Lucene search

K

SINUMERIK ONE Security Vulnerabilities

cve
cve

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 04:15 PM
30
cve
cve

CVE-2023-46156

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal...

7.5CVSS

7.4AI Score

0.001EPSS

2023-12-12 12:15 PM
60
cve
cve

CVE-2023-28831

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...

7.5CVSS

7.5AI Score

0.001EPSS

2023-09-12 10:15 AM
96
cve
cve

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery...

6.5CVSS

4.6AI Score

0.001EPSS

2022-11-08 11:15 AM
67
2
cve
cve

CVE-2022-38465

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-120...

9.3CVSS

8AI Score

0.0004EPSS

2022-10-11 11:15 AM
49
9
cve
cve

CVE-2022-24408

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc cou...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-03-08 12:15 PM
65
cve
cve

CVE-2020-15782

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-120...

9.8CVSS

9.5AI Score

0.005EPSS

2021-05-28 04:15 PM
193
14
cve
cve

CVE-2020-27827

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system...

7.5CVSS

7.2AI Score

0.006EPSS

2021-03-18 05:15 PM
367
3
cve
cve

CVE-2020-8745

Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via...

6.8CVSS

6.8AI Score

0.001EPSS

2020-11-12 06:15 PM
57
2
cve
cve

CVE-2020-7580

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0...

6.7CVSS

6.7AI Score

0.0004EPSS

2020-06-10 05:15 PM
54
1
cve
cve

CVE-2019-8272

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision...

9.8CVSS

9.7AI Score

0.009EPSS

2019-03-08 11:29 PM
22
cve
cve

CVE-2019-8268

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been...

9.8CVSS

9.8AI Score

0.009EPSS

2019-03-08 11:29 PM
28
cve
cve

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store....

5.5CVSS

5.9AI Score

0.003EPSS

2018-05-22 12:29 PM
538
In Wild
2