Sinumerik One Firmware Security Vulnerabilities
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
7.5CVSS
7.2AI Score
0.006EPSS
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physi...
6.8CVSS
6.8AI Score
0.001EPSS
A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc cou...
7.8CVSS
7.8AI Score
0.0004EPSS
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.
6.5CVSS
4.6AI Score
0.001EPSS
Affected devices improperly handle specially crafted packets sent to port 102/tcp.This could allow an attacker to create a denial of service condition. A restart is needed to restorenormal operations.
7.5CVSS
7.4AI Score
0.001EPSS