A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...
6AI Score
0.001EPSS
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
9.2AI Score
0.002EPSS
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200R...
8.9AI Score
0.004EPSS
Siemens Web Server of SCALANCE X200 Stack-Based Buffer Overflow (CVE-2021-25669)
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions <...
9.7AI Score
0.006EPSS
Siemens SCALANCE X-300 Switches Stack-Based Buffer Overflow (CVE-2022-25753)
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
9AI Score
0.002EPSS
Siemens SCALANCE Allocation of Resources Without Limits or Throttling (CVE-2022-36324)
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. This plugin only works with Tenable.ot. Please...
7.9AI Score
0.002EPSS
Siemens SCALANCE Improper Neutralization of Script-Related HTML Tags in a Web Page (CVE-2022-36325)
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. This plugin only works with Tenable.ot. Please visit...
5.7AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
6.1AI Score
0.001EPSS
(RHSA-2023:0334) Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915:...
8.2AI Score
0.002EPSS
kernel security and bug fix update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
7.8CVSS
8.2AI Score
0.002EPSS
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915:...
7.8CVSS
7.7AI Score
0.002EPSS
kernel security and bug fix update
An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux....
7.8CVSS
8.2AI Score
0.002EPSS
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915:...
7.8CVSS
7.7AI Score
0.002EPSS
libvirt bug fix and enhancement update
An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...
1.3AI Score
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect...
7.8CVSS
8.2AI Score
0.002EPSS
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect...
7.8CVSS
7.7AI Score
0.002EPSS
Siemens Industrial Real-Time (IRT) Devices (Update F)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.7AI Score
0.001EPSS
Siemens OpenSSL Affected Industrial Products (Update E)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
8.3AI Score
0.013EPSS
Siemens SCALANCE and RUGGEDCOM Products (Update B)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.8CVSS
8.9AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.1CVSS
8.2AI Score
0.002EPSS
Siemens TCP Event Service of SCALANCE And RUGGEDCOM Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.6CVSS
8.8AI Score
0.002EPSS
Siemens S7-1500 CPU devices have an unspecified vulnerability
SIMATIC drive controllers are designed for the automation of production machines and combine the functionality of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global...
6.8CVSS
2AI Score
0.001EPSS
kernel security and bug fix update
An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux....
7.8CVSS
8.1AI Score
0.0004EPSS
kernel security and bug fix update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....
7.8CVSS
8.1AI Score
0.0004EPSS
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...
7.8CVSS
7.8AI Score
0.0004EPSS
(RHSA-2023:0101) Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...
-0.1AI Score
0.0004EPSS
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...
7.8CVSS
7.8AI Score
0.0004EPSS
(RHSA-2023:0099) Moderate: virt:rhel and virt-devel:rhel security and bug fix update
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....
0.4AI Score
0.0004EPSS
Moderate: virt:rhel and virt-devel:rhel security and bug fix update
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting...
6.5CVSS
6.7AI Score
0.0004EPSS
virt:rhel and virt-devel:rhel security and bug fix update
An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System...
6.5CVSS
6.8AI Score
0.0004EPSS
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...
7.8CVSS
7.8AI Score
0.0004EPSS
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...
7.8CVSS
8.2AI Score
0.0004EPSS
Moderate: virt:rhel and virt-devel:rhel security and bug fix update
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....
6.5CVSS
6.9AI Score
0.0004EPSS
Moderate: virt:rhel and virt-devel:rhel security and bug fix update
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....
6.5CVSS
6.8AI Score
0.0004EPSS
Siemens SCALANCE X-200RNA Switch Devices
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Siemens Equipment: SCALANCE X-200RNA switch devices before V3.2.7 Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations...
9.8CVSS
9.9AI Score
0.974EPSS
Siemens SCALANCE X Switches (Update C)
EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X200, X200IRT, X300 Vulnerabilities: Use of Hard-coded Cryptographic Key 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
5.9CVSS
6.3AI Score
0.001EPSS
Siemens SCALANCE X Switches (Update B)
EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE X switches Vulnerabilities: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-163-02 Siemens SCALANCE X Switches that was...
6.1CVSS
6AI Score
0.001EPSS
Siemens SCALANCE SC-600 Family
EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE SC-600 Family Vulnerability: Out-of-bounds Write, Use After Free, Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...
7.8CVSS
9.2AI Score
EPSS
Siemens SCALANCE X Switches (Update C)
EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Protection Mechanism Failure 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-07 Siemens...
5.4CVSS
5.3AI Score
0.001EPSS
Siemens SCALANCE X Switches (Update B)
EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
8.6CVSS
8.8AI Score
0.001EPSS
Siemens Multiple Vulnerabilities in SCALANCE Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.6CVSS
7.6AI Score
0.001EPSS
Siemens SCALANCE X-200RNA Switch Devices
EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS), Uncontrolled Resource Consumption, Use of...
9.8CVSS
7.1AI Score
0.003EPSS
Siemens Products affected by OpenSSL 3.0
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
8.8AI Score
0.116EPSS
CISA Releases Forty-One Industrial Control Systems Advisories
CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...
0.6AI Score
Siemens SCALANCE X-200RNA Switch Devices Improper Access Control Vulnerability
The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to a specific security header missing from the affected device's web server....
2.2AI Score
0.001EPSS
Siemens Industrial Product Denial of Service Vulnerability
SIMATIC Drive Controllers for the automation of production machines combine the functions of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller and includes optional visualization and central I/O in...
7.5CVSS
7.2AI Score
0.001EPSS
Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87982)
SIMATIC Drive Controllers for the automation of production machines combine the functions of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller and includes optional visualization and central I/O in...
7.5CVSS
2AI Score
0.001EPSS
Siemens SCALANCE X-200RNA Switch Devices has an unspecified vulnerability
The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to the web server of the affected device calculating session IDs and random...
2.2AI Score
0.003EPSS
Siemens SCALANCE X-200RNA Switch Devices Cross-Site Scripting Vulnerability
The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A cross-site scripting vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which can be exploited by attackers to trigger malicious requests on.....
6.1CVSS
3.6AI Score
0.001EPSS
The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.An uncontrolled resource consumption vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which can be exploited by an attacker to cause a denial....
5.5CVSS
3AI Score
0.0004EPSS