1381 matches found
Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25789)
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting a modified firmware file. This would result in malicious JavaScript execution in the context of the authenticated user's...
Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25787)
Affected devices do not properly validate and sanitize Technology Object TO name rendered on the 'Motion Control Diagnostics' page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...
Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25786)
Affected devices do not properly validate and sanitize PLC/station name rendered on the 'communication' parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...
Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28390)
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...
Siemens SIMATIC S7-1500 Incorrect Resource Transfer Between Spheres (CVE-2026-31431)
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...
Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
GitLab 17.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-1500)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...
Exploit for Uncontrolled Resource Consumption in Siemens Simatic_S7-1500_Cpu_1518F-4_Pn\/Dp_Mfp_Firmware
CVE-2023-44487 — HTTP/2 Rapid Reset Test Lab Educational envi...
Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (CVE-2025-40943)
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right Read diagnostics, to import a specially crafted trace file. The malicious trace file is insufficiently sanitized...
Siemens SIMATIC S7-1500 Improper Input Validation(CVE-2025-38457)
In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...
Siemens SIMATIC S7-1500 Concurrent Execution using Shared Resource with Improper Synchronization (CVE-2025-38083)
In the Linux kernel, the following vulnerability has been resolved: netsched: prio: fix a race in priotune Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeflushbacklog 3: unlock root | ...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38430)
In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4spomustallow must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure...
Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-38364)
In the Linux kernel, the following vulnerability has been resolved: mapletree: fix MASTATEPREALLOC flag in maspreallocate Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through masnodecountgfp, but...
Siemens SIMATIC S7-1500 NULL Pointer Dereference(CVE-2025-38215)
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in doregisterframebuffer fails to allocate memory for fbvideomode, it will later lead to a null-ptr dereference in fbvideomodetovar,...
Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2025-38285)
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix WARN in getbpfrawtpregs syzkaller reported an issue: WARNING: CPU: 3 PID: 5971 at kernel/trace/bpftrace.c:1861 getbpfrawtpregs+0xa4/0x100 kernel/trace/bpftrace.c:1861 Modules linked in: CPU: 3 UID: 0 PID: 5971 Comm:...
Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2025-38222)
"In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4prepareinlinedata When running the following code on an ext4 filesystem with inlinedata feature enabled, it will lead to the bug below. fd = openfile1, ORDWR | OCREAT | OTRUNC, 0666...
Siemens SIMATIC S7-1500 Sensitive Cookie Without 'HttpOnly' Flag (CVE-2025-38477)
In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...
Siemens SIMATIC S7-1500 Divide By Zero (CVE-2025-38312)
In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod In fbfindmodecvt, iff mode-refresh somehow happens to be 0x80000000, cvt.frefresh will become 0 when multiplying it by 2 due to overflow. It's then passed to fbcvthperiod,...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38466)
In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAPSYSADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but d...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38063)
In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQPREFLUSH When a bio with REQPREFLUSH is submitted to dm, sendemptyflush generates a flushbio with REQOPWRITE | REQPREFLUSH | REQSYNC, which causes the flushbio to be throttled by...