-2023-44319)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
4.9CVSS
7.1AI Score
0.001EPSS
Siemens SCALANCE Use of Hard-coded Cryptographic Key (CVE-2023-44318)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
4.9CVSS
5.9AI Score
0.001EPSS
Siemens SCALANCE Uncontrolled Resource Consumption (CVE-2023-44321)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
6.5CVSS
6.9AI Score
0.001EPSS
Siemens SCALANCE Missing Cryptographic Step (CVE-2023-44320)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
4.3CVSS
6.8AI Score
0.001EPSS
Siemens SCALANCE Acceptance of Extraneous Untrusted Data With Trusted Data (CVE-2023-44317)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
7.2CVSS
7.5AI Score
0.001EPSS
Siemens SCALANCE Unchecked Return Value (CVE-2023-44322)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
5.9CVSS
7.5AI Score
0.001EPSS
Siemens SCALANCE Unsynchronized Access to Shared Data in a Multithreaded Context (CVE-2023-44374)
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...
8.8CVSS
9.1AI Score
0.001EPSS
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11479)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. An attacker with network access to affected products could cause a denial of service condition because of a vulnerability in the TCP retransmission queue implementation kernel when handling TCP...
7.5CVSS
7.5AI Score
0.974EPSS
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11477)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The kernel used in some products is affected by an integer overflow when handling TCP Selective Acknowledgements. A remote attacker could use this to cause a denial of service. This plugin only...
7.5CVSS
7.7AI Score
0.974EPSS
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment (SACK) sequences to affected products. This plugin only works with Tenable.ot....
7.5CVSS
7.6AI Score
0.974EPSS
Siemens Industrial Products Excessive Data Query Operations in a Large Data Table (CVE-2019-8460)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensi...
7.5CVSS
7.7AI Score
0.974EPSS
Siemens SCALANCE W1750D Devices Inadequate Encryption Strength (CVE-2022-4304)
A vulnerability exists in the OpenSSL that affects SCALANCE W1750D device. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an...
5.9CVSS
7AI Score
0.002EPSS
Siemens SCALANCE W1750D Devices Double Free (CVE-2022-4450)
A vulnerability exists in the OpenSSL that affects SCALANCE W1750D device. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g. 'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out', 'header' and 'data'...
7.5CVSS
8.1AI Score
0.001EPSS
Siemens SCALANCE W1750D Devices Improper Input Validation (CVE-2023-0286)
A vulnerability exists in the OpenSSL that affects SCALANCE W1750D device. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an...
7.4CVSS
7.7AI Score
0.003EPSS
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.2CVSS
8AI Score
0.001EPSS
Siemens RUGGEDCOM and SCALANCE M-800/S615 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.1CVSS
7.7AI Score
0.002EPSS
Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the system via a malicious local administrator...
7.2CVSS
7.3AI Score
0.0005EPSS
Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the...
7.2CVSS
7.6AI Score
0.0004EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A)...
6.7CVSS
0.0005EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A)...
7.2CVSS
6.5AI Score
0.0005EPSS