Siemens SCALANCE W1750D (Update A)
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Improper Restriction of Operations Within the Bounds of a Memory Buffer, Command Injection, Path Traversal 2. UPDATE INFORMATION This updated...
9.8CVSS
8.8AI Score
0.006EPSS
CISA Releases Twenty-Five Industrial Control Systems Advisories
CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...
0.7AI Score
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...
6.1CVSS
0.001EPSS
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...
6.1CVSS
5.8AI Score
0.001EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B)...
8.6CVSS
0.002EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B)...
8.6CVSS
8.2AI Score
0.002EPSS
Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their...
8.8CVSS
8.8AI Score
0.001EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B)...
8.6CVSS
8.3AI Score
0.002EPSS
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...
6.1CVSS
5.8AI Score
0.001EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B)...
8.6CVSS
8.5AI Score
0.002EPSS
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...
6.1AI Score
0.001EPSS
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...
4.9CVSS
4.9AI Score
0.001EPSS
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser....
6.1CVSS
5.9AI Score
0.001EPSS
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x:....
7.8CVSS
7.7AI Score
0.0004EPSS
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...
6.5CVSS
6.4AI Score
0.001EPSS
A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a...
5.4CVSS
5.3AI Score
0.001EPSS
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS.....
9.8CVSS
10AI Score
0.002EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.006EPSS
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS.....
9.8CVSS
10AI Score
0.002EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.006EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.006EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.006EPSS
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.005EPSS
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET...
7.9AI Score
0.004EPSS
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before 4.5.4 allows remote attackers to bypass authentication and execute arbitrary code via a (1) SSH or (2) TELNET...
8.2AI Score
0.004EPSS
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust...
6.9AI Score
0.002EPSS
Siemens Scalance W7xx devices with firmware before 4.5.4 use the same hardcoded X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust...
6.7AI Score
0.002EPSS
CISA Releases Eleven Industrial Control Systems Advisories
CISA has released eleven (11) Industrial Control Systems (ICS) advisories on September 15, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...
1.3AI Score
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5.5)
The version of AOS installed on the remote host is prior to 5.15.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5.5 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE...
9.8CVSS
8.5AI Score
0.067EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.6)
The version of AOS installed on the remote host is prior to 5.15.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.6 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...
9.8CVSS
9.8AI Score
0.97EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.7)
The version of AOS installed on the remote host is prior to 5.15.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.7 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...
9.8CVSS
8.5AI Score
0.067EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.1)
The version of AOS installed on the remote host is prior to 6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.1 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...
10CVSS
10AI Score
0.976EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0)
The version of AOS installed on the remote host is prior to 6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...
9.8CVSS
9.8AI Score
0.976EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20)
The version of AOS installed on the remote host is prior to 5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20 advisory. Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component:...
9.8CVSS
8.8AI Score
0.976EPSS
Siemens Linux-based Products (Update J)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.4CVSS
7.8AI Score
0.003EPSS
Siemens Industrial Devices using libcurl (Update B)
EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-132-13 Siemens Industrial Devices using...
8.1CVSS
8.2AI Score
0.1EPSS
Siemens OpenSSL Vulnerabilities in Industrial Products (Update B)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
5.9CVSS
7.2AI Score
0.005EPSS
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root...
9.1CVSS
9AI Score
0.002EPSS
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the...
7.5CVSS
7.6AI Score
0.002EPSS
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based...
6.8CVSS
5.2AI Score
0.001EPSS
Siemens SCALANCE products have unspecified vulnerabilities
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks (e.g. GPRS or UMTS) with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices....
3.9AI Score
0.002EPSS
Siemens SCALANCE product has an unspecified vulnerability (CNVD-2022-56474)
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks (e.g. GPRS or UMTS) with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices....
3.4AI Score
0.001EPSS
Siemens SCALANCE product command injection vulnerability
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks (e.g. GPRS or UMTS) with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices....
3.3AI Score
0.002EPSS
Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26648)
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All...
8.2CVSS
8.3AI Score
0.001EPSS
Siemens SCALANCE X Switch Devices Buffer Copy Without Checking Size of Input (CVE-2022-26649)
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All...
9.6CVSS
9.4AI Score
0.001EPSS
Siemens SCALANCE X Switch Devices Use of Insufficiently Random Values (CVE-2022-26647)
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All...
8.8CVSS
8.8AI Score
0.003EPSS
Siemens VxWorks-based Industrial Products (Update C)
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Wind River VxWorks-based Industrial Products Vulnerability: Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
9.8CVSS
9.9AI Score
0.006EPSS
Siemens SCALANCE X Switch Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.6CVSS
9.2AI Score
0.003EPSS
EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE X Vulnerability: Expected Behavior Violation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-085-01 Siemens SCALANCE X (Update C) that was...
9.1CVSS
9.2AI Score
0.002EPSS
Siemens SCALANCE X Switches has an unspecified vulnerability
A security vulnerability exists in Siemens SCALANCE X Switches, an industrial Ethernet switch product from Siemens, Germany, which could be exploited by a remote, unauthenticated attacker to brute-force session IDs and hijack existing...
2.9AI Score